Today I’m going to take a short break from the iOS 10 series. This post is a brief tutorial to help get you started with KeePass on your Windows machine. Last week I covered KeePassX, and much the chagrin of Mac users like myself, KeePass actually offers a few more options.The first step is to download the application from http://keepass.info/ and install it. On opening the application you will see the interface shown below:
The next step is to create a database. this is similar to creating a new document in a word processor application; the database is the encrypted file that stores your passwords. Click File >> New.
Next, you should save your database file. You can save this anywhere you want to. I put mine into an encrypted container for an added measure of security, but this is not truly necessary. KeePass organically encrypts the database with AES-256.
You will be prompted to create a “Master Key” for your new database. This may consist of a password, key files, or both. Because your Master Key will protect all of your passwords and other login information make sure it is a good one! Also make sure you will not forget it; you may wish to write it down on a piece of paper until you are certain you have committed it to memory.
After you have created the Master Key, click “OK”. On the next screen you will be given the opportunity to select some options for your new KeePass database. The only one of these that I worry with is the Key Transformation option, located in the Security tab. This controls the number of “rounds” that the password undergoes before being usable to unlock the database. A higher number can drastically slow brute-force attempts, but can also slow logins. Click the “1 second delay” button will assess your system’s speed, and set the number of iterations that will cause a 1-second delay. This delay on each login is tolerable to the user, while increasing security by a huge margin.
Click “OK” and your database will be created. Initially it will be empty, except for two sample entries. The next step is to create entries in your database. Each entry will contain the login information for one account. To create an entry go to the Mac Toolbar and click Entries>>Add New Entry or click the “new entry” icon at the top of KeePass’s interface (the gold key with green “down” arrow). A new menu will appear with fields for the new database.
- Title: This field is used for organizational purposes and let’s you keep track of your entries. Examples of titles you may want to use are “Personal Email Account” or “Bank Account”. If you have a lot of entries (as I do) you can add numbers to the beginning of the title to keep them in a certain order. For example: 001 – Personal Email, 002 – Business Email, etc.
- Username: Enter the login username for the account.
- Password: See the next section.
- URL: You should visit the page in question, copy the URL from your browser’s address bar and paste it into this field. Later when using the entry his will allow you to select “Open URL”, which prevents you from mis-typing it and going to a forged website.
- Note: Use this field for anything relevant to the account, like the phone number or email address you provided, your two-factor backup codes, the birthdate and other biographical data you gave the site when you signed up, etc.
- Expires: Your password can be set to expire in a user-defined amount of time to remind you to change it.
To set a password click the “Gen.” button. This will expand the options for passwords as shown below.
The password options allow you to choose a length. Note that the slider only goes up to 64 characters but the numerical field allows you to input numbers as high as 999. I recommend selecting every option under “character set” to make your passcode more complex – with the exception of High ANSI Characters. I don’t recommend using these because many websites will not recognize them. When you have selected your password click “Accept”. When you are finished in the entry click “OK”. Your entry should now appear in the KeePass database.
To use the entry, simply right-click on it. I usually select “Copy password”. Once the password is copied I right click again and select “Open URL” to open the page in my default internet browser. I paste the password into the browser, then toggle back to KeePass to get the username.
If you enjoyed this article please sign up for my Operational-Security Newsletter.