Wednesday, December 29, 2010

Keep your passwords safe in Linux with KeePassX

How many passwords do you have to remember? Or how many client passwords do you have to keep hidden away from prying eyes? If you have too many passwords to remember, I always find it best to store those passwords in some form of encrypted tool. Because of the amount of passwords I have to retain I always make sure I have a tool installed on every personal and/work machine I use. One of those tools is KeePassX.

KeePassX is a Linux only (for now) tool that doesn’t just store passwords safely, it stores passwords, usernames, urls, attachments, and comments – all in one convenient, safe location. You can sort your entries in groups and even search KeePassX. In this article I will show you how to install and use KeePassX.

Installing KeePassX is simple. You can follow one of these methods:
  1. Open up your Add/Remove Software tool
  2. Search for “keepassx” (no quotes)
  3. Mark KeePassX for installation
  4. Click Apply to  install the tool
Or, to install via command line:
  1. Open up a terminal window.
  2. su to root (if you are not using a distro with sudo).
  3. Issue the command yum install keepassx (or sudo apt-get install keepassx).
That’s it. The application is now installed. Now you are ready to use.


The first thing you have to do is open up the tool. You will find it in Applications > Accessories. When the tool opens you will find a very simple main window (see Figure 1).
In order to create a store for sensitive information you must first create a new database. To do this either click the New button (far left on the toolbar) or click File > New Database. When you do this you will be asked to set the master key for the database. You can either set a password or use a key file. If you opt for a key file you can either a GPG key file you already have, or you can use KeePassX to generate one for you.
If you want to use a gpg key file (and not a randomly generated one, you can use gpg like so, to extract a key:
gpg –export -a “USERNAME” > KEY_FILE
Where USERNAME is the name of the gpg user and KEY_FILE is the name of the file you want to generate.
Once you have your database created you can then begin to add groups and entries to it. This is quite simple. If this particular database is going to contain client information you might want to create a new group for clients. If you intend to only use one database to house all of your information you could always create two groups:
  • Clients
  • Personal
I would take this even further and add sub-groups to the Clients group, one sub-group for each client.

After you have your groups worked out you can then add entries to them. To add an entry all you need to do is click the Key icon or click Entries > Add New Entry. When the new window pops up you just need to enter the necessary information for the entry.
In the password section you can add a password (and even have it masked) or you can even have KeePassX generate a random password for you. To view the password just click the “eye” icon. The passwords generated by KeePassX are really strong (and impossible to memorize).
If you are using your own passwords, KeePassX will indicate to you how strong they are. For example, one password I use for a particular login was only 88 Bit. Maybe it’s time for me to change that password? You can also set KeePassX to expire particular passwords…reminding you to change them so you are a safer users.
Once you have completed your entry, click the OK button and the entry will be stored. Complete the entire database and click File > Save Database and, if this is the first time you’ve saved this database, KeePassX will ask you to name the database file.
Final thoughts
KeePassX has a lot of features you won’t find in other tools of a similar function. Install this on all the machines you use, share the database file between them, and enjoy not having to strain your memory to remember all that trusted information.

No comments:

Post a Comment