Keepass

This is another tool I can recommend after having used it for several years. Keepass is a free, open source, cross-platform password management utility. I’ll highlight how and why I use it in this post. The version I’m using is 2.28 (october 8, 2014).

Why am I using it?
I tend to have a large number of accounts I need to keep track off. For instance when shopping online for a product I have no qualms about making another account just to buy that product at the best shop / best price. This means I now have 400+ Keepass entries (since March 2009). Keeping track of all those accounts and all those passwords is a nightmare unless you have a password management tool (and using a single password or a sequence of similar passwords is not secure). So I needed a password management tool and went looking for one.

Keepass became that tool for the following reasons:
1) It’s off-line; I didn’t want all my account information in a third-party online password vault.
2) It’s cross-platform; I wanted to be able to use it also on all my other devices. Note: It’s also highly portable, I carried it around on a USB stick for a while (not any more).
3) It is open source and seemed and seems to have a nice choice of security features. I’m explicitly mentioning open source here as I feel that’s an essential feature for such a tool (as it can be scrutinized for back-doors / flaws by anyone).
4) Plugins. It’s a big plus for me if a tool is extendable and has a plugin directory. It allows the tool to remain lean and still allow the users to add all kinds of features that they specifically are interested in. Do note that using a plugin is a big security risk.
5) It’s free. I almost forgot this reason, but that definitely was a consideration.

Since then I’ve upgraded regularly, to the 2.x line (which has more features), and have never had any reason to consider switching.

Tips & Tricks
– I’d highly recommend at least using the master password option as it’s not secure without that. You can also use a key file, but that will increase the difficulty of use (if done correctly) by a large amount. You can also setup two factor authentication with a plugin (which I haven’t tried).
– To use Keepass cross-platform easily, I’d recommend using a file hosting service like Dropbox (or whatever service you prefer). That way you can keep your key file synchronized to all devices (if you favorite a file in Dropbox it will also sync to mobile android devices). Security is not an issue as the file that’s being synchronized is the encrypted file. Android client.
– You don’t need to limit yourself to just account information. I also store serials, IP addresses and other reference information which I want to keep secure. It’s all in the same spot.
– Check out the plugins. Right now I only use one for backup purposes, but there are a number you may find useful (for instance integrating it with Chrome or Firefox).
– Use the automatically generated passwords (and take a minute to check out how that works).