Blog

You are currently viewing Using KeePass Part 2 -storing password entries in your password database

Using KeePass Part 2 -storing password entries in your password database

In the first part of setting up KeePass, I showed how to set up a password database in KeePass and how to integrate this into a cloud storage system. I used Dropbox but you can also use other cloud storage solutions like Google Drive or OneDrive.

In this post, I will show you how to store password information (password entries) in the database, how to generate passwords with KeePass by using a random password generator, and how to use “Auto-Type” when you need to provide a login name and a password when you want to log into an application or website that requires a password. Auto-Type, if used properly, saves an incredible amount of time because it automatically enters your login name and password by pressing a certain combination of keys. 

In addition to that, KeePass has a built-in tool to prevent keylogging software, tracking any patterns when you use it, and I will explain how that works as well. 

Why password managers are important for private use and for use in organizations

Before we are getting to work I just wanted to underscore the importance of a good password manager. A password manager stores your login information for all your websites and encrypts your password database with a master password. The password of your password database is the only password you have to remember. I personally advise using a password manager for private use and a password manager for business use as well. 

When I look at organizations I am truly surprised that only a very small part of them have a selected password manager tool as an integrated part of their cybersecurity policy. On top of extra security, it saves time as well: quite a lot of people forget their passwords now and then, and all the additional actions to retrieve passwords (for instance checking spreadsheet files where people store passwords) or restore lost passwords can be quite time-consuming. In addition, bad password management is one of the top root causes of being a victim of cybercrime. In other words: people giving up passwords unknowingly by writing them down in an unprotected way (on paper, in spreadsheet programs, on personal devices, etc.), telling them quickly to someone because to save time, or making them too easy to guess. 

A good password manager policy can reduce this risk in organizations of all sizes and can limit the spread of passwords: if you set up a policy in which you use a password manager in combination with a random password generator of at least 20 characters, the chance that passwords are written down or shared with others will be very limited.

Storing passwords in KeePass

With my plea to use a password manager for private use and on a corporate level done, it’s time to get to work. After you have opened your password database the first thing you have to do is to click on the database where you would like to store your password entries, for instance, the “internet” database:

After selecting the Database you want to use, go to Entry and then click on Add Entry (CTRL+i) works as well):

After that, you are in the entry file. You begin with the name (I use LinkedIn in this example) and your username (in this example this is user@mail.com). Then, you can copy your current password into the password line. I used 14 characters and at least a punctuation mark, a capital letter, a small letter, and a number. 

It’s a pretty decent password but as you can see it’s not extremely strong and was created by my own imagination. This is why I advise you to reset your passwords and use the KeePass generator to set up a new password: you don’t have to remember it anyway because the software will do the work for you.

Creating a random password and setting up Password Generator Profiles

To randomly create a password, you can click on the “generate password” button (1) and then you will see a list of options (2). This list is a set of generators that are standard included in KeePass. Because I want to show you how to create a generator yourself, press “Open Password Generator” (3):

You will be in the “Settings” tab (1) of the Password Generator now:

First, select the number of characters you want to use (2). I used 20 characters for this example. After that, you can select the character sets you like to use (3): 

When this is done you can move to the “Advanced” tab (1):

On this tab, you can select (2) if you only want to use a character once or more and if you want to exclude look-alike characters. You can also exclude specific characters (3) if you want to, by typing the characters into the box that you want to exclude.

If you want to, you can also go to the Preview tab (1) to see how the random passwords will look like:

After you are done, move back to the tab “Settings” and click on the disk to save your generator:

A box appears, instructing you to create a profile name for the generator that you created. I chose to use a very straightforward name to keep it clear:

After you have saved it, the profile will appear in the selection list (1):

If you want to change your profile you can adjust the settings in all the tabs and after that, pressing the disk: 

When you do this you can select a profile to overwrite with a drop-down menu::

After selecting the profile you want to overwrite click on “OK” and the file is overwritten with the new settings.

Additionally, you can delete the profile by clicking on the cross. You can’t delete the standard profiles that come with KeePass though (the Hex Keys and the Random MAC address):

Feel free to make as many profiles as you like. After you have set up all profiles you can generate a password from the profile you like. To do this, click on the generator (1) and click on the profile after that. Then a random password will be generated with the number of characters that you want and the additional rules you have set up for the profile. Note how strong the randomly generated 20 characters are (148 bits) in comparison with the 14 characters that I made up (56 bits). Personally, I use 30 characters and sometimes even 40 characters to create even bigger randomness throughout all my password files and to give them that extra bit of security (you don’t have to remember them anyway). After that press “OK” to set up your profile:

Selecting a logo for your password entry

After the password has been generated, you might want to change the icon that will appear in front of the title when you save your password entry: 

KeePass has a big selection of icons and it is also possible to import icons (like a LinkedIn logo) so you can immediately recognize to what password it applies. Select the logo you want (1) and then press “OK” (2): 

Auto-Type

Now we get to the true power of KeePass: Auto-Type. Autotype is a functionality that makes it possible to automatically enter the login name and the password by pressing a key combination. More about this combination later. Let’s focus on setting up and explaining Auto-Type for now. First, go to the Auto-Type tab (1):

Make sure that Auto-Type is Enabled and that the selected option is on “Inherit default auto-type sequence from group” (2). Auto-type follows a basic script: {USERNAME}{TAB}{PASSWORD}{ENTER}. It copies what you normally do when you want to log in to an application or on a password-protected website (like LinkedIn). This is what the script does: enter a username, then tab to move to the password box, enter the password, and after that press enter. These are the same actions you normally do manually when you want to log into an app or password-protected website.

Some sites are set up differently which means that you can’t use the standard script and will have to set up a different script. This is done by selecting the “Override default sequence” (3). For instance, you might have to do a tab first, enter a username, wait for a second, tab again and enter the password. The script would then be {TAB}{USERNAME}{DELAY 1000}{TAB}{PASSWORD}{ENTER}. 

The last box in Auto-Type is “Two-channel auto-type Obfuscation” (4) and I always put this option on. This is because it prevents keylogging software (in case you are infected without knowing), to track any patterns. Auto-Type will enter your username and password but after that, it reverses steps so that keylogging software can’t make any sense out of it. 

After you have gone through all the steps in Auto-Type, you can press “OK” (5) to finalize the password entry section.

Save!

After clicking “OK” your overview should look like the below screenshot. Now make sure to save your password database with your updated password entry. By pressing “OK” your file is visible in your password database but your updated database is still not saved. This is something you really should not forget. When you close the database you get a reminder when items are not saved yet but I would not let it get that far. It’s better to teach yourself the routine of saving your database every time you change or add password details:

Changing account password details and replacing them with KeePass generated passwords

If you want to change your password with the one that you generated and saved in KeePass (I would always advise you to do so), first go to the account details of your application or website (for instance your LinkedIn account details) and set up a password change. After you have set up everything, go to the password file in KeePass of the account you want to change by pressing with the right mouse key on the line. By selecting “Copy Password” and then by pasting the password in the password box of your account. This way you change the old password for the password that was generated in the database by the random key generator. After that, save your password and you should be good to go:

The options menu

The last item I want to discuss is the options menu. In this menu, you can make all kinds of changes to the setup of your password database but for now, I will limit this to two items: the overview of the Auto-Type quick keys and an option to optimize Auto-Type so it is usable for most applications/websites.

To get into the options menu, go to “Tools” (1) and then to “Options” (2):

When you click on the tab “Integration” you can see the command keys of Auto-Type. These keys are the combinations you can use for running Auto-Type:

When you go to LinkedIn and prest Ctrl+Alt+A, the login name and after that, the password will be automatically entered into the login credentials. 

Now click on “Advanced” and go to the Auto-Type section. Here you want to enable a few boxes: 

Boxes two and three in the Auto-Type section improve the chance that Auto-Type works on a website. Always put them on. To have the maximum result, do this in combination with a browser plugin you can install in your browser. I advise installing the plugin: “URL in title”. This is available for Firefox and Chrome:

This plugin makes it very easy for KeePass to read the title URL and automatically matches it with the right password entry in your password database. 

In addition, make sure to select the last option in Auto-Type: “Always show global auto-type entry selection dialog”. This is handy in case you use two accounts for one website because it then will let you choose which password entry Auto-Type needs to use when logging into a site by pressing Ctrl+Alt+A:

It can also be handy in case Auto-Type is not 100% certain about which password file belongs to which website. Sometimes it happens that two password files pop up and you can choose the right one. If you select this option, Auto-Type might choose the wrong line and this would and in the wrong login + password.

Extra tips: 

  • When the script is not working properly, but you have a login box and a password box below, just put the cursor into the login box and press Ctrl+Alt+A. Most of the time this works.
  • If Auto-Key is really not working, you can enter the correct login and password manually. The easiest way to do this is to right-click on the password entry in your database. Then first select “Copy User Name” and paste it in the User Login box. After that select “Copy Password” and paste it into the Password box.

Final thoughts

This post was completely focused on KeePass. I know that I am biased by selecting KeePass only and by not suggesting any other password managers. The reason for this is that I like the philosophy of decentralization, open-sourcing. I also like the sharing of knowledge with other people so if you want to use a different password manager. There are a lot of password managers (both free, semi-free, and subscription-based) and Google can support you in selecting the password manager that is suited best to you. 

If you have trouble setting up KeePass or if you have questions about the program, don’t hesitate to contact me: I would love to give you support in this journey to set up KeePass as your password manager.

If you want to keep in the loop when I upload a new post, don’t forget to subscribe to receive a notification by e-mail.   

Tags: , , , , ,

Gijs Groenland

I live in San Diego, USA together with my wife, son, and daughter. I work as Chief Financial and Information Officer (CFIO) at a mid-sized company.

Leave a Reply