by Gina Trapani
Are your passwords written down on a piece of paper taped to the bottom of your keyboard? Zipped up in a passworded archive? Stowed away in a passwords.doc file?
On Wednesday we discussed how to choose secure and memorable passwords. But what about the passwords you already have? Or passwords that were assigned to you that you can't change? Or passwords for systems with special requirements that your usual password scheme doesn't work for?
Sometimes you just have to write down a password to remember it. But don't do it on a Post-It note. You can keep a secure and searchable database to retrieve those hard to remember passwords without compromising security using the free, open source software application KeePass.
One master password to rule all
A KeePass database stores all your passwords inside of it in an encrypted state, and uses one master password and/or a key-file to access that database. KeePass has fields for username, password, URL and notes associated with each login, and you can create login groups (like, Windows, web sites, Wifi networks) to organize your passwords. KeePass is highly secure; if you keep it running, it will lock its workspace after a certain amount of idle time and require you enter the master password again to access the database.
Here's how to get KeePass set up.
Download KeePass and install as usual.
Create your KeePass database by choosing New from the File menu. A dialog will prompt you for a master password and/or a key file disk, as shown.
If you want to use a master password to access your database, just enter one into the password field. If you'd like to use a key file stored somewhere on your computer, either choose a disk from the dropdown or choose "Save key-file manually to..." to place the keyfile somewhere other than the root of the drive. A thumb drive is a great place to store a key file. Say you store a KeePass database on a shared computer; you can use your thumb drive as a key to unlock it.
For double security, you can use BOTH a key-file and a master password to secure your KeePass database.
Optional: If you do choose to use a key-file, KeePass will use random mouse movement or random keyboard input to generate the file, as shown. (Click to enlarge.)
Here you can click on the "Use Mouse As Random Source" button and move your mouse around in the dotted box OR just bang on your keys in the Random keyboard input box to generate your key-file. Hit the OK button once you're done. Finally, if you set a master password for your database, you'll have to enter it one more time to confirm.
Once your database is created, add entries to it. KeePass suggests some default groupings for your passwords, like Windows, Network, Internet, Email and Homebanking.
To add an entry, right click in the right pane and choose "Add Entry" from the context menu. Assign your login a name ("Gina's home computer"), a username, a password (or use a pre-generated password), and optional URL, notes, expiration date and file attachment to the entry. You can toggle the ... button next to the password field to display the contents of your password or obscure it with asterisks. KeePass also displays how secure your password is with an as-you-type quality meter, just below the Repeat field as shown.
Find and use your passwords with KeePass
Once all your logins have been entered into KeePass, you can find and use your login information whenever you need it. For example, you may set up a "Wifi networks" password group that lists your logins at all the networks you use, including school, home, friends' houses and coffee shops, as shown.
Upon arriving at Mark's house, you can either browse to your Wifi networks folder or simply enter "Mark" in the search box on the upper right hand corner to retrieve the "Mark's house" entry. Right click on it, and choose "Copy Password to Clipboard" and drop it into Mark's wifi login prompt.
Configure other useful KeePass features for instant password retrieval in the Options panel in the File menu, which include:
Start KeePass with Windows automatically.
Clear any password copied to clipboard after a certain amount of time; or allow for only one password paste for extra security.
Minimize KeePass to the system tray to save Windows taskbar real estate.
Attach files to KeePass entries. This feature is useful for storing PGP signature files (see previously-posted feature, How to encrypt your email for more info) or even passworded Word documents or encrypted text files (see previously-posted feature, Encrypt your data.)
Install KeePass on a thumb drive, with your database saved there as well for instant, secure access to your passwords from any computer with a USB port. (See also Carry your life on a thumb drive.)
For web site passwords, you can also securely save login information directly in Firefox. The advantage of that method is that copy and paste isn't required - Firefox will autofill the login box with your details. However, this only works for web-based passwords - not wifi, network, email, or Windows login information. See Secure your saved passwords in Firefox for more on that.
You can even email yourself the latest version of your KeePass database for access from anywhere. If you'll be working on a non-Windows machine, you can export your KeePass database to text and encrypt that file for reference elsewhere. See also previously-posted Encrypt your data for more on that.
KeePass' structure and security and accessibility makes it a great one-stop shop for all your critical passwords. How do you keep track of your passwords? Let us know in the comments or to tips at lifehacker.com.
Gina Trapani, the editor of Lifehacker, is using her thumb drive KeePass database on the road this very minute. Her semi-weekly feature, Geek to Live, appears every Wednesday and Friday on Lifehacker. Subscribe to the Geek to Live feed to get new installments in your newsreader.
