If being online on a constant basis teaches us anything, it’s that you need long strong unique passwords for each online account you own. This means no passwords such as 12345 or abcde. If you use them, you’re asking to be hacked. Instead you need something like 7hb9qZaIcMCnCYdFTxx5. But unless you’re an android with a computer-like brain, how are you supposed to remember passwords like that? The answer is a password manager such as KeePass.
There are SO many password managers at the moment. Wikipedia maintains an extensive list, but out of all of them, the main players are KeePass, LastPass, 1Password, and I know a few people fond of Dashlane. But after trying these ones out extensively over the years, my fondness remains with KeePass. This is because it is easy to use, it is open source, and it has a portable version.
Setting Up KeePass For The First Time
I am a big believer in forgetting about bells and whistles, and instead focusing on products that just work. Give me a barebones stripped-down piece of software any day of the week if it will always do what you need it to do. I don’t need something all shiny and amazing looking, but which breaks down when I breathe on it.
I am going to focus on the portable version as that’s my thing. I try not to install anything unless I have to.
If you go to the KeePass downloads page, you will see the latest Windows versions at the top. The ones below that are the previous version but you should always use the most current version. The installable version is on the left, the portable version on the right.
If you are a Mac or Linux person, or you use Android or iOS, there are versions of KeePass for those platforms too. If you scroll down the downloads page, you will see them. As you can see from the list, they cover a whole variety of platforms including Blackberry, Palm, Windows Phone, Chromebooks, and the Command Line.
They are not all called KeePass but they are all compatible with KeePass password databases.
Open the Main App
Once the zip file has been downloaded, open it up. If you have chosen the installable version, install it on your computer. If you have chosen the portable version, make a KeePass folder on cloud storage or a USB stick. I recommend the encrypted cloud storage service Sync, which gives you 5GB free of charge.
Now click on KeePass.exe to start the program up and you will see the login window that protects your database.
However, since you do not have a database yet, close this login window and a blank database window will jump up.
Create a Database
Now we need to create a new encrypted database where our passwords will be securely stored.
First click File–>New. You will then see this.
Click OK and you will be prompted to save a KDBX file (the file format of a KeePass password database).
Make sure it’s in the same folder as the other KeePass components. You could put the KDBX file someplace else on your computer but what would be the point? Keeping it all together (especially on cloud storage) makes the most sense.
You can also rename the KDBX file. You don’t have to use the name it gives you.
Make an Unbreakable Password
An encrypted database is only as strong as the master password protecting it. If you use something easy like your name, your spouse’s name, your dog’s name, your birthday, etc., then that pretty KeePass database is going to get pounded to dust in no time.
On the other hand, if you put a lot of thought into your master password, then you can put the secret to eternal life in there, and nobody will ever get to it except you.
So this next part is the most important part of the process.
You should ideally make your password a minimum 10 characters with lower case letters, upper case letters, and numbers. If possible, also throw in a few special characters like a comma, a full stop, a semi-colon. You need to make it as hard as possible.
To ensure you are typing it in properly, repeat the password where indicated, and as you do do, the “Estimated Quality” of the password will show. You want that going as high as possible. I got it to 91 bits, which is OK because this is just a temporary database for this article. If I was making a real database, I would ideally want it well over 100 bits, maybe 120.
In Step 3, the only thing I would change is the encryption standard to ChaCha20. This is a MUCH stronger encryption protocol than the standard AES-256.
Print Out An Emergency Sheet
One last thing before the database is made and opened. You will be asked if you want to print an “Emergency Sheet.” I strongly recommend you do this. For obvious reasons, there is no “Forgot Your Password? Click Here To Reset It” option. So if you forget your master password, or you die and your next-of-kin needs your passwords, then you or they are going to have a major problem.
So print out the sheet, write the master KeePass password down, then hide it somewhere. If it is for your next-of-kin, put it in a sealed envelope with the will and the life insurance policy where they can find it easily. And obviously, if you later change the master password, remember to update the sheet!
Customize Your Database
Your database will now open and you can start generating and saving passwords.
On the left are groups where you can categorize your logins. These are the ones KeePass gives you but you can delete them or rename them as you wish. You can also make unlimited numbers of new groups.
It will have two sample entries already saved on the right and you can go ahead and delete those. But before you do, open one of them to see what a typical password entry would look like.
In the years that I have been using KeePass, I have only ever had to use the “Entry” tab. The other tabs are pretty useless for me.
So when you click the small key icon on the main database interface (in the toolbar), a box like the one above will show. But it will be empty. You need to fill it in. The title would be the name of the website, software, whatever. The user name…well that is self-explanatory. The URL would be the name of the website or software service obviously.
Now the password. For security reasons, the password is concealed with dots. If you click the button with the three dots on the right-hand side, the password will reveal itself. Click the button again to mask the password.
To generate a password, click the key icon under the three dots button and you will get this menu. Choose “Password Generator“.
You only need to concern yourself with the first part. Choose the length of your password (I recommend a minimum 25 characters). Then choose what you want in the password.
Now click OK at the bottom and you will see your box has been pre-populated with the new password. Click on the three dots button to view it.
Click OK to save the password and close the box.
When you want to log in someplace, right-click the entry in KeePass and choose Copy Username. Then click in the username box on the website and CTRL + V to paste the username in (or CMD + V on a Mac). Then right-click on the entry again and choose Copy Password and repeat the process in the password box.
You have to hurry though. After 12 seconds, KeePass wipes the information from your clipboard for security reasons. You can shorten or lengthen the time in the KeePass options. Personally, I have it lowered to 6 seconds. In the options, you can also have KeePass log out of the database after a certain time period, but I have this disabled. But this would be good in an office environment.
With the simple KeePass, there is no excuse for not using a password manager. You can’t say “it’s too complicated!” because this is as simple as it gets. Stop the risk of getting hacked and start using longer unhackable passwords.