I am an Internet addicted, and it’s not a bad thing anyway. In fact, it’s a must for me. I am a professor of computer science, and Internet is a very useful source of knowledge in many areas. Of course it has problems. Nothing is problems free so Internet is not different. One of the biggest problems Internet users have is the need to create many user accounts, and the passwords associated with them.
It should stop here, but the problem is something bigger. For security reasons, we must not use the same password for different websites. If somebody finds the password for one of these websites, it also works for the others.
Another problem is that passwords must be chosen carefully. If you choose a word related to your life (f. ex. the name of your wife, your son, your daughter, your mother, your dog, etc.) it can be easily guessed, even if the person does not know you nor details of your life. These particular passwords are so weak that they are easily guessed even if you try to create some difficulties, like write them from the end to the beginning, including a number or other character in some position, or substitute a letter for anything else. The passwords must be large enough to void a try to guess them by brute force, meaning testing all the possibilities for a given size. You may think it’s hard to do, and in fact it is, but people can use computers in this task. They can find easy words used as passwords in just a few seconds.
So the solution for these security problems are: 1) we must have a lot of passwords (in my case they can be hundreds), all
differents from each other; 2) all them must be hard to guess, what means they are hard to remember; and 3) we need a system to keep them easily.
KeePass Password Safe is a free open source password manager, which means: 1) you don’t need to pay for use it; 2) you have access to the source of this software, in case you need; and 3) its functions are exactly we need to solve the problems I related before.
Creating a password database
KeePass starts showing an Opening Database window.
In this case, it shows the last database used. What is a database? It’s a file where KeePass keeps the user’s passwords. It’s protected by cryptography algorithms, and the user must to enter a) a Master Password; b) a key file; or c) it uses the user windows account. Let’s talk about all these possibilities.
A Master Password is a special password to protect the passwords database. The user must remember only this one, or he/she can write this password in some paper. I prefer this system, and I’m using it in this article.
A key file is a computer file with the contents of a password. I don’t like this system because this file must be stored in some place. It can be a pen drive, a disk, a CD, a DVD, or any other storage device. Of course if you loose the device you will not be able to know your passwords, unless you write them in a second place (which is of course a liability). The worst case is when somebody finds this device, what means that he/she can access your passwords, and you don’t.
I don’t like to use the user windows account because the windows passwords can be easily cracked.
If you don’t have a Password Database yet, or you choose to create a new one, you will be prompted the database name and location. The database type file is .kdbx. The default location is My Documents. Here I choose to create a database named test.kdbx.
Next the program opens the window to create the master key to this database. I said I prefer Master Keys, the first option. As we type the master key, the program estimates its quality. For now I will use the key
‘mastertest’. KeePass says it is not a good quality, and it is equivalent to 35 bits. In the final part of this article I will tell you a recipe to produce good passwords easy to remember.
In the 2nd. step, the program shows the Database Settings Window. Here it is not necessary to change anything. Just click OK, and you already can use your new password database.
Creating a password entry for an email address
Let’s create our first reference to a password. I want to record a password for an email account. Suppose we have an email address called email@example.com. You can make this experiment with a real account of your own. In the left column, click in the 2nd. option from the bottom (eMail). So, click in the 4th. button of the tool bar (Add Entry). You will see the Add Entry Window.
First we see the Entry tab. Here you can give a name to this entry (Principal Email Account). If you wish, you can change the icon to this entry.
Next, type your user for this email account. You already see a password offered by the program. This password has a good quality (the bar is green and the size of the key is 120 bits). You can type the URL where you have to enter this password, and some notes. You can set an Expires information for this entry (date and time). In this case, the program will alert you to change the password in the proper moment.
It’s finished. Just click OK, and you already can use the new entry to access your email account.
Now, you may double click the new entry in different positions to have different actions.
A double click on the title of the entry will open the same Add Entry Window, but with the name Edit Entry.
A double click on the User Name or on the Password copy the password to the clipboard for 12 seconds. After that the password is erased. In the mean time you can paste it on a password field of your browser or other application.
If you double click the URL, KeePass will open this website with your default browser.
Click with the right button of the mouse over the new entry, and you will see a context menu with the following options:
you can copy the user name;
copy the password;
in the URL sub-menu you can open the website with your browser, or you can copy the address to the clipboard;the auto-type option is interesting. You have to position KeePass in the top of the form asking for your password, and the program will transfer the User Name and the Password to the form;you can add a new password entry;view, or edit the actual entry;duplicate the actual entry, probably to edit it in case of similar accounts;delete the actual entry;for selected entries, you can change the colors, or the icon, you can print, or export the password entry. Note that, in the last two cases, the password is visible;select all entries;copy/paste entries to/from the clipboard;you can rearrange the entries, moving one specific entry to another position, or you can sort all the entries by one of the fields.
From the other tabs, the most interesting is the possibility to keep a history of each entry. The other tabs are too specific to the common user.
The tool bar is very simple, and it has some useful operations.
1st. you can create a new database, open an existing one, or save the actual database. No modification to the entries will be saved until you save the database.
You can add a new entry, copy the User Name or the Password of the actual entry to the clipboard.
You can search the entries for some specific string in one or more than one fields.
You can choose to show all the entries or just the expired ones. Finally, you can lock the database. It will be closed, and you have to type its master key next time you want to use it again.
The menu bar is very simple. There is a File option, where you can manage the databases.
The Edit option allows to manage groups of entries, or specific entries each time. A group is a subdirectory for that kind of entries. For example, you can have different groups for personal and professional email accounts.
The view option allows to choose the fields you want to see in each entry.
The Tools menu has some interesting options:
the generate password option opens a window where you can set some options for the generation of new passwords. I strongly recommend you change these options only in case you know very well what you are doing;the same applies to the generate password list;the TAN wizard allows the user to work with one-time passwords, generally used by banks. This type of passwords can be used only once, and they lose their values;the database maintenance option allows to clear old historic from the entries;the common user does not need to change any options, so you can leave them unchanged;KeePass can use plug-ins. You can find them at this site: http://keepass.info/plugins.html. Basically, some plug-ins are designed to interface with other password programs like AnyPassword, EWallet, Oubliete, PINS, ZSafe, etc., and other functionalities.
At last, there is a Help Menu with standard options:
a help content, also activated typing the F1 key. It opens the KeePass Help Center (http://keepass.info/help/base/index.html );there is an option to choose to open the KeePass Help Center, or to access the local documentation of the program (it is not updated automatically);you can visit the KeePass Home Page;the KeePass team accepts donations have an option to verify updates;an About option.
A personal method to produce strong passwords
You need to have a strong password to use as the master password, but of course this one can not be stored in the database. So how is possible to generate a strong, easy to remember password if you are a common user?
I have this simple method.
1st. you have to choose a text you know very well. I prefer to use a song. For example, I choose New York, New York, by Frank Sinatra. The first four lines are these:
Start spreading the news, I’m leaving today
I want to be a part of it – New York, New York
These vagabond shoes, are longing to stray
Right through the very heart of it – New York, New York
You have to choose a position to collect the characters. As an example, let’s use the first letter of each word:
It’s easy to see some very interesting things. This is a strong password. It’s huge so it’s hard to crack. It’s easy to remember – you just have to remember the song. It’s secure, as long as you keep this song a secret.
You can easily modify this password to follow some site rules. For example, the password needs to have numbers. Just add the amount of words of each sentence in its end:
Of course I choose a long text to produce my password. You can choose other songs, other rules, and other password sizes.
KeePass Password Safe is a very interesting tool for any Internet user. As a security expert, I know that one of the principal security problems the Internet users can face today is the use of weak passwords. This utility has some special procedures to help the users with this problem. It can generate strong passwords, they can be different from each other, and they can be easily accessed for any site. The databases are password protected, so you need to remember just one password to access all your passwords. The program can remember you to change a password after some time. The process is very easy, and the new passwords are stored in the same way the old ones.
KeePass Password Safe is a very good option for all users to increase their security in the navigation of all Web sites that needs registration.
I will produce another tutorial about KeePass soon, including some advanced options.