Sunday, December 4, 2016

Steps to Set Up KeePass

Scope of this Post

The following instructions are for how to set up the KeePass password manager on your Windows PCs, iPhones, and Android devices.  This post also covers the one-time process of creating a password database and putting it in Google Drive.

If you are hoping to use KeePass on Linux or MacOS, I haven't done it myself, but you might have success using KeePassX, KeePassXC, or one of the KeePass packages that has made it into Mac OS X and several Linux distribution software repositories.  See this page for download options.  Also, there's the option of running KeePass under Mono on your MacOSX/Linux system.

If you use the following steps, you'll be able to access your always-up-to-date password database from all of your devices that you've installed KeePass on.

This post assumes you are comfortable using KeePass Plugins and also browser plugins which make using KeePass extremely convenient.  Future posts will cover if you want to be paranoid and trust only KeePass itself and Google.

The most notable links, folder locations, and component names are bolded.

Note that the version of KeePass we'll be using is KeePass2, so don't be afraid when folders or apps talk about KeePass2.



Installing KeePass Program and KeePass Plugins on Your Windows PC


You do these steps for each Windows PC where you will want to use KeePass.
  • We want to put the KeePass program on our PC.
    • Go to the KeePass downloads page and download the latest "professional edition" installer.  Do not worry; "professional edition" does not require any money or registering.
    • Run the installer; this installs the KeePass program on your computer.
  • We want to install the KeeAnywhere plugin for KeePass so that the KeePass program can directly open and modify password databases on Google Drive.
    • Choose to download the latest .plgx file from this KeeAnywhere page.
    • Place the .plgx file in the KeePass plugins folder on your computer.  That folder is probably C:\Program Files (x86)\KeePass Password Safe 2\Plugins
    • If the KeeAnywhere link above is no longer valid, check the KeePass plugins page for KeeAnywhere, or your "backup and synchronization" plugin of choice.
  • You might also want to install an icon downloader plugin, which makes it easy to add icons to your entries.





One-Time Process of Creating a Password Database File and Putting it Google Drive


You'll probably only use one database file, and you only need to do these steps once per database file.
  • Create a new database file locally on your PC.
    • In KeePass, create a new database by going to Main Menu → File → New...
    • The file name and location you choose is not important, because soon we'll be uploading the file to Google Drive and then deleting the local copy.
    • In the "Create Composite Master Key" window...
      • You only need to provide a master password.
      • Do try to set the master password to a good password.  I suggest six random words from the Diceware word list (word list pdf).  It's okay for a password to be only lower-case letters if it is long enough (and random enough, but let's talk about that later)
      • Clicking the ellipsis button ("•••") will make the master password visible so you can check it.
      • It is okay to write down your master password on a slip of paper in your wallet.
      • You can always change your master password later.
      • Press "OK" once you've put in a master password.
    • In the new "Create New Database - Step 2" window...
      • General tab...
        • You can leave name and description blank.
        • Might be useful to fill in default user name
      • Security tab: to make the database harder to crack, click the "1 second delay" text to increase the number of key transformation rounds (and thus increase the security of your password database).
      • Advanced tab: uncheck the "limit number of history items per entry" option
      • Press "OK"
    • Do a save (Main Menu → File → Save; Ctrl+S; click the floppy icon).
    • The database (.kdbx file) has been created locally on your computer.  Close the database in KeePass (Main Menu → File → Close).
  • Put the database file in Google Drive
    • Go to Google Drive and upload the database.  The exact location is not important.
      • You can drag-and-drop from Windows File Explorer to the My Drive section of the web page.
      • Or, on the Google Drive page, you can right-click and use the "upload files" option.
    • In Google Drive, right-click on the database file, and choose to rename it to something like this: YourName.kdbx.kdbx
      • The ".kdbx.kdbx" is not a mistake.  Currently there is an issue with the iPhone Google Drive app where a single ".kdbx" makes things not work.  If you ever want to access your database from an iPhone, use ".kdbx.kdbx".
    • In Windows File Explorer, delete the local database file that is on your computer.  We don't want to later get confused about which database file we're accessing.
  • Be sure to remember/record your Google password outside of your password database.  If all your devices are
  • Increase the security of your Google account by enabling 2FA.
    • If you already have 2FA enabled, then good job.
    • If you do not have 2FA enabled (or don't know if you have 2FA enabled), then you can start the process here, and there are some help/faq pages.



Getting KeePass to Use the Password Database on Google Drive

You do these steps for each Windows PC where you will want to use KeePass.
  • In KeePass, go to Main Menu → Tools → KeeAnywhere Settings...
  • If a "Donate to KeeAnywhere" window appears, select "Don't Show this message again" and then press the "Close" button.
  • In the KeeAnywhere Settings window...
    • Go to the "Add..." dropdown and select Google Drive.
    • Log in to your Google account.
    • Press "OK" in the KeeAnywhere Settings window.
  • In KeePass main window, do a Main Menu → File → Open → Open from Cloud Drive
  • Select the appropriate account from drop-down at top, and then select your database file, and press okay.



Getting PC's Firefox Browser to Use Your Password Database

Note: I find the KeeFox add-on for Firefox to give a better experience than the existing Chrome extensions.
  • Install KeeFox from the KeeFox website.
  • I will later update with more details...
    • You get a new Firefox tab that has KeeFox instructions which you should follow
    • You probably have to close KeePass for a bit, launch KeePass, fill in some verification code, then you’re great.



Getting PC's Chrome Browser to Use Your Password Database

You do these steps for each Windows PC where you want to have Chrome browser use your password database to auto-fill username and password fields.
  • Install Chrome extension "CKP - KeePass integration for Chrome"
    • In Chrome, click the ellipsis button in top right of browser window
    • In the menu, select "Settings"
    • In Settings tab, select "Extensions" at top left
    • In Extensions list tab, scroll to the bottom and select "Get more extensions"
    • In the search text field, type "KeePass" and press enter
    • Click the "add to chrome" button for "CKP - KeePass integration for Chrome"
  • Configure Chrome extension
    • Click the icon, login to google, and select the password database file in google drive; you can choose to have the browser remember this.
    • Once you give permissions to the extension to auto-fill credentials for a site, it will automatically fill them in the future (as long as the extension has the database open).
    • Note that this extension directly gives you read-access to your password database on Google Drive independently of the KeePass program.



Installing and Using KeePass App on Android

  • On your Android device, go to Google Play Store and install KeePass2Android.
  • To open your password database, you can:
    • Launch KeePass2Android, “open file”, “google drive”, and select your kdbx file on google drive
    • OR, go to google drive (in the google drive app or web browser), then select your kdbx file, then choose to “open with” KeePass2Android.



Installing and Using KeePass App on iPhone

  • Make sure the database file on google drive ends in “.kdbx.kbdx”
  • On your iPhone, go to the App Store and install MiniKeePass
  • If you have Google Drive app on your iPhone...
    • go to the Google Drive App
    • select the database file
    • choose MiniKeePass from the “Open With” options
  • Alternatively, I believe you can use the web-browser-interface of Google Drive
    • Go to drive.google.com in your browser
    • Navigate to the database file and select it
    • Choose MiniKeePass from the “open with” options
    • If that doesn’t work, try another browser (you probably have Safari and Chrome on your iPhone).



Some Very Brief Notes on Using KeePass

Usually you can have your browser auto-fill usernames and passwords from the password database, but if you ever need that stuff outside the browser, or one webpage is not working well, then you can use these KeePass keyboard shortcuts to quickly copy credential information (once you've selected/highlighted an entry)…
  • Ctrl+b to copy the username to the clipboard.
  • Ctrl+c to copy the password to the clipboard.
  • Ctrl+v for the delicious Auto-Type feature (for a demo, see 5:18 mark of the youtube video discussed below)

Note: for passwords for your various accounts, use the password generator and I would suggest at least 16 chars using at least lowercase letters and digits, which would be strong but fairly quick to type.

For further details on KeePass, see the online KeePass documentation.

There's also some youtube videos on setting up and using KeePass.  For instance, this video starts out with installing KeePass to a USB drive (which is different from what this post helps with) but also covers...
  • 2:15 mark: creating a password database file
  • 3:36 mark: password generation and creating entries
  • 5:18 mark: using KeePass to Auto-Type both username and password into your browser (note that Firefox and Chrome extensions have even more convenient and quick ways of entering credentials)
  • 5:50 mark: If you fill in the URL entry, KeePass can launch that webpage in your browser (also double-clicking on an entry's URL column launches the page in your default browser)


Commercial Password Managers That Are Alternatives to KeePass

In case you instead want a password manager made by a commercial entity, I'll list some of the major ones.

Often, commercially-supported password managers will have a free version for use on one device, but if you want to be able to sync across multiple devices, you'll have to pay.  You might want to check out the details of several commercial password managers before choosing one.
It might also be possible to get around the sync shortcomings of some of the free versions by using the Google Drive Application to sync a local folder with a Google Drive folder.

No comments:

Post a Comment