JDPFu.com 2024

Why Use a Password Manager?

Password managers do the following things for you:

1. Store password information encrypted
2. Allow you to use different userid and/or password combinations for every login without needing to know or remember those details.
3. Easily create random long passwords – you’ll never need to know them or type them anyway so 35+ characters is great
4. Replay the userid and password for you to nearly automatically login to applications and web sites
5. Easily open a URL for you
6. Store system information in addition to logins/userids and passwords; like software keys
7. Let you keep all your critical information in one place that you can replicate to as many locations as you like to prevent loss. I keep emergency contacts in there too

Why KeePassX?

There are many password managers out there. The big 3 are LastPass, KeePass, and KeePassX . There are others too, but most people will select from these three. Both OSX and Linux have built in solutions available, but they aren’t cross platform. All of them are fine and generally secure, but I don’t like something about the other options.

I prefer KeePassX because:

1. Cross-Platform program and Database; it runs on Linux, Windows, OSX and Nokia N800, Maemo. There are other supported platforms too by other people.
2. The Password database is binary compatible between the different platforms.
3. AES256 Encryption. Blowfish too, I believe.
4. Auto-Type – This makes logging into web sites and applications trivial.
5. Setting to automatically wipe the clipboard can be user configured. I use 180 seconds.
6. Setting to automatically lock the interface after a period of time or when minimized.
7. Global setting to pull the app to the front of your desktop can be set. I changed the default which conflicted with the “find/search” in FireFox to something else.
8. Windows version is portable. It can be run without installing it on the PC, from a USB flash drive if you like.
9. Supports TNO – Trust No One … ok, not really since I’m using binary program files, but there’s no need for a service to be involved or any network connection to access the data inside the encrypted DB.
10. FOSS – it is free and open source software.
11. Security Researchers like it. They have looked at the source code.

LastPass can be run in both local and web service mode. The web service mode is dependent on SSL which may or may not be trustworthy in your current location.

KeePass has v1 and v2. V1 uses the same DB schema and format as KeePassX and there is a portable version available. V2 requires MS.Net to be loaded on the system – to me, that makes it worthless. I have used a portable KeePass v1 on Windows and shared the database with KeePassX on Linux and N800 platforms. It works. OTOH, if the program you use is available on all the platforms you use, why risk mixing project code at all?

Why did they name is KeePassX? In the beginning, it was a port of KeePass to X/Windows, hence the name. Later, they were able to port it to other platforms because they were smart and selected a good GUI abstraction library, Qt. That early choice means they can support many, many different platforms easily when compared to native OSX or Microsoft programs. Nice job guys.

Might I suggest that you try KeePassX for a week with your top 5 login needs? At first, it is a hassle, but then it becomes a gotta-have application. I’ve been replacing 8 character passwords with randomly generated 35+ character passwords over this time. Some passwords are 63 characters strong. Nice.

Major Tips For Use of any Password Manager

1. Do backup your password database. Place it on at least 3 different physical media. That would be a laptop, a desktop, in your email server, and perhaps on Dropbox. Give a copy to your brother, mother, friend. Flash drives are perfect for this program and DB too.
2. Do use a good, long, strong pass phrase to access your password database. If you don’t, you’ll need to be much more careful about where you store it. This pass phrase needs to be unique and only used for this DB, nothing else.
3. Don’t use your normal system password for the password database. This DB holds all your keys to all your accounts and other data – heck, it may hold you bank account PIN too?
4. Do place a portable version of the program and the DB onto a flash drive that you take with you almost everywhere. It is find to place the program and DB into an attachment and place it in gmail – now you have access to it from anywhere in the world and if someone hacks your gmail account, they just know that you use KeePassX, but they won’t be able to get into the DB for thousands of years.
5. Do change the pass phrase every few years.
6. Do decide on a master system for editing the DB and all other systems are read-only. This will prevent mixed updates and loss of an update. Yes, it is a hassle if you aren’t on the edit-system and need to make a change.
7. Do create an automatic update method to push the latest version of your DB to all the locations (laptop, desktop, flash, dropbox, gmail) automatically.