KeePass Password Management Study 2021

CurtisChan
·
·
IPFS
·
An Exploration on Electronic Storage of Account Information and Related Concepts
Apple Keychain App icon

Every time you sign up for a shopping privilege membership, subscribe to a new video streaming service, etc., you need somewhere to keep track of your account information. Technology companies such as Google and Apple provide their password managers in their browsers, or even integrate them directly into the system, allowing users to fill in their login information with one click. I used 1Password all the way before, and I also tried to use LassPass in the middle, but because the former is about to be converted into a subscription service instead of a one-time buyout , I also studied moving my password library because of this opportunity.

KeePass is my current password manager. In addition to being free and open source, the selling point is that I think it gives you the right to choose. With the same encrypted password library file, individuals can choose apps provided by other trusted developers to open and revise, and they can also choose the location where the records are stored.

The KeePass official website looks a bit like the style of the last century, but it has the characteristics of winning open source (GPL v2). You can open the password log file ( *.kdbx ) by finding the corresponding application for your device's operating system from the official recommended download list .

There are at least four choices of apps that work (and look good) on macOS. Once any application has created a password file, you can start creating an entry! KeeePassium is shown below, and other software is basically the same.

The basic establishment of KeePassium "Login Name", "Password", "Domain" is very intuitive to fill in. You can fine-tune or ignore the icons according to your personal preferences. If a certain website or service requires some special fields, for example, if a big cat bank does not open TouchID/Face ID to use the service, it requires two passwords, plus multiple security questions and answers to authenticate, or some readers It is necessary to additionally record the encrypted currency address and 12-digit login characters, etc., it can be solved by adding "custom fields"!

In addition to passwords, it can also store ID numbers, credit card CVVs, Chinese and English addresses, software authorization/registration codes, and phone IMEI serial numbers , to name a few. Some people have also opened another database on the Internet to store electronic versions of ID photos and confidential PDFs.

Click the "+" sign in the upper right corner of KeePassium to add "Field Name" and "Field Content". When you want to enter the app, first use "***" to cover up the confidential information, and click the button to display it. Some apps provide a random password generation function, and a stronger password can be created with one click. The image below shows, from left, KeePassium and StrongBox on iOS, both of which have macOS and iOS versions. There are also apps available on tvOS that allow you to organize your personal password library in 4K on your TV! ?

MacPass and KeePassXC on Mac, the interface is relatively simple, users can find their favorite apps by themselves

Could someone say that it would be dangerous to put all the passwords together? Who says you can only create one password log file?

The way to improve security is by creating several cryptographic banks, each with different security levels. It seems to be a general member's information, and I write down a master password in my mind to open it.

And some sensitive content about money can be matched with the "master key file" ( key file ), you can put the file in the cloud space of your choice (WebDAV), I use Google Drive and OneDrive to synchronize, then only me The "key file" is stored locally on the offline hard disk of the phone. Even if I know the master password of my password vault, I cannot open the content without the corresponding "key". This method reduces convenience, but is much more secure than simply using a password.

In addition, if you need to unlock and show the password to untrustworthy people or organizations in an emergency or when you travel to North Korea, you can also create a plausible password library in advance.

A special case is that a family uses a cloud shared database, but for the time being, my family's passwords and assets are managed by me.

When everything is ready , enable the "Autofill Password" option in the system settings to allow sources from the corresponding password management application. Next time, there will be prompts on the keyboard where you want to log in to automatically fill in the login information. If it is not supported, you can still jump to the app to copy and paste it, but be careful that some software will record the contents of the clipboard without consent.


▲ Use automatic password filling on the Nike Hong Kong website to log in to the website

▼ Some wallets view the contents of the clipboard (clipboard transparency)


Some more complex features, such as two-factor authentication ( 2FA ) one-time password function OTP (wikipedia) , label classification, auto-expiration (disposable account used to get samples) , encryption method, field referencing, restricted usage Third-party keyboards, plug-in plug-ins, etc. are left to readers to go to Google to understand. The KeePass password file also supports additional files: individual records can be added with photos and stored in the database together.

▲ KeePass iPhone version one-click copy one-time password

The above are the Apple ecosystem, of course, both Linux and Android users can have KeePass applications. I use KeePassDX on the backup phone, and the following shows its interface (the app does not allow screenshots, so I use the camera to shoot directly).

The only thing to pay attention to, if you make revisions on the mobile terminal, do not make any changes to the password database in other places/devices in the short term, or temporarily use the "read-only" mode to view the content, otherwise there may be conflicts and you have to manually Handle/merge duplicate records issue. Make sure that the password database is up to date/synchronized before revision, and it is basically no problem to use it~

Try to use a random password generated by the software, and each account has a meaningless username as an account, and everything can be handed over to the app. The password library is backed up online and offline at multiple terminals, and the head only needs to remember the master password , just like the Swiss KBA key, one key can unlock all the doors of the whole building. I regularly keep the password vault at home on an offline finger every month, and backup it on my computer and the cloud every week; I also make a full backup before I know there will be major changes.


Random password generated password can also be used for username actually. If it is not required by law, or is only used for simple membership registration (such as members of Qi Kaixin Restaurant, Blue Max Circle, Pinyin Express, major shopping malls, etc.), most of the information in the entire account is best to be fictitious or simply generalized. Or each account has a different name, I am Tom C for website A, and Peter C for website B.

For rarely used passwords I will annotate with some additional keywords ( attributes ) or the reason for the creation. In the future, simply click the magnifying glass icon to search. Sometimes too many categories are more troublesome and time consuming. I used to record the account information every time I received it. It would be very troublesome to find out the invitation code and membership number when I needed it.

Finally, there is a special method that you remember part of your password, and the other part is only known to you. After using the auto-fill function, add the missing parts manually. For example, the complete password is " abcdef ", write down abc in the password library, fill in automatically and then add def . There are more password/privacy ideas in the related articles below.

It is best to manage your own data yourself. If you use the built-in password management function of Safari or Chrome, you may accidentally reveal your personal habits when you borrow your computer or phone. And these tools can only log account information with a prominent login page. Some more specific content may not be able to fully encrypt the record.

CC BY-NC-ND 2.0

Like my work? Don't forget to support and clap, let me know that you are with me on the road of creation. Keep this enthusiasm together!