KeePassX: Keeping Your Passwords Safe

For a long time, my password tracking system was quite simplistic: hope I remembered the right passwords for each site or record them in an ordinary word-processor document. Such methods obviously have great flaws. I might have a hard time remembering a password for an infrequently used site, and a word-processor document isn't the most secure place to store passwords. Such a system also tends to promote either too-simplistic passwords or recycling the same password across Web sites (both being easier to remember). For these and other reasons, I decided using a password manager would make my digital life a lot easier.

A password manager is a program that stores passwords. The stored passwords usually are encrypted for security purposes. Password managers can be either desktop-based (the password data stored in an encrypted database file on a hard drive), portable (similar to the desktop version, but stored on a smartphone or similar device) or on-line (data stored in an encrypted form on a trusted third-party Web site). Besides the increased security (over writing down passwords on a piece of paper or within an unencrypted text document, or resorting to memory), password managers also allow for more complex (thus, harder to guess/break) passwords to be created and stored. After some research, I decided to use KeePassX as my password manager of choice.

General Features

KeePassX is a multiplatform, open-source password manager. Unlike some password managers, KeePassX is desktop-based, which has its advantages and disadvantages. However, KeePassX can be used along with an on-line storage system, such as Dropbox (I discuss how to do that later in this article).

KeePassX comes with various features, including the ability to import and export passwords, search functionality, organize passwords/user names within predefined categories and a secure password generator. KeePassX also comes with a limited AutoType feature, or the ability to enter user name and/or password information automatically on a Web page from an entry.

Password information is stored in an encrypted 256-bit database file, which is compatible with other platforms' versions of KeePassX (including KeePassDroid for Android smartphones, KeePass for Windows and so on). However, for compatibility, password files created by other versions must be stored in the older (version 1.x) format that KeePassX uses, versus the current (at the time of this writing) 2.x version, although work is being done to allow a future version of KeePassX to use the newer format.

Setup and Basic Usage

KeePassX is available in many repositories; thus, installation should follow standard procedures for your distro of choice.

Upon initial launch, KeePassX prompts the user to create a new database. As shown in Figure 1, the Set Master Key box will be displayed, asking one (by default) to create a master password for the database. You should choose a strong master password. An alternate option is to use a key file instead of or in addition to a password (more on key file usage later). For most of this article, however, I use only a master password for my examples.

Figure 1. The Set Master Key Box

After creating the password, the default main window (Figure 2) appears, displaying (in menus and a toolbar) most of KeePassX's features. The menus consist of File (importing and exporting database formats, saving changes to databases and so on); Entries (adding, deleting and making changes to entries, as well as copying entry information to the clipboard); Groups (organizing entry information into various categories); View (toolbar/entry information display settings); Extras (settings for KeePassX itself, as well as the password generator); and Help (links to KeePassX's Web site, FAQ list and so on).

Figure 2. The Main KeePassX Window

By default, two groups are created in a new database: Internet and Email. To create a new category, choose Groups→Add New Group, then enter the name of the new group in the Group Properties window that appears. You also can choose an icon for the new group from the pop-up menu. After finishing, select OK. The new category will appear in the left-hand pane.

To enter a new password and/or user name into KeePassX, select a category from the left-hand pane for the new password, then either select Entries→Add New Entry or choose Add New Entry from the toolbar. A New Entry window appears (Figure 3), allowing you to enter password and user name information, along with any other needed information. Additional information you can enter includes Title (a name for the entry); Username; Password; Repeat (enter the same password twice for verification); Comment (to enter comments about the entry); Expires (set an optional expiration date for the password); Attachment (attach a file to the entry); and Tools (a pop-up menu). A quality progress bar also is included under the password section, indicating the password's relative strength.

Figure 3. The New Entry Window for Entering New User Names and Passwords

The Tools pop-up menu contains two options:

  • AutoType: Customize sequence—customize the sequence of password/user name information entered into forms.

  • AutoType: Select target window—select which application or browser window to enter password/user name information.

For extra security, the password can be shown or hidden (displaying asterisks) by clicking the eye icon next to the password entry boxes.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Re - KeePassX: Keeping Your Passwords Safe

Logo Design's picture

Thanks a lot for sharing info about this precious software. I was always looking for a software like this, so that I am easily able to safe my passwords.

Thanks for pointing me to

DavidSoluri's picture

Thanks for pointing me to KeePassX. I was using the same 2-3 password for all my logins, because I just can't remember a different one for each site/service. Using the same pass over and over again obviously is a bad idea, KeePassX solved this problem for me. Bilder-Shop

Lastpass not on all platforms

Anonymous's picture

Finally, LastPass is a good competitor but I find the plugin does not work for my Firefox 9.0.1 on FreeBSD. "Platform not supported".

Lastpass is a browser plugin, which seems to be different from KeePassX, I don't know if there's much to choose between the two if you're on Linux, but as a FreeBSD user I now conclude KeePassX is the definitive choice out of the three.

No plugins is good

Anonymous's picture

At the risk of going on and on as I discover more by pieces, it seems KeePass also suports plugins, which is another reason why you might prefer KeePassX.

KeePassX doesn't expose itself to new and unknown code through a plugins interface: it hasn't got one. That should keep the blighters out :-)

Ok, so THAT'S what "Mono" is

Anonymous's picture

So after some additional research http://blog.pepita.org/?p=359

I found out that "Mono" is a Dot Net emulation layer http://www.mono-project.com

So for those of us who would rather not have this additional bloat living on our systems KeePassX may be preferable. Presumably that's why KeePassX came to be.

I imagine, though I'm not sure, that there may be additional security risk with a system that's binary compatible with Dot Net.

Why not KeePass

Anonymous's picture

I don't get it. It seems that KeePass is the same as KeePassX except KeePassX can't use (presumably more advanced) version 2 file format of KeePass.

So KeePass is better? So what if it requires "Mono"?

I don't understand why I wouldn't use KeePass.

now i get it (sort of)

Bluff Taylor's picture

I think I understand. Keepassx is a place to store passwords. You open it with a single password, then copy and paste username to a website. Then come back to Keepassx, copy and paste the password to the website, and log in.

This, as far as I can tell, is identical to keeping all my passwords in pwrds.txt, where they are now. One password opens the file, and reveals all my passwords. Any thief who finds that one password has access to all of them.

This seems like a lot of hullabaloo for nothing. Of course I'm wrong. Why would all of you be using something like this if there's not some benefit to it? I'd be grateful for an explanation.

BT

The nice thing about keypassx

bourne's picture

The nice thing about keypassx is that the password information is encrypted and offers a nice management interface with lots of options. your right though that if someone learns the master password then they get access to all your passwords. Hopefully though that doesn't happen

KeepassX

Anonymous's picture

Being that I have, at last count, over 300 passwords. When I started using KeepPass years ago I found the auto-type to be clumsy and it put wrong things in wrong fields unless I directed it with a ctl-V. Here's a blog entry I wrote back in 2008 on passwords and keepass
http://rdksoftware.com/using-secure-passwords

Five years later and a lot has changed online. For one thing I'm using KeepassX instead of Keepass. You remember those earth tremors last year when my Windows machine bricked and my habits changed.

I use keypass/keypassx and

bourne's picture

I use keypass/keypassx and have for the past few years. I also combined it with dropbox and it works like a charm. It's gotten me out of a few tough situations. Good article! Definitely recommend this setup.

Excellent tips for password management!

DanielAndersonABS's picture

Excellent tips for password management! I tend to store my carefully crafted passwords on Word or Excel spreadsheets. However this gives me a great sustainable tool without compromising on security levels. I use Dropbox frequently for work and personal use, and it's definitely a nice touch to see that KeyPassX is integrated with Dropbox as a feature.

RE:

tehmasp's picture

I use KeePassX - it is pretty good.

I also use LastPass and for certain things that I don't want in the cloud I keep it in a text file in a TrueCrypt volume - the volume is small enough and secure enough (at least for my simple reasons) that I don't mind backing it up to my Dropbox and Google Drive services.

Thanks for sharing!

Cheers,

KeePassX

Anonymous's picture

I've been using it for years and never had it let me down once. I therefore agree with the author: KeePassX is worth trying.

I tried it, then quickly quit using it

Anonymous's picture

I looked into KeePassX, and liked it. I set it up, stored all of my passwords in it, and apparently there was some kind of save option that I wasn't aware of, because after a restart it had saved NONE of my entries. I had put probably 20 items in there, and they were all gone. I've never run it since.

Or not?

Anonymous's picture

It asks you to save the database when you quit, how could you miss it?

keepassX with keepasshttp

Anonymous's picture

When will keepassx have something like keepasshttp? I have keepassx saved in Dropbox but it would be more updated if the browser itself interfaces with it.

fpm

Trenton's picture

After reading the article I think I'll just keep using Figaro Password Manager (fpm). It is simple and I like it.

I use the original KeyPass,

Leb's picture

I use the original KeyPass, but I also use a system for coming up with easy to remember and secure passwords. I use an easy to remember phrase and create an acronym of that phrase for the password. As part of the phrase I incorporate the domain of the particular site, so that the password is different for most sites. I also make sure there is at least one occurrence of the word "For" or "To" and one occurrence of the word "And", substituting them with "4", "2", and "&" respectively. For example:
My password For Linux Journal dot Com That is Easy To Remember And Secure!
Mpw4LJdCTiE2R&S!
Using the same template for Amazon dot Com:
Mpw4AdCTiE2R&S!
For getting to email accounts, incorporate the address along with the domain. For john.doe@gmail.com:
Mpw4JD@GMdCTiE2R&S!

After about a week of using this on every site, typing the password becomes second nature. The only time this is a problem is with those sites that don't allow special characters in their passwords. For those sites, just change the "&" to "a" and leave off the "!", or maybe change it to "i". And be sure you have an entry in KeyPass for these exceptions.

KeePass instead of KeePassX?

Jan Christoph Ebersbach's picture

I was also using KeePassX when I discovered KeePass, the predecessor. KeePass has the advantage of a browser integration (KeePassHTTP) which I really like. It comes passes passwords directly into the browser session so I don't have copy&paste them. The downside is that it requires Mono.

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix