KeePass for Beginners

Passwords are often the only thing standing between a hacker and your online accounts. This guide will introduce you to using KeePass to create strong, unique passwords. As a bonus, we’ll show how password managers can also help you save time when filling out login screens and online forms. It’s an easy way to make browsing the web easier, faster, and more secure.

Why it’s a good idea to use unique passwords
I don’t think I need to convince anyone that passwords are annoying. It’s hard to remember them, so everyone uses the same password for all of their accounts. You know this, I know this. But hackers also know this.

If you use the same password everywhere, a hacker only needs to get your password once in order to break into many of your online accounts. And it seems like every week, we hear about a massive new password breach. (As I write this, Yahoo just announced that passwords for 500 million Yahoo users were breached in 2014.) Imagine if an attacker used your single, easy-to-remember password to access your health care records, your home address, credit card numbers, or your social security number. To minimize the damage from a breach, you should use unique passwords on each account. But it can be a challenge to remember each password.

Enter password managers
Password managers make it easy to remember a single password, and still have long, unique passwords on all of your accounts. How is this possible? You use just one password to unlock your secure password “vault.” From your vault, you can quickly fill out login forms on all of your devices.

A few password managers are usually recommended by security specialists, including LastPass, KeePass, and 1Password. I’ve previously written guides on 1Password or LastPass. This time we focus on KeePass.

KeePass

KeePass is a free and open source password manager. The official build of KeePass is for Windows. In practice, KeePass it isn’t really one application — it’s more of an ecosystem of compatible software created by open source developers. It’s got some great security options not seen elsewhere, and can be found on most platforms and browsers. KeePass isn’t quite as pretty as 1Password or LastPass and requires a bit more work, but it does its job well.

Get KeePass for all of the devices you want to use
KeePass can be downloaded for most operating systems and mobile devices. Download it for the devices you want to use.

Windows users: Download the “professional version” of KeePass here.
Mac & Linux users: Download KeePassX here.

Android users, consider KeePassDroid.
Apple users consider MiniKeePass.

Create your KeePass database
After you’ve installed KeePass, open it up on your computer. The very first thing we’ll do is create our password vault, or a password database. Click “Database” > “New Database.”

Next, we’ll create our Master Password that unlocks your password database. This is the only password that you need to remember. It needs to be a *really* good one, so no one can guess it. Consider using a long password with upper and lower cased letters, numbers, and symbols. Alternatively, use a passphrase — a phrase that only you will remember. Unusual passphrases can help to make them more memorable. The ex-NSA whistleblower Edward Snowden brought up an example: “Margaret Thatcher is 110% sexy.” It’s long, has upper and lower cased letters, numbers, symbols, and spaces. And it’s hard to forget.

After choosing your master password, we need to make a decision: do you want to use a key file?

A key file is an additional file that will be required, along with the password, to unlock your database. This can be a very powerful defense if a remote hacker manages to get access to your database. Key files can be inconvenient, because you will regularly be asked to find your key file before you can access your passwords. If you create a key file, be careful to keep it in a safe place where you can access it on each device.

Save your database somewhere convenient, because we’re going to want to find it so that we can have it automatically update on all of your devices. When you open the database in your desktop application it will look something like this.

Sync across devices
If you want to sync your passwords across all of your devices, you will need to put your password database on a service, such as Google Drive or Dropbox. You will need to download the applications on all of the devices you want to use.

Sign up and download Google Drive here.
Sign up and download Dropbox here.

Log into your app on all of the devices you want to use. Find and open the folder for your new sync app. By default, those are found here:

Google Drive
Windows: C:/Users/username/Google Drive
Mac: /Users/username/Google Drive
Linux: /Users/username/Google Drive

Dropbox
Windows: C:/Users/username/Dropbox
Mac: /Users/username/Dropbox
Linux: /Users/username/Dropbox

Move the database over to the sync application of your choice. It will update across all of your devices automatically. Don’t forget to have your mobile device use the new location for your database as well.

Plug KeePass into your browser
You can manually copy and paste logins from your password database into your online forms, but browser extensions would allow you to fill out forms automatically.

CKP for Google Chrome
KeeFox for Firefox
KeeForm for Firefox and Internet Explorer

You can find more browser integrations here.

Because KeePass represents a large ecosystem of applications, each is slightly different, but the idea behind each browser extension is similar. Let’s walk through one example using CKP for Google Chrome.

We need to import our database so the browser extension will recognize it. Click on the icon in your browser, usually next to your search bar. Go to “click here” to access your settings page, and then click on “KeePass Databases.” You can use whichever sync tool you like. (Normally it will ask you to log into the service.)

If you have key files, you can add them from the same menu.

The next time you click on the browser extension, it will ask you to choose your password file and log in. Select your database, type in your master password and select your key file.

Once your browser extensions are installed, you can use shortcuts to automatically open KeePass or auto-fill login credentials. You can auto-fill using this keyboard shortcut in your browser.

Windows users: Ctrl-shift-space
Mac users: Command-shift-space
Linux users: Ctrl-shift-space

Begin adding logins to your database
Click the icon with the key highlighted in green. Under “Title” at the top, give the website a label, and then enter the login credentials for the website. Notice that you can also generate passwords from this page. KeePass will create a random password using whatever length and characters you like. Don’t forget to hit “Accept” after you’re done generating a password.

At the bottom, enter the URL for the website you want to access. After you’re done, click “OK” at the bottom.

After you’re done adding an entry, you need to save your database by clicking the disk icon at the top left. After you save, KeePass will automatically update your password database in your browser.

From now on, you can automatically fill out websites you’ve added to your database by simply clicking “autofill.”

Changing passwords
You can use KeePass to save your existing passwords and automatically fill them out. But the real benefit of KeePass is to allow you to generate long, randomized passwords that you don’t need to remember. Consider changing passwords on the websites you visit most often, and updating them in KeePass. Be sure to use the application to randomize your passwords when possible.

The main downsides of KeePass
Unlike 1Password or LastPass, KeePass does not offer to automatically update or add your credentials in your database. You need to do it manually, which can be tiresome.

Once you’ve set up KeePass, it can also be very annoying to log in without it (e.g., if you want to log in on your friend’s computer). If you know you’re going to frequently use a password on a computer that does not have your KeePass information, you may want to commit the password to memory rather than randomizing it.

You’re caught up!
Now you’re caught up with KeePass. I hope this has been helpful! If you have any questions, feel free to reach out here, or on Twitter at @mshelton. I’ve also written two separate guides on 1Password and LastPass, for those who are looking for alternatives.


Edit: Removed a couple of confusing typos.

Last updated December 21 2016.