Secure your passwords and personal data with KeePassX
Secret Stash
KeePassX is an open source personal data management tool that lets you keep your passwords, URLs, attachments, and peace of mind
I am an avid Internet user, and as soon as I hear of a new website or an Internet-based service, I head over to the site to experience it firsthand. Almost all the websites need some kind of authentication before they let me use their services. The problem is, I personally find it very difficult to remember passwords, and with the increasingly common news of data and identity theft, I am scared to save passwords in browsers. Writing passwords down is out of question. Another possible way out is to use the same password everywhere – which is again a very unsafe option.
Online security has become a huge concern among Internet users today. News of some website being hacked fails to even surprise anymore. Although websites are doing whatever they can to keep user data safe, end users also have a role to play in ensuring security and privacy online. One important step is to use strong passwords for all the different Internet accounts. The other task is to manage passwords in a discrete and efficient way – don't just write them on Post-it notes and leave them around your workspace. Unfortunately, strong, unique passwords are difficult to memorize, which creates the need for some kind of efficient, secure means for tracking and managing authentication information
KeePassX [1] is a personal data management tool that helps you store your user IDs, passwords, email attachments, and comments all in a single secure database. This database is encrypted and is accessible only when you enter the correct key. KeePassX also helps you generate strong passwords.
The KeePassX personal data management tool (Figure 1), which was originally called KeePass/L (L for Linux), started as a Linux port of a Windows password manager tool called KeePass Password Safe. KeePass/L gradually grew beyond its Linux roots and became a fully cross-platform application, with support for both Windows and Mac OS), and the name officially changed to KeePassX in March 2006.
Installing KeePassX
For this article, I will assume you are using Ubuntu 14.04 as the host system, but the steps are similar for other systems. On Ubuntu you can use the apt-get
command to install KeePassX (Figure 2). Just type
sudo apt-get install keepassx
or find KeePassX with your GUI-based package management tool.
If you are using a system that doesn't have an available package, you can still install KeePassX from source code. Download the source tarball from the project website, extract the archive with tar
, and change to the created folder:
tar xzvf keepassx-<version>.tar.gz cd keepassx-<version>
Now, enter the qmake
command and compile using make
. Finally, install using make install
.
Getting Started
The easiest way to launch KeePassX in Ubuntu is via the search feature.
The first step is to create a database file. The KeePassX database file, which has a .kdb
extension, holds the personal information you want to store in KeePassX. The KeePassX window shows two options: you can either create a fresh database or open an old KeePassX database (you'll need the password to open it). If you are creating a new database, you'll need to create the password (Figure 3). KeePassX then instantly creates a new database file and opens it for editing.
KeePassX lets you organize personal data from different online accounts into groups. Groups provide a logical separation for your data and make it easier to manage many accounts. Two groups are available by default: Internet and eMail. You can add or delete groups as necessary, and nested groups are supported.
User data is saved as entries in groups, and each entry contains a bundle of data associated with a specific account, including a username, password, URL, and more. To add an entry, click on the group in which you'd like the entry to be added and then click the Add New Entry button. A new form opens (Figure 4). The next time you want to log in to the account, you can refer to KeePassX for login information, plus any comments you might have left for later reference.
As you can see in Figure 4, a KeePassX entry can also refer to an attachment. The attachment file is also stored in the database and can only be downloaded from the entry.
Also, you can set up entries in KeePassX with expiry dates. Expired passwords are easily spotted in the entry detail view. It is good practice to set expiry dates for your passwords even if the website doesn't enforce them. Setting an expiry date ensures that your account's exposure to misuse is limited.
Add the necessary details in the Add New Entry dialog and click OK. You have now saved your first entry in KeePassX.
Password Generator
Password policies are enforced by websites to make sure users have strong passwords, but they can sometimes be very irritating. KeePassX lets you generate passwords easily with its own password generator. You can configure the password generator so that the passwords conform to specific password policies.
Select Extras | Password Generator from the top menubar, or you can reach the password generator by clicking on the Gen button in the New Entry dialog (refer to Figure 4).
The KeePassX password generator (Figure 5) has three tabs: Random, Pronounceable, and Custom. The Random tab lets you select character groups to include in the password, and you can even make sure the new password has characters from every group you have selected. The Pronounceable tab is almost the same as random, with the obvious difference that passwords generated here can be pronounced. (Although you are not supposed to go around pronouncing your password out loud, a pronounceable password typically contains words or word fragments that make it easier to remember and thus is less likely to be written down than a random password.) The Custom tab lets you generate passwords from the set of characters you enter.
Figure 5 shows the tab for generating a random password. Below the tabs, you can see the Options section. You can set the password length using Length field. On the right of the Length field is the Quality indicator bar, which shows the strength of password that will be generated based on current settings. Note the quality level changes when you add/remove character groups or change the password length.
The Enable entropy collection checkbox allows you to add entropy to the seed used for generating the password. (See the box titled "Entropy.") Add entropy by moving the mouse pointer as randomly as you can. If you disable Collect only once per session, KeePassX will prompt you to add entropy whenever you want to generate a password.
Entropy
In physics, entropy means randomness or uncertainty. In information science, entropy is a measure of randomness in data. The more random your password is, the more difficult it is to crack. Lets see how all this works in KeePassX context.
The password generator in KeePassX uses a random number generator implemented within software. Software-based generators can only produce pseudo-random (PRNG) results. The generator starts with a seed, and, if the seed is well known, anyone with knowledge of the PRNG algorithm can derive the same values. A seed with high entropy is difficult to regenerate.
Computers use several ways to add entropy to the seed pool. For example, most Unix-like operating systems provide a /dev/random
and /dev/urandom
device. These devices extract random bits to build encryption keys, one-time session keys, and seeds for probability outcomes. These devices hold entropy. In /dev/random
, for example, environmental "noise" is gathered from the user, through mouse movements, disk usage, and other activities, then thrown into an entropy pool.
Click the Generate button, and a new password appears in the New Password text box. Click the eye icon to the left of the Generate button to see the new password.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Systemd Fixes Bug While Facing New Challenger in GNU Shepherd
The systemd developers have fixed a really nasty bug amid the release of the new GNU Shepherd init system.
-
AlmaLinux 10.0 Beta Released
The AlmaLinux OS Foundation has announced the availability of AlmaLinux 10.0 Beta ("Purple Lion") for all supported devices with significant changes.
-
Gnome 47.2 Now Available
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.