KeepassXC Password Manager – why and how to use it

KeepassXC Password Manager – why and how to use it

In the last post, How to secure your passwords and accounts, I wrote that to maintain security online, we need to use passwords that are long, unique, and complex. I also mentioned the use of password managers, which are designed to help us securely remember passwords for all the services where we have accounts. In today’s post, I will focus on the KeepassXC software. In the next post in this series, I will also discuss the BitWarden manager.

So, where to start your adventure with Keepass? KeepassXC is a desktop application that creates a local, encrypted password database on your computer’s disk. You can then upload this file to a network drive like OneDrive, Google Drive, or another service to use it on other devices. One undeniable advantage of Keepass is that it is open-source software.

Installation

To install Keepass in the latest version, we download the installer from the KeepassXC website. Then, we run the executable file and go through the successive installation steps. I will skip the installation process itself, as there is nothing in it that could cause any trouble.

After a successful installation, you will be presented with a window like this.

Configuring the password database file

In the first step, let’s give our database a name and add a description—it can be useful if we have multiple databases.

The next step is to establish the encryption details of the file and its format. Regarding the format, I recommend using the latest KDBX4. Encryption mechanisms can be adjusted by clicking on Advanced Settings. However, we will configure the default settings. The decryption time displayed on the screen is the delay time for decrypting the database after entering the password. This can be useful in case attackers attempt to break the password of the file -increasing this setting will extend the time needed to guess the password.

Next, we generate a password that will be used to open the file. The password must be secure, meaning it should be sufficiently long. My example password has 30 characters. You can also use the built-in password generator in KeepassXC. This password can be changed at a later date.

Once you have established the password, proceed further. In the screenshot below, you have the option of Additional Protection. There, you can add extra security with a key file or a physical key.

For the purpose of this post, I will configure the key file option – it’s important to secure the key file in a safe place. For most home users, there is no need to configure this option – a strong password is sufficient to secure the database.

In the next step, we will use the option to generate a key file. After generating it, save it to your computer’s disk.

After configuration, the authentication data window in our case will look like this:

Managing entries

After successfully configuring the database, we can proceed to add passwords to it. Passwords can be organized into groups. For instance, you can separate social media accounts, email accounts, etc.

Let’s start by creating a new group. You can give the group a name, an icon, and choose whether to disable auto-type.

Once you have added your groups, you will see a view like this.

Once you have your groups, you can create a new entry. To do this, right-click and select New Entry.

And then, you fill in the name, login, password, website address, icon, and additional notes. The website address is important if you want to use a browser extension. When saving login details for a bank, for example, if you have the correct bank website address (e.g., https://mbank.pl) in the URL field and use the browser extension, the login details saved in KeePass will only be filled on that specific website. If you click on a link leading to a phishing site pretending to be mBank, the passwords won’t be filled. Instead, a message will appear stating that there are no entries for that website in your KeePass.

Remember to make your passwords long and unique. I’ve written a few words about creating passwords in the post How to secure your passwords and accounts

After we add entries, will see like below.

KeePass and browser integration

Now, let’s configure the browser extension so that when you enter a URL specified in any entry in Keepass, the browser will suggest filling in the login details. To do this, we need to do two things.

  • Enable browser integration in KeePass. To do this, in the main KeePass window, click on Tools and then Options. Next, select Browser Integration. Now, choose the browser you want to integrate with – I’ll use Mozilla Firefox in my case. There are other configuration options available, but I won’t cover them today. After changing the settings, click OK.
  • Install and configure the browser extension.

The best way to do this is by visiting the KeePassXC.org website, navigating to the Downloads section, and then selecting the Browser Extension option.

There, click on the link that corresponds to your browser, and you will be redirected to the relevant extension store. Once on the page, click on Add to Firefox, and then in the browser prompt, click Add.

Once you have completed these steps, you now need to connect your browser extension to the database file. To do this, go to the extension management in your browser. Then, next to the KeepassXC extension, click on the „three dots” and select Options.

If you don’t have any database connected, you need to choose „Connect.” Your Keepass will then display a message about a new connection request to the database. Enter a name that will help you identify the connection in the future.

After adding the database, you will see a view like this.

And that’s basically it! Now, when you visit a website for which you have saved login details in KeePass, a prompt will appear in your browser requesting access. Choose Allow Selected.

Now, when you click the KeePass icon in the login field on a website, as shown below, the login fields will be filled with the data from your KeePass.

Additional options

What if I don’t want to integrate with the browser?

There is also an option called Auto-Type. To use this option, you need to go to the login page of the website you want to log in to, so that the login form is visible – here, there is no association with the URL field in KeePass. Then, go to KeePass, and you have two options. Either manually click on Perform Auto-Type with the mouse, or use the keyboard shortcut Ctrl + Shift + V. Importantly, the auto-type sequences can be customized for each website. However, in most cases, the default sequence {USERNAME}{TAB}{PASSWORD}{ENTER} is correct.

I hope that this post will help you use the internet in a safe way, create secure passwords, and store them securely.

Komentarze

Nie ma jeszcze komentarzy. Może zaczniesz dyskusję?

Dodaj komentarz

Twój adres e-mail nie zostanie opublikowany. Wymagane pola są oznaczone *