Protecting and Archiving usernames & passwords Let s face it we all have too many passwords to remember. However, passwords are our first line of defense against keeping the bad guys out and appropriately restricting access to important resources. The old fashion system of post-it notes under the keyboard no longer works in a world of e-mail, ERP systems and online banking. Can you name one useful resource you use that doesn t require a password?!? Protecting these passwords is paramount to protecting your systems and data. Keeping an encrypted password vault is one method to keep track of your passwords without compromising their security. This document will describe how to use KeePass Password Safe to securely store and manage your passwords. 1. Download and install KeePass on a computer. It can be freely downloaded from http://www.keepass.info/. KeePass Classic doesn t have any perquisites and is highly portable. KeePass Professional is the new and improved but it requires either MS.NET framework 2.0 or higher on windows systems and mono 2.2 or higher on linux or Mac systems. Same encryption protection in both suites, improved bells and whistles in the professional edition. Either one is fine for basic password vaulting. This document will show the Portable KeePass Professional 2.08 edition. Portable means that you don t have to install it you can just copy it to your PC. I recommend keeping it on a USB flash drive so that you can carry your passwords with you. 2. Once installed (of if you re using the portable edition), start the KeePass.exe program, as shown in Figure #1. Figure #1: KeePass Password Safe
3. Before you can start securely storing your passwords you must create a new KeePass database. To create a new database, choose New from the File menu. This will open the Create New Password Database dialog window; KeePass will ask you where you want to store your password database file. If you re using a USB flash drive, store the kdbx file on the drive. Provide a name and press Save, as shown in Figure #2. If you are not using a USB flash drive place the database file where you can easily locate it. Figure #2: Create new password database window 4. The next step is to create a master password. This password will be used to encrypt the database and also to authenticate you as the owner. Until you are more comfortable with password vaulting I would recommend that you only use a master password and leave Key file and Windows user options unselected, as shown in Figure #3. The master password will be the skeleton key, gaining you access to all other stored passwords. It is wise to make this password a phrase, commonly referred to as a passphrase. Rule of thumb for passphrases is longer the better (e.g., The cow jumped over the moon). If KeePass becomes your only place to store passwords you will want to store your master password in a locked file cabinet or some other location, in the event you forget it.
Figure #3: Creating a KeePass master password. 5. Your KeePass database is almost ready to use. The next step in creating a new KeePass database after creating a password allows you to configure the database settings. Until you become more familiar with password vaulting I suggesting going with the predefined defaults. You may give your database a name and description or leave them blank. Press OK to continue as shown in Figure #4.
Figure #4: KeePass database settings 6. Now your KeePass setup is complete and you may start storing passwords (or anything else for that matter). Figure #5. KeePass is like a electronic filing cabinet so you can so securely store documents, images and other items in the database. Figure #5: KeePass Application
7. KeePass by default will have some password categories already created (e.g., General, Windows, Network, and Internet). You can add entries for your passwords in these categories or create your own categories; finally, you can delete all the categories and use a default category. To add a new password entry, right click in the right hand pane of the KeePass application window and select Add Entry. The dialog box in Figure #6 will appear. For basic password vaulting you only need to provide a title (e.g., Comcast Web Mail), a username and the respective password. By default KeePass will randomly generate a password for all new entries; you can delete the created password and enter the password you are currently using for this entry. When completed click OK, this will exit the window and take you back to the main KeePass application window. You may add another password or simply exit KeePass. If you haven t manually saved your changes KeePass will prompt you when you exit the program. Figure #6: Add Password dialog box