Install KeePass to Generate and Store Secure Passwords

and synchronize them across all of your devices using KPGoogleSync

How secure are your passwords?

 

You probably use email, online banking, and social media like Facebook and Twitter.

Maybe you are in college or work for a company that requires password changes every 90 days, with passwords being required to contain between 8 and 15 characters, and at least one of each of the following:

A capital letter

A lowercase letter

A number

A special character such as !, @, #, or $

Whatever your situation, I'm betting that you have at least two accounts that use the same user name / login and the same password. No judgement, we've all been guilty of it at some point. Many sites use your email address as your login, so it's not difficult to rack up as many as 20 or 30 accounts with the same login. With that many accounts, how do you keep track of all of your passwords? The easy solution? Use the same password, or keep them as close as you can.

The problem is that if you do this, especially with your email and online banking accounts, you're setting yourself up for having your accounts hacked, and possibly having your identity stolen.

The more accounts you have, the higher the chances someone will try to access one without your consent. Good passwords, and varied ones, are absolutely critical to minimizing that risk. That's where KeePass comes in.

Other programs are available, but until very recently none offered the wide range of options or versatility of KeePass.

LastPass, a web based option, has recently made many changes and now offers much of the functionality for free that it required a monthly subscription to use before. It has a more user friendly interface, and may be easier for some users to get used to, so we'll be looking into it and writing a full review and walk-through for that as well.

What you'll need:
*As most users will be using Windows PCs and Android phones, that's what we'll cover here. Separate walk-throughs will be done for Linux PCs, Mac OS X, and iPhone app installations.

1) A Google account. They're free, and if you've got an Android based phone, you have one, along with Gmail and Google Drive.

2) KeePass 2.x is free, includes the functions you need and then some, has a large selection of plugins, and can be downloaded by clicking on the top logo to the right, or below if you're not reading this in a full-screen window. This will open a link to the KeePass download page. Select the upper right option, 'Professional Edition' installer.

3) KPGoogleSync can be downloaded by clicking on the bottom logo to the right, or below if you're not reading this in a full-screen window. This will open a new window and begin a download of the latest version.

Click the following links to skip to the sections of the walk-through or scroll down the page:

Install KeePass and KPGoogleSync
Configure KeePass and KPGoogleSync
Create your passwords
Access your passwords from Android
 

Install KeePass and KPGoogleSync:

Install KeePass and KPGoogleSync:

Once you've downloaded KeePass, install it. Default settings during installation should be fine for most users. Close KeePass if it opens immediately after installation.

Now, let's install KPGoogleSync:

1) Find GoogleSyncPlugin-x.x.x.zip in the folder you downloaded KPGoogleSync to. (-x.x.x is the current version number, eg -3.0.1)

2) Unzip the file by right clicking it and selecting 'Extract All'. Check the box that says 'Show extracted files when complete', then click extract.

 

3) After extraction, a new window will open showing the files. Right click 'GoogleSyncPlugin.plgx' and select 'copy'. Close this window.

4) Find the 'KeePass 2' shortcut on the Desktop. Right click it, and select 'Open file location'.

 

5) Right click in an open area of the KeePass folder window and select paste. 'GoogleSyncPlugin.plgx' should now be in the same folder as 'KeePass.exe'. Close this window.

Now you're ready to continue and configure KeePass and KPGoogleSync.

Scroll down to continue to the next section.


Configure KeePass and KPGoogleSync:

Configure KeePass and KPGoogleSync:

Now, let's configure KeePass and KPGoogleSync:

 

1) Open KeePass, select the 'File' menu, and select 'New'. This will open a window to create your password database.

For ease of access, we suggest creating the database on the desktop, or in a new folder on the desktop. Name the file and/or folder whatever you want, just make sure you'll be able to tell them apart if more than one user will be creating databases for themselves.

2) Next, create the password that you'll use to access your database.

Make it very complex, but easy to remember, and a minimum of 12 characters. If this password isn't strong, it will put your other passwords at risk.

If you're having a hard time coming up with a strong password, such as H0m#r$1MpS0N (Yes, that's Homer Simpson), then pause here and check out our guide on 'Old School Password Creation and Storage' by following this link:

Old School Password Creation and Storage

The link will open a new tab, so you won't lose your place here.

 

3) Once you've entered your password, and repeated it for verification in the appropriate text box, click 'OK'.

4) Enter the database name. Think of it like a nickname or title. It can be the same as the filename, or as simple as your first name.

5) Click the 'Security' Tab. Press the button titled '1 Second Delay'.

The 'Iterations' entry should be well over the 6000 default value.

This helps to make brute force and dictionary based attacks far more trouble than they're worth, which helps keep your data safe, but slows down opening the database by roughly a second with the password, and likely a little more on your mobile devices.

The additional security is worth the extra seconds.

 

6) Click 'OK' to save the database.

7) While we're at the main window, go ahead and delete the sample entries. Right click on each and select 'Delete Entry'.

 

8) Now that those are cleared out, lets create a new one. Right click in the empty area they were in, and select 'Add Entry'.

This will be your entry for KPGoogleSync.

9) In the 'Title' text box, enter KPGoogleSync.

 

10) Enter your Gmail address in the 'User name' text box, eg: somecallmetim@gmail.com

 

11) Enter your password for your Google account in the 'Password' and 'Repeat' text boxes.

 

12) Enter accounts.google.com in the 'URL' text box.

 

13) Click 'OK' to return to the main window.

 

14) Click the 'File' menu and select save.

15) Now click the 'Tools' menu and select 'Options'

16) Under the 'Security' tab, check the boxes next to the following options:

  1. Lock workspace after global user inactivity (set to 300 seconds)
  2. Lock workspace when locking the computer or switching the user
  3. Lock workspace when the computer is about to be suspended

 

17) Click OK to save the changes.

18) Select the Tools menu again, this time holding over 'Google Sync Plugin', and selecting 'Configuration' from the listed options.

 

19) Select your Google Account in the drop down box, and ensure Auto Sync is set to 'Both'. Click OK when finished.

20) Select the Tools menu yet again, holding over 'Google Sync Plugin', and selecting 'Upload to Google Drive' from the listed options.

 

21) A new window will open and prompt you to sign into your Google account to authorize KPGoogleSync. Make certain the correct address is listed, then click Next.

 

22) Enter your Google Account password at the next prompt, and allow Google Sync Plugin (KPGoogleSync) to access your Google Drive.

Now you're ready to continue and start adding accounts and creating passwords.

Scroll down to continue to the next section.


Create your passwords

Create a new entry and random password:

KeePass comes with multiple category entries pre-made in the left pane. Let's use a Netflix account as an example, and create the entry under the 'Internet' category.

1) Select Internet in the left pane, then right click in the open space in the right pane. Select the option 'Add Entry' from the list.

We'll assume that Netflix requires an email address as the login user name and a password at least 8 characters long but no more than 15, with at least one of each of the following:

  1. An uppercase letter
  2. A lowercase letter
  3. A number

 

2) As before, enter the service name, your user name, and the login website respectively in the Title, User name, and URL text boxes, as shown in the sample image.

 

3) To edit the settings for this entry, and the password KeePass creates for it, click the icon that is circled in red in the screenshot next to the Repeat text box, then select 'Open Password Generator'.

As you can see, many options are available for customizing generated passwords based on each site's requirements.

Most sites that ask for special characters as well are referring to the alternate characters of the 1 through 0 keys, which can be enabled by using the 'Special' check box. This enables other characters too, which may not be allowed, so we'll also cover how to exclude characters if a site complains about your passwords.

 

4) Since our example requires no more than 15 characters, we'll need to change the value in 'Length of generated password' to 15. The rest of the default settings are good for this example, so we'll leave them be.

4a) Under the 'Advanced' tab there are options to exclude characters that look alike, such as lowercase l and uppercase I, as well as to exclude and characters that a site complains about, such as ?, :, or ;. If a site requires special characters but gives an error about not using certain characters, this is where you enter them to be excluded.

 

5) Once you've got the settings worked out, or think you do, click OK to save the settings for this entry. If you get errors about certain characters from the site or service, come back and adjust the settings to correct them.

6) Back at your Edit Entry window, click the 'Auto-Type' tab.

Here the settings for Auto-Typing for websites and services are listed, as well as the default keyboard commands sent to make auto-typing work. If you find a site that requires a few extra tab key presses, you can edit that here for the entry. It will not affect other entries, as variations to the standard are unique to the site or service.

7) Enable 'Two channel auto-type obfuscation' by checking the box, which uses the clipboard and copy/paste keyboard commands to enter your user name and password, rather than a direct stream of information.

This prevents all known keyloggers and other types of password sniffers from being able to grab the info.

This should work on all web based services and sites, but if you run into trouble, try disabling this to see if it helps.

Keep it enabled if at all possible.

 

8) Click OK to save the setting, then OK at the Edit Entry window to save the entry.

9) At the main window, press the Save button (the icon that looks like a 3 1/2 floppy disk), or select the File menu and then Save. This will synchronize your changes with the database you've stored in your Google Drive storage, and allows you to access the new entry from your phone, tablet, or another PC once you install and configure the appropriate software.

If you need to change the password in the future, right click on the entry and select 'Edit/View Entry'.

Then click the button next to the Repeat text box, and select '(Derive from previous password)'. This will generate a new password for you without changing the settings.

To view the password in plain text, press the button next to the password text box in the Edit Entry window.

If you've entered the correct web address for the login site, you should now be able to use the auto-type feature.

 

If you've already got the site open and as the active browser tab, right click the entry and select 'Perform Auto-Type'.

 

If you haven't opened the site yet, right click the entry and mouse over the URL(s) option, then select your preferred browser from the list. The (private) listings open up Incognito mode browser windows/tabs, which prevent files being saved locally during your session.

 

If you have trouble with either Auto-Type option, try clicking in the user name text box on the site, then using the Perform Auto-Type option.

Now you're done setting up your Windows PC and ready to get your Android based phone configured for access.

Scroll down to the next section to continue.


Access your passwords from Android

Install Keepass2Android Password Safe:

There are a few options for Android apps to access your KeePass database, but Keepass2Android has consistently been the most stable and fully featured.

 

It can be found easily with a search for the name in the Play Store app on your phone, named (you guessed it) Keepass2Android. The app page looks like the screenshot we've supplied.

1) Once you've got the app installed, open it.

 

2) This screen will always be the opening screen, but since this is the first time we're using it, we need to add a database. Tap the button labeled 'Open file...'

3) The next screen will give you several options about where to open the file from. Select the Google Drive option.

4) Select the Google account that you used to set up KPGoogleSync. If it's not listed, you'll need to add it to the Google accounts on your phone. Tap OK when done.

5) You may be prompted to allow Keepass2Android to access your Google Drive files, like you were on your PC. Allow this, then you should be rewarded with full access to your database on your Android phone, including auto-type functionality, a pop-up keyboard to open this database for password entry, synchronization of new entries you create here, and support for most features available in the PC app.

 

Your database settings are transferred automatically, thought the time out settings for the app are a little different.

You're now ready to use your secure passwords from your PC, tablet, or phone.

We'll do another walk-through soon to cover the features of Keepass2Android in far greater detail.

Posted in Security.

Leave a Reply