Loading
KeePassX: Keeping Your Passwords Safe
Advanced Use: Cloud-Based Database File Storage and Smartphone Access
One popular advanced use for KeePassX is to keep a password database stored in an on-line storage medium, such as Dropbox. Besides serving as a means of database backup, this also lets you access and update a password file from any number of devices, including smartphones. This is done using KeePassX's sibling versions for various smartphone OSes, including the version I use here, KeePassDroid for Android smartphones. (Instructions should be similar for those with iOS, Windows or BlackBerry smartphones.)
Figure 7. A Dropbox Directory, Containing a Password Database
To start, access (or create if you don't have one) your Dropbox account. Then, move the database file to your Dropbox directory (Figure 7). Next, open KeePassX and select File→Open Database (or Open Database from the toolbar). Select the database file from your Dropbox folder, and then enter your master password and use KeePassX as usual.
To set up your Android smartphone to access the password database, install KeePassDroid (and, if not already installed, the Android Dropbox app) from the Android Market. Next, launch Dropbox, and select the database file. KeePassDroid then launches and opens the file, displaying a master password entry box. After entering the master password, a smartphone-friendly interface showing the various password groups will be displayed. Functions are available for going to an entered URL, as well as copying and pasting a user name and password. Entering or modifying user names and/or passwords also is offered by KeePassDroid, which will update the database file stored on Dropbox (and, of course, allow you to access the new information from KeePassX on a desktop).
As shown previously, this allows KeePassX to have some of the functionality of an on-line password manager, while maintaining the advantages of being desktop-based. Although I've not tried it, this method should be similar (available smartphone app permitting) for other cloud-based storage systems, such as Ubuntu One (which also has an Android app available).
Encryption
KeePassX offers two types of 256-bit encryption: AES and Twofish. The type of encryption used may be changed by accessing File→Database Settings. AES is the default, and although Twofish may be used, it's compatible only with KeePassX's version 1.x database format. Therefore, it's probably best to leave this option as the default.
Key File
Instead of a master password, a database can be opened using a key file. A key file is a file that stores data (such as a master password or random data), and it is stored elsewhere (on the same hard drive, on a USB drive and so on). One advantage of a key file instead of a master password is that an actual file is required to open the database. Because the key file can be stored elsewhere (such as on a separate USB drive), this also serves as a security option. Another advantage is that a key file may contain lengthy or complex data. However, one downside is that anyone who finds the key file can open the database, similar to somebody that discovers the master password. Also, if the key file is lost (or damaged, deleted or anything similar) or if any information in the file is changed, opening the database will be impossible.
For extra security, both a master password and a key file may be required for accessing a database.
To use a key file, under File→Change Master Key (or in the Set Master Key window, if initially creating a database), select the key file check box. If a desired key file doesn't already exist, select Generate Key File to create one, then select a name and storage location for the file. To open the database using a key file, select the check box next to key file (and the check box next to password too if required), and click Browse. Browse to wherever the key file is stored, select it, then select OK to open the database.
Differences between KeePassX and LastPass
Another popular password manager is LastPass. Unlike KeePassX, LastPass is proprietary instead of open source, and it relies on a cloud-based solution (storing encrypted password information on-line). LastPass comes as a plugin for most browsers and is compatible with Linux. Similar features to KeePassX include password generation and an ability to fill in login information for Web sites. However, some advanced features, including support for smartphones and removing advertising, requires upgrading to a $12/year "premium" version. LastPass also requires Internet access for its full cloud-based use, which might be an issue for some.
Conclusion
KeePassX is a very useful and valuable password manager. Its storage capabilities and strong password generator have helped me greatly improve my on-line security over my former password-tracking methods. KeePassX's cross-platform compatibility also provides versatility in conjunction with its sibling application KeePassDroid. Although there are other good password managers, KeePassX in particular is worth trying.
Resources
KeePassX: http://www.keepassx.org
KeePassX FAQ: http://www.keepassx.org/faq
KeePassDroid: http://www.keepassdroid.com
LastPass: http://lastpass.com
- « first
- ‹ previous
- 1
- 2
- 3
______________________
Webcast
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- Dynamic DNS—an Object Lesson in Problem Solving
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Using Salt Stack and Vagrant for Drupal Development
- New Products
- RSS Feeds
- Validate an E-Mail Address with PHP, the Right Way
- A Topic for Discussion - Open Source Feature-Richness?
- Drupal Is a Framework: Why Everyone Needs to Understand This
- Readers' Choice Awards
- The Secret Password Is...
- All the articles you talked
55 min 57 sec ago - All the articles you talked
59 min 4 sec ago - All the articles you talked
1 hour 24 sec ago - myip
5 hours 25 min ago - Keeping track of IP address
7 hours 16 min ago - Roll your own dynamic dns
12 hours 29 min ago - Please correct the URL for Salt Stack's web site
15 hours 40 min ago - Android is Linux -- why no better inter-operation
17 hours 56 min ago - Connecting Android device to desktop Linux via USB
18 hours 24 min ago - Find new cell phone and tablet pc
19 hours 22 min ago
Comments
Re - KeePassX: Keeping Your Passwords Safe
Thanks a lot for sharing info about this precious software. I was always looking for a software like this, so that I am easily able to safe my passwords.
Thanks for pointing me to
Thanks for pointing me to KeePassX. I was using the same 2-3 password for all my logins, because I just can't remember a different one for each site/service. Using the same pass over and over again obviously is a bad idea, KeePassX solved this problem for me. Bilder-Shop
Lastpass not on all platforms
Finally, LastPass is a good competitor but I find the plugin does not work for my Firefox 9.0.1 on FreeBSD. "Platform not supported".
Lastpass is a browser plugin, which seems to be different from KeePassX, I don't know if there's much to choose between the two if you're on Linux, but as a FreeBSD user I now conclude KeePassX is the definitive choice out of the three.
No plugins is good
At the risk of going on and on as I discover more by pieces, it seems KeePass also suports plugins, which is another reason why you might prefer KeePassX.
KeePassX doesn't expose itself to new and unknown code through a plugins interface: it hasn't got one. That should keep the blighters out :-)
Ok, so THAT'S what "Mono" is
So after some additional research http://blog.pepita.org/?p=359
I found out that "Mono" is a Dot Net emulation layer http://www.mono-project.com
So for those of us who would rather not have this additional bloat living on our systems KeePassX may be preferable. Presumably that's why KeePassX came to be.
I imagine, though I'm not sure, that there may be additional security risk with a system that's binary compatible with Dot Net.
Why not KeePass
I don't get it. It seems that KeePass is the same as KeePassX except KeePassX can't use (presumably more advanced) version 2 file format of KeePass.
So KeePass is better? So what if it requires "Mono"?
I don't understand why I wouldn't use KeePass.
now i get it (sort of)
I think I understand. Keepassx is a place to store passwords. You open it with a single password, then copy and paste username to a website. Then come back to Keepassx, copy and paste the password to the website, and log in.
This, as far as I can tell, is identical to keeping all my passwords in pwrds.txt, where they are now. One password opens the file, and reveals all my passwords. Any thief who finds that one password has access to all of them.
This seems like a lot of hullabaloo for nothing. Of course I'm wrong. Why would all of you be using something like this if there's not some benefit to it? I'd be grateful for an explanation.
BT
The nice thing about keypassx
The nice thing about keypassx is that the password information is encrypted and offers a nice management interface with lots of options. your right though that if someone learns the master password then they get access to all your passwords. Hopefully though that doesn't happen
KeepassX
Being that I have, at last count, over 300 passwords. When I started using KeepPass years ago I found the auto-type to be clumsy and it put wrong things in wrong fields unless I directed it with a ctl-V. Here's a blog entry I wrote back in 2008 on passwords and keepass
http://rdksoftware.com/using-secure-passwords
Five years later and a lot has changed online. For one thing I'm using KeepassX instead of Keepass. You remember those earth tremors last year when my Windows machine bricked and my habits changed.
I use keypass/keypassx and
I use keypass/keypassx and have for the past few years. I also combined it with dropbox and it works like a charm. It's gotten me out of a few tough situations. Good article! Definitely recommend this setup.
Excellent tips for password management!
Excellent tips for password management! I tend to store my carefully crafted passwords on Word or Excel spreadsheets. However this gives me a great sustainable tool without compromising on security levels. I use Dropbox frequently for work and personal use, and it's definitely a nice touch to see that KeyPassX is integrated with Dropbox as a feature.
Daniel Anderson
RE:
I use KeePassX - it is pretty good.
I also use LastPass and for certain things that I don't want in the cloud I keep it in a text file in a TrueCrypt volume - the volume is small enough and secure enough (at least for my simple reasons) that I don't mind backing it up to my Dropbox and Google Drive services.
Thanks for sharing!
Cheers,
KeePassX
I've been using it for years and never had it let me down once. I therefore agree with the author: KeePassX is worth trying.
I tried it, then quickly quit using it
I looked into KeePassX, and liked it. I set it up, stored all of my passwords in it, and apparently there was some kind of save option that I wasn't aware of, because after a restart it had saved NONE of my entries. I had put probably 20 items in there, and they were all gone. I've never run it since.
Or not?
It asks you to save the database when you quit, how could you miss it?
keepassX with keepasshttp
When will keepassx have something like keepasshttp? I have keepassx saved in Dropbox but it would be more updated if the browser itself interfaces with it.
fpm
After reading the article I think I'll just keep using Figaro Password Manager (fpm). It is simple and I like it.
I use the original KeyPass,
I use the original KeyPass, but I also use a system for coming up with easy to remember and secure passwords. I use an easy to remember phrase and create an acronym of that phrase for the password. As part of the phrase I incorporate the domain of the particular site, so that the password is different for most sites. I also make sure there is at least one occurrence of the word "For" or "To" and one occurrence of the word "And", substituting them with "4", "2", and "&" respectively. For example:
My password For Linux Journal dot Com That is Easy To Remember And Secure!
Mpw4LJdCTiE2R&S!
Using the same template for Amazon dot Com:
Mpw4AdCTiE2R&S!
For getting to email accounts, incorporate the address along with the domain. For john.doe@gmail.com:
Mpw4JD@GMdCTiE2R&S!
After about a week of using this on every site, typing the password becomes second nature. The only time this is a problem is with those sites that don't allow special characters in their passwords. For those sites, just change the "&" to "a" and leave off the "!", or maybe change it to "i". And be sure you have an entry in KeyPass for these exceptions.
KeePass instead of KeePassX?
I was also using KeePassX when I discovered KeePass, the predecessor. KeePass has the advantage of a browser integration (KeePassHTTP) which I really like. It comes passes passwords directly into the browser session so I don't have copy&paste them. The downside is that it requires Mono.