Friday, May 16, 2008

Using KeePass to Store Web Passwords

Storing Your Web Passwords the Free Way
with KeePass

People often ask me if there is a quick and easy way to save their online passwords so that they don't forget them. Right now, when more and more sites require passwords to access them, it is especially important to do two things: 1) Pick a password that is not easy to guess and, 2) Make sure you don't forget the password(s) that you chose. Also, with more and more sites having security rules, they are making it more and more difficult for us to remember passwords. Take Adobe.com for instance. I couldn't believe how many safeguards and hoops you had to jump through to just to create a password to enter their site. Many corporations, for instance, require you to change your password every 60-90 days. It's no wonder that there is great software out there to help us manage our passwords. The best one, in my opinion, is RoboForm. But, RoboForm also has a stipulation in its license. You can use it free, as long as you only want to remember your password(s) for up to 10 sites. Over 10, and you have to pay. You would be surprised how quickly you can surpass 10 sites. If you're interested in unleashing the power of RoboForm, it costs $29.95 for the 1st license and only $9.95 for the 2nd license (if you order by the end of May). Also, a RoboForm2Go license is now $19.95, and this allows you to install RoboForm on a USB Flash drive and take your passwords with you anywhere. Just plug it into a USB port, and you have all of your passwords, allowing you to login with one click on any of the sites you regularly go to.

Now, what if you have more than 10 sites that you want to login to, and you need software to help you keep track of those passwords? There is another program that Kim Komando recommends. I regularly visit Kim's site and listen to her radio show (http://www.komando.com/) and she was kind enough to explain (in excruciating detail) how to use KeePass. See, the problem with KeePass is that it has a bit of a learning curve - in order to set it up correctly. RoboForm basically has no learning curve, and there are a few video clips that show you how to use it in my PC Maintenance and Security online course. See my May 14th blog post for more on that series of training videos. Back to Kim Komando's tutorial on KeePass. Here it is in its entirety. I hope it helps you correctly set up this free password managing program.

Kim's Article & KeePass Tutorial

I jumped online recently to check a Webmail account I rarely use. It mostly collects junk mail. But sometimes a good friend's e-mail shows up, too. I started to log in, but couldn't remember the password. So I went digging through my mind to find it.
It seems like everything in our digital lives needs a password. We have passwords for e-mail. We have passwords for online banking. We have multiple passwords for shopping. We need passwords to access certain programs. Ideally, each password is different. We all could use a program to organize and store our passwords. There are several on the market that do just that. A free one is called KeePass. I've mentioned it before, but some of my listeners are unsure of how to use it. After you download and install KeePass, meet me back here to learn how to use it.

Create a new database
You're back! Once you've installed KeePass, open it. Click the New button at the top of the window. You'll be prompted to create a master key for your password database. KeePass encrypts the database containing your passwords. Without encryption someone could steal your passwords in one swoop. You'll need the master key to access the database. You can set up the master key in one of three ways.

Master password
First, you can create a simple master password. Just enter any password in the "Master password" field. A colored bar below the field shows your password strength. A longer password with many different characters is stronger. There is no maximum length. You could use an entire sentence if you'd like!
Pick a password you can remember. If you forget it, the database can't be opened. There is no backdoor. You'll lose all the passwords you've stored in KeePass. Once you've picked a password, click OK. Re-enter the master password to set it.

Key file
Your second option is to create a key file. This file contains the encryption key to decrypt your database. You won't need to remember a password. You just need to know where the key file is. Again, there is no backdoor to decrypting the database. Lose the key file and you're locked out. So back up this file.
The key file can be saved in a number of locations. You can put it on a hard drive, CD or thumb drive. Using removable media is a good idea. I would use a thumb drive. This lets you separate the key from your computer. Of course, you really need to keep track of that thumb drive.
Don't enter anything in the "Master password" field. Use the "Key file" menu to select the removable media or hard drive location. Then click OK. Next, input some random data. This is used to create a truly random key. It is virtually impossible for a criminal to guess your key file. There are two steps to inputting random data.

The first step involves your mouse. On the left, there's a box that looks like static. Click the "Use mouse as random source" button. Put your cursor in the box, and move it around. You're done when the progress bar is full.
Next, click inside the empty box on the right. Then, type random letters, numbers and symbols. It doesn't matter what you type. Just go crazy. The more you input the better. When you're finished, click OK.

Combination
The last option is to use both a master password and key file. This gives you two layers of protection. Someone would need both the password and key file to break in. It also means you have to keep track of both. Lose either one, and you're locked out.

Customize the database
You've created your database. You'll see a folder labeled General. It contains several subgroups like e-mail, home banking and Internet. Each has an identifying icon. For most people these subgroups will suffice. But you can add your own if you'd like. Right-click on the General folder and select Add Password Subgroup. Check the "Use master password and key file" box. Follow the steps above to set up both. Enter a group name. It can be something like Shopping or Bills. Then, click on the Icon button, and pick an appropriate icon. Finally, click OK.

Enter your passwords
Entering your passwords is time consuming. But in the end, you'll be happy you did. Let's enter a Gmail password as an example. Click on the E-mail subgroup. Then click the Add Entry button at the top of the window. The first option is Group. This actually corresponds to subgroups. In our case it reads E-mail. Use the drop-down menu to select any subgroup. Next, click the Icon button. Select an appropriate icon. Next, name your password in the Title field. We'll call our example Gmail. Below that is the Username field. Enter your account username.
The Password and Repeat fields are already filled. KeePass automatically generates a random password for each entry. The password appears as a string of dots. To show the password, click the Hide (***) button.

You want to store your password, not a random one. So delete what's in those fields. Enter your password in the Password and Repeat fields. The Quality bar shows the strength of your password. The next field is labeled URL. If your password goes to a Web site, enter it here. For example, enter www.gmail.com. Enter any extra information or reminders about this password in the Notes field.

The next option will set an expiration date on the password. It's a good idea to change your passwords regularly. Check the box labeled Expires. Enter the date and time you want it to expire. Expired passwords have a red X as their icon.
The final option is Attachment. Most people never use this. So feel free to skip it. But I'll explain it for those that are curious. This option allows you to attach a file to the password. It can be anything. But it's intended to hold encryption keys. Some programs require these keys for access. With this feature you can securely store encryption keys. It makes locating them a breeze. When you're finished, click OK. Then click File>>Save Database. Save your database wherever you'd like.

Use KeePass
Ok, we've finally stored a password in KeePass. Now let's use it.
Click on the subgroup containing your password. You'll see all the information you just entered. Remember our example is a Gmail password. Under the column labeled URL is
www.gmail.com. Double-click the URL and it will open in your default browser. Adjust the windows so you can see both the browser window and KeePass. Entering your username and password is simple. In KeePass, click and hold the entry under Username. Drag it to the Username field in the browser. It completes the field automatically. Do the same for your password. You're signed in!

Other versions
KeePass runs on Windows XP and Vista. But third parties have created versions of KeePass for Mac OS X, Linux, Blackberry and more. You can also download a portable version. It is installed on a thumb drive. You can carry your passwords wherever you go. The Windows version is very stable. Other versions may contain slight differences or specific bugs. I haven't checked them all. But the Mac version has a few kinks. It still works, but sometimes crashes. So, test these other versions before committing all of your passwords to them.More on passwords.


Thanks, Kim, for one of your longest and best tips ever.
I'll bet this tutorial was created to finally provide a reference for all of the questions you've received over the years regarding the use of this somewhat complicated but helpful utility.

No comments:

Post a Comment