In information technology professions, password management tools are a necessity. But the problem is that many users could benefit from them if they only knew that they existed.
Today, password security is a huge problem. Hackers, of course, are always trying to find new ways to steal passwords. There’s lots of attacks, such as XSS, that work by stealing cookies stored in browsers containing cached usernames and passwords.
Remember that you need to exercise great care in guarding your passwords. Some people use less-than-secure means to remember their passwords. Writing them on post-it notes, a physical book, or by ticking the “Remember Information” box in their web browser. These are terribly insecure options, and to be frank, are an unnecessary risk. If anyone got their hot, little hands on your book of passwords, post-it notes, or had access to your computer when you weren’t present, they could log into your social media sites or even more sensitive websites such as financial or banking services.
But guess what? There is a completely free tool that allows you to store all of your passwords in an encrypted format so you never have to worry about password security again. And it’s even open source, so you don’t have to worry about governmental agencies creating backdoors and stealing your information. You can find out more about that in detail on our online privacy guide.
Anyway, the name of this program is KeePass. To be completely honest, its interface isn’t the prettiest that ever existed. But hey, it gets the job done and it’s a very functional program. By using KeePass, you will have complete control over all of your password data. You choose where the password file is stored!
But it gets even better! Because the file is encrypted, it doesn’t matter if a hacker or stranger gets their hands on it. They won’t be able to open the file or break the encryption to steal your username and password data!
To start off, understand that this program was originally created for Windows. However, they have ported their code to support other operating systems as well. By using KeePassX, you will be able to secure and manage your passwords across many different operating systems such as OSX and Linux systems.
If you need a mobile solution, iKeePass and KeePass2Android will provide the same functionality on iOS and Android systems.
As you might expect, the free version of the software is a little watered down. You’ll need to pay money for the full-featured version of KeePass. Yet, even with the free version, you have access to extra functionality through the use of add-on modules. These work in a similar manner to how you would install extensions and other pieces of software to Firefox or your favorite web browser.
This is fantastic because it will allow you to add components and software modules on an as-needed basis, and they will even help you increase your security. There are plenty of modules to choose from, but arguably the only one that you might count as a necessity is web browser extension. Even better, the software without any add-ons will more than suffice for password protection – but a few of them are pretty handy.
Free But Easy
While most people would be a little skeptical of using a free piece of software that is a stand-alone application to store all of their passwords, you don’t need to worry about syncing your passwords to other devices. Though the software doesn’t include this feature, you can easily share your passwords among all of your devices with ease. The passwords files are encrypted with an extremely secure algorithm that hasn’t been cracked to date. All you have to do is place the password file (.kdbx) in a cloud storage folder such as Google Drive or Dropbox.
As long as each device saves any changes made to the database in the shared folder, the updates will be sent to every device that accesses the same shared folder. This may sound like extra work at first, but it only takes a few minutes to setup. It also won’t cost you anything extra if you already have a cloud storage service.
I know it may sound scary to store you entire password file on someone else’s servers, but don’t worry. Because the passwords are encrypted in a format that can’t be hacked, it doesn’t matter if someone steals your file – there’s no conceivable way they can hack into your password database!
There is no cost to using KeePass. That’s right it’s completely free open-source software! Although you can get both the classic and professional version without paying a penny, donations are very much welcomed. It’s for all the hard work they’ve already put it. Not to mention the upkeep required to update, maintain and provide the service.
Most people would assume that free software cuts corners or doesn’t provide you with the latest technologies. This isn’t true with KeePass, because they use the latest encryption standards to ensure that your passwords remain safe. Fortunately, the software is open source as well so there isn’t a chance that a governmental agency or disgruntled employee has coded a backdoor into the software.
But you should know beforehand just exactly how this software keeps all of your other passwords safe.
KeePass employs a mechanism called a master password, and as the name suggests, it works just like a master key. The only way to access all of the other passwords contained in the database is to know this password. It must be entered before you can access other entries in the program.
Consider that for a second though, it’s a double edged sword for those of you with poor memories. If, by chance, you were to forget your password, there’s no way to log into the software again. You would have to start over and build an entirely new password database with a new master password because there’s no password-recovery feature. That would defeat the purpose of the software in the first place.
Of course, it’s much easier to remember one password than to remember every password contained within the database. Some people can’t remember all their passwords so they make them all the same, which is a massive security flaw. But when using KeePass, you still only need to remember the single master password, and all of your other passwords will still be unique.
I would also advise that you keep the encryption settings at their default values. They are set to use AES-256 encryption and SHA-256 for password hashing, which are the two strongest algorithms.
How to Use KeePass
The very first thing you’ll need to do is download a copy of the software from their website. It was a little confusing for me at first, since the software that I needed to download was the professional version. Make no mistake though, that’s the free version that you want to download. While you’re there, go ahead and download the portable version that you can run from a flash drive if you want to.
When you are installing the software, you don’t have to worry much either. They don’t try to install any adware or other annoying software programs during the process. All you have to do is keep clicking next. Keep in mind that you may want to change a couple settings, such as the default directory and whether or not you want a quick launch icon and desktop shortcut in Windows. Also note that the software will want to search for updates the first time you run it, let it.
Once you run your new software, you will need to proceed by creating a brand new password database. You have the freedom to save the location of the password file anywhere you want. Consider putting it in a shared storage drive such as Dropbox if you want to share the single database with your other devices. To do so, you will need to click on File and then click on New to make the database. After you have chosen the location to store the database file, one of the most crucial parts of the setup process happens next, the creation of the master password.
You need to make sure that you remember this password no matter what, and I would caution you against writing it down somewhere. You need to commit this password to your memory. If you forget it, you will lock yourself out of your database.
You will also have the option to set other values such as the default username for entries in the database. It will additionally give you the option to name your database, as you may want to have more than one. Some people keep separate databases for work and personal use.
Name it how you see fit and click the “OK” button. Once done, you will have a new database waiting to securely store your passwords.
To add a username and password to the program, you can either use the shortcut ctrl + i or right click your mouse and select a new entry. By default, it will create a random password that is more secure than most people commonly choose, such as their pet’s name with a few special characters. I would advise you to leave the default password for each entry due to its strength. And no, you don’t actually need to type that password out when you log into a website, you just need to copy and paste it.
Finally, understand that you don’t need to manually create a new entry for each username and password pair that you have previously cached in your web browser. There’s a handy feature that allows you to import passwords from your web browser. It’s going to save you a lot of time.