KeePassX: Keeping Your Passwords Safe
Advanced Use: Cloud-Based Database File Storage and Smartphone Access
One popular advanced use for KeePassX is to keep a password database stored in an on-line storage medium, such as Dropbox. Besides serving as a means of database backup, this also lets you access and update a password file from any number of devices, including smartphones. This is done using KeePassX's sibling versions for various smartphone OSes, including the version I use here, KeePassDroid for Android smartphones. (Instructions should be similar for those with iOS, Windows or BlackBerry smartphones.)
Figure 7. A Dropbox Directory, Containing a Password Database
To start, access (or create if you don't have one) your Dropbox account. Then, move the database file to your Dropbox directory (Figure 7). Next, open KeePassX and select File→Open Database (or Open Database from the toolbar). Select the database file from your Dropbox folder, and then enter your master password and use KeePassX as usual.
To set up your Android smartphone to access the password database, install KeePassDroid (and, if not already installed, the Android Dropbox app) from the Android Market. Next, launch Dropbox, and select the database file. KeePassDroid then launches and opens the file, displaying a master password entry box. After entering the master password, a smartphone-friendly interface showing the various password groups will be displayed. Functions are available for going to an entered URL, as well as copying and pasting a user name and password. Entering or modifying user names and/or passwords also is offered by KeePassDroid, which will update the database file stored on Dropbox (and, of course, allow you to access the new information from KeePassX on a desktop).
As shown previously, this allows KeePassX to have some of the functionality of an on-line password manager, while maintaining the advantages of being desktop-based. Although I've not tried it, this method should be similar (available smartphone app permitting) for other cloud-based storage systems, such as Ubuntu One (which also has an Android app available).
KeePassX offers two types of 256-bit encryption: AES and Twofish. The type of encryption used may be changed by accessing File→Database Settings. AES is the default, and although Twofish may be used, it's compatible only with KeePassX's version 1.x database format. Therefore, it's probably best to leave this option as the default.
Instead of a master password, a database can be opened using a key file. A key file is a file that stores data (such as a master password or random data), and it is stored elsewhere (on the same hard drive, on a USB drive and so on). One advantage of a key file instead of a master password is that an actual file is required to open the database. Because the key file can be stored elsewhere (such as on a separate USB drive), this also serves as a security option. Another advantage is that a key file may contain lengthy or complex data. However, one downside is that anyone who finds the key file can open the database, similar to somebody that discovers the master password. Also, if the key file is lost (or damaged, deleted or anything similar) or if any information in the file is changed, opening the database will be impossible.
For extra security, both a master password and a key file may be required for accessing a database.
To use a key file, under File→Change Master Key (or in the Set Master Key window, if initially creating a database), select the key file check box. If a desired key file doesn't already exist, select Generate Key File to create one, then select a name and storage location for the file. To open the database using a key file, select the check box next to key file (and the check box next to password too if required), and click Browse. Browse to wherever the key file is stored, select it, then select OK to open the database.
Differences between KeePassX and LastPass
Another popular password manager is LastPass. Unlike KeePassX, LastPass is proprietary instead of open source, and it relies on a cloud-based solution (storing encrypted password information on-line). LastPass comes as a plugin for most browsers and is compatible with Linux. Similar features to KeePassX include password generation and an ability to fill in login information for Web sites. However, some advanced features, including support for smartphones and removing advertising, requires upgrading to a $12/year "premium" version. LastPass also requires Internet access for its full cloud-based use, which might be an issue for some.
KeePassX is a very useful and valuable password manager. Its storage capabilities and strong password generator have helped me greatly improve my on-line security over my former password-tracking methods. KeePassX's cross-platform compatibility also provides versatility in conjunction with its sibling application KeePassDroid. Although there are other good password managers, KeePassX in particular is worth trying.
KeePassX FAQ: http://www.keepassx.org/faq
- New Products
- Users, Permissions and Multitenant Sites
- Flexible Access Control with Squid Proxy
- Security in Three Ds: Detect, Decide and Deny
- High-Availability Storage with HA-LVM
- Tighten Up SSH
- DevOps: Everything You Need to Know
- Solving ODEs on Linux
- Non-Linux FOSS: MenuMeters
- Not So Dynamic Updates