Getting started with KeePass, the open source password manager

Unless you have an elephant’s memory or a very reduced online activity, the use of a password manager is now a necessity. If you don’t trust cloud offerings like Lastpass or Dashlane, your eye is bound to fall on KeePass, a free and open source password manager. Its code has even been audited by the European Commission. But compared to cloud offers, KeePass is a bit more complex to use. Here are the first steps to get started.

Install the software

The official version of KeePass is Windows software available from keepass.info. We strongly recommend that you upgrade to version 2.x, which has a lot more features. It is available in two variants: To install for PC installation, and Portable for launching from a USB key (see the point “Using your database on the move or in a company” below).

The installation on a PC is done in a few clicks. By default, the software is in English. You have to download the French language pack, unzip it and copy the “French.lgnx” file to the folder “Program Files KeePass Password Safe 2 Languages”. Then, just select the French language in the menu “View -> Change language”. And here you are in Molière mode.

Create your password base

You must first go to “File-> New…” and define a name for the new KDBX file which will contain your password base. Then the most important thing is to define the master key. Rather than using a random password, it is advisable to create a long sentence consisting of four or five randomly chosen words. It will be easier to remember for an equivalent level of security. This is important because you will be using this phrase all the time to access passwords. The use of numbers and special characters can quickly become overwhelming in this context.

The software then offers you to print a rescue sheet which is nothing more than a form in which you can enter your passphrase by hand. This sheet of paper will allow you to regain access to the database even if you forget the main key. It must be stored in a perfectly secure place.

If you already have a password database, it is possible to import it while preserving the tree structure and the existing fields. Just go in “File -> Import”. The software then offers dozens of different formats, depending on the origin of the data: Lastpass, Dashlane, 1Password, Mozilla, etc. Beforehand, it will obviously be necessary to generate the file in question from the system used.

Use autofill

Once you have all your passwords, you can complete the login forms by simply copying and pasting with the mouse. All you have to do is double-click on the “Username” or “Password” fields to put the corresponding data in the clipboard. But let’s be honest, this way of doing things is a bit of a pain. This is why KeePass has an automatic entry function.

In this case, the identifiers are sent to the form as if they came from the keyboard. To use it, you must first open the site’s login page and click in the username field. Then, you have to open KeePass, right-click on the corresponding identifier and choose “Perform automatic entry”. The fields then fill up as if by magic.

This technique can be adapted to any site by means of a macro programming language which allows the combination of keystrokes. By default, KeePass offers the {USERNAME} {TAB} {PASSWORD} {ENTER} sequence, which corresponds to most sites where we see on the same page the fields for the name of the user and the password. past.

But for some sites you need to make changes. On Google.com, for example, the user must first enter their username and validate, which takes them to a second page to enter the password. The sequence that goes well in this case is therefore: {USERNAME} {ENTER} {DELAY 1000} {PASSWORD} {ENTER}. In fact, a slight delay of one second (1000 ms) must be added here to give the browser time to load the second page before being able to insert the password.

Those who want even more convenience can use the plugin KeePassHttp which automatically transmits identifiers to browser extensions such as chromeIPass. To install the plugin, just download the KeePassHttp.plgx file and copy it to the directory “Program Files KeePass Password Safe 2 Plugins”. At the chromeIPass extension, click on “Connect”. You are then invited to enter, in the KeePass software, a connection key that you can define freely. From there, the extension will automatically recognize the sites associated with the identifiers and pass them to the form, provided you give it permission. Unfortunately, forms are not always recognized. It is therefore less efficient than the automatic entry offered by KeePass.

Save and synchronize your passwords

As with all important data, you should make regular backups of your KDBX file. If you already have a backup procedure for the position used, the union minimum is guaranteed. But nothing prevents you from copying the file to other backup media, or even to the cloud. Either way, the database data is encrypted and no one can access it.

KeePass also allows you to load and save a password file from a remote server using the FTP, HTTP or WebDAV protocol. But let’s be honest, not everyone has a web or FTP server. Fortunately, it is possible to do the same with cloud services, thanks to the plugin KeeAnywhere. This interconnects with Amazon, Box, Dropbox, Google and OneDrive among others. The advantage is that you will always have an up-to-date version of your password base available, no matter which PC you are using. Access is configured from the menu “Tools -> KeeAnywhere Settings”.

Use your database on the go or in a company

When on the move, two solutions are available to you. The first is the KeePass Portable version which allows access to the manager from a USB key. Installation is super easy: just copy the program to the storage medium, and that’s it. KeePass Portable can also be a good solution in companies that do not allow software to be installed on workstations.

On the smartphone side, you have to choose an unofficial solution since the “Downloads” section from the keepass.info site. There are quite a few apps, both on Android and iOS, and they are all compatible with KDBX files. MiniKeePass on iPhone, for example, perfectly fulfills its role of password manager.

What about Linux and macOS users?

If you are on macOS or Linux, it is possible to use the official version of KeePass, provided you have previously installed Mono, a compatibility layer with Microsoft .NET. The interface and the functionalities are then identical. You can also opt for an unofficial version, directly compatible with your operating system. As with the mobile versions, you are spoiled for choice. The software Keeweb seemed like a good alternative to us, even if it is not as rich in function.

To download

KeePass Password Safe Installer 2.x
KeePass Password Safe Portable 2.x