For Keepass DB sychronization, I have been using Dropbox (www.getdropbox.com) to sync my DB and then using Keepass as normal (works fine with KeepassX as well).

ian320

I use 1Password on the Mac, but would like to use a cross-platform solution so I can use it on Windows to. Does KeePass work as well with Firefox as 1Password does? I love how easy it is to save and input passwords with 1Password.

monkeyboy

Hey Adam, what a great article! Thank you very much for that!

Squirrel

I've started using KeePass and I did feel a sense of relief knowing that I only have to remember one master password for my list of logins which seems to grow daily. My favorite feature is using KeePass to generate a long, very strong password that I would never remember, and just hit CTRL-ALT-A to log directly into the site.

rlew

I've been happily using KeePass for a while now, but have always had one main complaint - no smooth integration for Firefox, like KeeForm does for IE.

Does anyone have any ideas on how to add the ability to automatically scan a website and automatically fill in any relevant input fields in Firefox, the way KeeForm does for IE?

USBman

Yeah I second ian on that one. KeePass works beautifully with Live Mesh to sync between systems.

NickBall

@ian320: Of course, I don't know why I didn't think of that. Since all you need to sync is one file, you can use any of the many file sync applications available and just sync your KeePass database file. Thanks for the wake-up call; updating the post.

Adam Pash

All I want from KeyPass that the author refuses to grant is the option (doesn't have to be turned on by default) to automatically save the database after adding a new entry, as opposed to having to manually save everytime. It's a database for goodness sakes. Though computer crashes are very very rare, if you add passwords and forget to save, you could lose them if the program hangs (which admittedly has never happened to me) or the computer hangs (which has happened to me).

jayp01

@ian320: I'm using the same thing. Works like a charm in both Win and OSX.

Leandro Ardissone

I love Keepass, but I can't seem to get the global keystroke working for some reason. It's definitely enabled.

jonheller

Hi, I have a newbie question:

I use Firefox Password Manager to manage all of my password (with a master password). I use it on my windows PC and I am very happy with it.

From your experience why should I move to KeePass? what was the killer feature that triggered you to move from FF to KeePass?

Thanks!!

djmikmik

Thanks for the info, Adam. I was not aware of some of these plug-ins. I never thought to use Dropbox, but I was already backing up the passwords and uploading the using the Gmail Space Firefox plugin...same idea, different method.

@djmikmik: For starters, Firefox only remembers your Web passwords. With KeePass you can save other software passwords (MS Money, Quicken, etc.) or any other personal information that you are likely to forget at some point, like your banking PIN number or spouses social security number. There is also a portable version of KeePass, so you can use it on any PC, even if it doesn't have Firefox installed. (Of course, you could also use Portable Firefox, too.)

eeefresh

So, do I understand it correctly that everytime I sign up for a website (using Firefox) I have to fill it in in Keepass afterwards? Or export my passwords every once and a while?

Tchami

that hostname extension keeps taking me to a french (?) page and google can't translate it.

any links to an English version?

ken

Very nice article Adam! ^__^ I will definitely be getting some of these extensions installed. Thanks! ^__^

Asian Angel

@Ken

It's noot French but I am pretty sure that it is Gaelic which I don't understand. However, I was able to download & install. The only catch is that it's an experimental tool so you have to log in first, after that ignore the words just click the normal buttons.

Dave61

I recently moved over to using KeePass as a password manager after years of storing them in my head. I'm really enjoying it, especially the auto-type feature. Although I wish auto-type was designed better, ie. using a URL instead of the page title. I can understand why it was done this way though, since it is not exclusively for web logins.

I've slowly been migrating my passwords over to more secure auto-generated ones, but I do feel a bit hesitant if anything ever has to happen to KeePass. I know I can backup my passwords DB online, but I don't like the idea of having all my passwords online, even if it is encrypted. Anyone else feel the same?

LoneWolf008

Really useful tips, Adam. Thanks! One thing about the On-Screen Keyboard plugin. It says that you can choose the onscreen keyboard that comes with Windows. I would not do that. The onscreen keyboard in Windows is easily keylogged because it sends keystrokes through a path that's monitored by almost all software keyloggers. The plugin also has a built-in onscreen keyboard. I don't know if it's any better, but if the developer wasn't aware of the issues with the Windows onscreen keyboard, I would hesitate to put too much trust into it also. Anyway, just a heads up so folks won't get a false sense of security or any bad surprises.

qzwang

@jayp01: Yes, that is the one feature I would love to have as well. Otherwise, Keepass Portable might be the most useful piece of software I use. Instead of a few crappy passwords I reuse and often can't remember, I have strong passwords unique to every important site which I never have to remember. Best of all I have it with me at all times on a USB drive, and since it's not integrated with Firefox or any other application I don't have to worry about exposing my passwords inadvertently by letting someone use my PC - one of Keepass's cool features is an automatic workspace lock after a user-defined period of inactivity, which I set to low value.

brownie

I a m still waiting for the sync plug-in. I am little scare of using the alpha so i will wait.

ChambrasWeed

Seconding the statement about the the on-screen keyboard not working. This will in no way make it anymore secure. Just a royal pain. Otherwise, good article.

techhead89

Link to US Hostname Extension: [addons.mozilla.org]

token1

Also, if you have a Blackberry:

[sourceforge.net]

You can sync to your BB.

holdemm

As far as backups, where is a good place to backup too?

Currently, I have my KeePass locked inside a TrueCrypt container. I wouldn't want a backup that isn't also in a TC volume, but I wouldn't want to open two volumes to work on one operation.

Hmm...

Red_Flag

@jayp01: There *is* an auto-save feature in the options for KeePass. I was just editing the options the other day and was pleasantly surprised to see it in there. It will save your database any time the database locks.

The only thing that scares me is that Lifehacker would advocate using plugins for an application that is so security-centric. Plugins don't just add functionality, they also increase the security footprint of the application, making it harder to ensure it's security. Think of it this way: I have to trust one software author to run Keepass with no extensions. I have to trust not only the author of Keepass, but the author of every extension I load if I choose to run it with extensions. For me, that's too risky. The same is true in the browser. I'm sure I'm not the only one with a fair amount of money behind some of those logins!

drsmith

The article reminds me of why I love LH--the good old in-depth useful type of information to help calm our fears of forgetting or having something of high value stolen. The sync . . . yes, good idea, but won't work in LD--most of the sites are blocked under "web storage."

rainbowsky

Wicked article Adam, this is great!

iniquitor

i've always used a text file in a password-enabled zip file. not only do i have passwords, but i have addresses, numbers, and any important info i need. i can easily find anything i need.

is it worth using a dedicated program like keepass? somehow i'm weary of trusting a free program for this purpose, even if it's open source (do you trust the people who are even capable of verifying it's safety?)

xlax

@xlax: "i've always used a text file in a password-enabled zip file. not only do i have passwords, but i have addresses, numbers, and any important info i need"

I would definitely not keep passwords in a txt file "locked" in a zip file. Zip or other compression types are easily crackable and is a false sense of security.

Although KeyPass is a great program for many users, I would highly recommend RoboForm I have the Windows Mobile app installed on my Sprint Mogul (aka HTC 6800) and I can login to my RoboForm and view my login and passwords for when I'm away from my computer. I also have the RoboForm2Go on my encrypted flash drive so as long as I have my flash drive, I can securely use RoboForm on any computer... Internet Explorer or Firefox (or even FireFox Portable stored on my flash drive). RoboForm uses advanced technology to bypass keyloggers, so it's actually safer than storing your passwords in your head and typing them on the keyboard. The price is extremely fair, and it's very easy to use, manage and I appreciate their great support.
I HIGHLY RECOMMEND ROBOFORM!

mobilejray

I've not used a password manager yet but I feel I really need to soon. Question: the auto-login feature, does it work with banks? Like Bank of America or Wachovia, etc? Thanks!

JoshuaB

@drsmith:

I had the exact same concerns but the plugins are not required unless you want to export your passwords.

I finally decided to give KeePass a try without using the plugins and ended up changing all my passwords anyway.
I have my database stored in a Truecryp file in my dropbox. This extra layer of security makes me just comfortable enough to give it a try.

token1

@USBMan - am I missing something or was that not what the article is about?

boardtc

is there a way to get KeePass to do more than just webpages?

i currently use Password Manager XP and it has a feature where it can capture contents of almost any text box, i have some desktop applications i use for work that it would be nice if this worked for

my password manager xp is getting older and doesn't work with firefox 3 and does not work well with all applications (aim) and i am looking to replace it

create

I keep my keepass database file in my Live Mesh folder. Works well.

Meurs

There is a pretty cool (and free) on-screen keyboard here: [www.lakefolks.org] it is far superior to the windows keyboard.

Also I really like dasher (works on OSX and Windows) for on-screen input:
[www.inference.phy.cam.ac.uk]

Also I am biased, but [myVidoop.com] is better than KeePass and Roboform and Passpack... :)

kfox

@kfox: I didn't realize "myVidoop" was a KeePass plugin ;p

Robert H

I've been living with Keepass for a year and I can't imagine life without it, to be honest. And now this! I didn't think it would actually get better!

I'd never used the Auto-Type shortcut, but hey I live and I learn. Thanks Adam, you've hit the nail on the head once again.

And the heads-up for on-screen keyboard keyboard gives me the willies. I'll give it a miss. Thanks for that.

For me backup is to my portable version with Synctoy and my laptop database is in Docs, so every standard backup gets it too. I'm happy, and with my ever so funky 25+ key master password I'm sleeping well.

A nice function that's not often mentioned is the ability to attach a doc/pdf to an entry and thereby keep very it secure and portable. Scan your passport mainpage / attach Outlook csv / address book / .... well, the options are endless.

I would just jump at some Firefox sauce.

mranybody

@boardtc: I think you are missing something. ...either that, or it's me.

Regradless, it still stands that I don't know how to make KeePass directly auto-fill entry fields in Firefox. Using KeeForm, I believe this is possible with IE, but not Firefox.

USBman

I just "installed" the portable version in a folder on Dropbox I share with coworkers. Have one DB for work stuff we all need to access and will be moving my personal DB to a non-shared folder.

mcnee

Personally, the only one on here that I'd find useful is the backup tool (mostly because I'm logging into various apps in various server windows, not anything browser based), but I just keep my database file saved in my My Docs folder. That is set to be backed up using winzip's command line add-on and a simple batch file run using Scheduled Tasks.

Batch files are an incredibly powerful automation tool, especially when used together with Scheduled Tasks.

harrellj

@Everyone-who's-syncing-their-db-remotely

I would highly recommend using the Key File + Master Password functionality and carrying the key file around with you on a usb-drive. While that can/does make it possible you're going to be locked out of your file if you lose your key-file (I would have a cd-backup of THAT somewhere), it decreases the risk of someone intercepting your file in transit during synch and/or gaining access to your file in storage. Anyone who can do that, is not going to have a terribly hard time capturing your password... but they would have a harder time gaining an encryption key you only carry on your person.

@xlax - There's no reason you *can't* keep addresses, numbers, or any other text type data in KeePass. It's a database, with a decent search feature. The search returns matches for data entered in the "Notes" field... so you can (and I do) store all kinds of things in there besides passwords.

webnesto

Can you use Keepass to store the additional questions that bank often ask as part of the login process (eg your favorite food)?

SheelaAgamemnon

@LoneWolf008: Agree about backing up passwords to an unknown/how-long-will-they-exist ONLINE site. Sure of the encryption algorithm they use? :)

What could happen to Keypass? I use the db backup plug-in to save the database to another location (as in different drive). I also have a copy of portable keypass and database on a usb drive.

Another possibility is to use file->export to export the database to txt, xml, csv file (whatever), and secure that copy with true crypt.

Another plugin I like is the remove duplicate entries - makes it easy to merge databases and clean up (import, then remove).

11bravo

I have been happy to use Kp for a while now, but have always had one main complaint There is no integration for Firefox and thanks for article adam

Techbrain

I tried using KeePassX on my Mac, but couldn't get the hand of it. Haven't tried KeePass on my Vista Ultimate machine yet, but I think I'll give it some thought after reading this article.

SiPhuYoda

Thanks for the article, looks great!

I didn't like the "Hostname in Title Bar" extension too much because it looked a bit ugly, so I knocked together a little Greasemonkey script that will alter the FF title bar depending on the URL (or parts of it). This way, the title in FF is only changed if it needs to be. Works like a charm.

spacebear1981

I use myvidoop (https://myvidoop.com/intro). Firefox plugin. Easy to use and very secure. It's nice that it's web-based, so you don't worry about changing computers and losing all your stored passwords.

SanchayaDeion

About Firefox integration; is there an add-on that isn't experimental that allows you to add the URL to the title bar?

I've used KeePass for a couple of years now and my only complaint is that some Window titles are ambiguous. Never thought of a Firefox add-on fixing this issue, but unfortunately the one listed is experimental :(.

alamarco

I've tried this once. It is not as easy to use and compact as the old Oubliette.

[sourceforge.net]

KeePass is too big and too complex for such a simple task as storing accounts. After all these years Oubliette is still a winner.

markoi

We also highlighted how KeePass can auto-generate strong passwords, one of the major strengths of any password management app worth its salt.

Nice pun.

bluest