KeePassX is an easy-to-use tool that helps you store and manage your various passphrases inside an encrypted database file. This file is encrypted to a master passphrase that you create. KeePassX can also generate strong passphrases for your accounts.
Because this database is encrypted, you can store copies in various places, which makes backup relatively easy. We do not recommend sending your database by email or storing it online where it might be accessed by others, but many KeePassX users keep a copy on their primary computer, a copy on a USB memory stick and a copy on their backup drive.
In the sections that follow, you will learn how to:
Create password database and set a master passphrase
Save your newly created password database
Generate a random password for a particular service or account
Extract passwords from KeePassX when you need them
1.0. Things you should know about KeePassX before you start
If you use KeePassX consistently for a particular account or passphrase, you may not need to remember that passphrase at all. In fact, you never even need to see it. You can simply copy it from KeePassX and paste it into the login or password screen. (KeePassX will wipe it from your clipboard memory when you're done.) Furthermore, the random passphrases that KeePassX generates are typically much stronger than the ones we come up with ourselves.
After launching KeePassX, follow the steps below to create and save a password database.
Figure 1: KeePassX with no database open
Step 1. ClickDatabase and select[New Database] from the KeePassX menu bar.
Figure 2: Creating New Database in the KeePassX menu
Important: Your master passphrase will be used to encrypt your password database. This is how KeePassX protects all of the other passphrases it stores, so it is extremely important that you choose a strong master passphrase and that you not use it anywhere else. Unfortunately, this passphrase must also be memorable. (You obviously can't keep your KeePassX master passphrase inside KeePassX, but writing it down might defeat the purpose of using an encrypted database in the first place. And if you forget it, you will lose access to everything in your database.) So take your time and come up with something strong and memorable. For more advice, see the Create and maintain secure passwords guide.
Figure 3: Choosing a passphrase for your KeePassX password database
Step 2. Choose a strong, memorable master passphrase and type it into the Enter password and Repeat password fields.
Note: If you want to check your master passphrase (assuming nobody else can see your screen), click the button. To hide your passphrase, click the same button again.
Step 3. Click[OK].
Figure 4: A new, empty, unsaved KeePassX password database
Important: As with most electronic documents, you must save your password database after you create it and whenever you update it. Otherwise your changes will be lost. A database that has never been saved will say "New database*" in its title bar. See the figure above for an example. One that has been modified since it was last saved will have an asterisk (*) after the filename in its title bar.
Step 4. ClickDatabase and selectSave database as from the KeePassX menu bar.
Figure 5: Saving a new KeePassX password database for the first time
KeePassX will activate a file browser so you can choose a location for your password database and give it a name.
Figure 6: Choosing a name and location for your password database
Step 5. Navigate to the location where you want to save your database
In this example, we will save our KeePassX database on the Desktop, but you can put it anywhere. If you store it on a USB flash memory stick along with a copy of the KeePassX application, for example, you will be able to access and use your database from other computers. (As long as you trust those computers not to be infected by malware!)
Step 6. Type a filename into the File name box
Tip: In this example, we name our database my-database.kdb, but you can name it anything you like. If you are worried that someone with access to your computer might see this file and demand that you give them your master passphrase, you might want to come up with something less conspicuous. If you add a different three letter "extention" to the end off the filename, for example, your operating system will usually give it a more "normal looking" icon. You could name your password database "Recipes.docx," for example, or "Rental Agreement.pdf". But keep in mind that if you give your password database a name that does not end in ".kdbx", you will not be able to double-click the file to open it in KeePassX. You will have to launch KeePassX first, then open your database using the menu. Luckily, KeePassX remembers the last database you opened, so you won't have to do this often.
Figure 7: Choosing a name and location for your password database
Step 7. Click[Save]
Figure 8: After saving your empty KeePassX database for the first time
Note: The title bar of your password database should no longer say "New database*."
Now that you have saved your KeePassX database, make sure you can find and re-open it using your master passphrase before you start adding entries to it.
Step 8. ClickDatabase and SelectClose database from the KeePassX menu
Figure 9: Closing a KeePassX database
Now find and re-open your KeePassX database using your master password.
Step 9. ClickDatabase and SelectOpen database from the KeePassX menu
Figure 10: Opening a KeePassX database
KeePassX will activate a file browser so you can locate your password database.
Figure 11: Locating your KeePassX database
Step 10. Navigate to the location where you saved your database and click the file.
Step 11. Click[Open]
Figure 12: Entering your master passphrase
Step 12. Type the master passphrase for this KeePassX password database.
Step 13. Click[OK]
Figure 13: Re-opened, empty password database
Tip: If you were unable to open your database because you forgot the master passphrase, you will have to generate a new one. There is no way to recover a lost passphrase.
Follow the steps below to create a new Group. In this example, we will create a group called "Internet".
Step 1. To create a new group entry, click[Groups > Add new group].
Figure 1: Creating a new group entry on KeePassX
Step 2.Type in a name to create a new group entry. KeePassX lets you sort your passwords into pre-defined groups. For example: 'Internet' would be a good place to store passwords that relate to website accounts.
Figure 2: Group entry on KeePassX
Step 3.Click[OK] to create a new KeePassX entry group.
Follow the steps below to create a new entry in your KeePassX password database.
Step 1. Select[Entries > Add new entry].
Figure 1: The KeePassX Password Safe screen with Edit > Add Entry selected
The Add Entry screen allows you to store information about a particular account or passphrase inside your KeePassX database. Most of this information is optional.
Key elements include:
Title: A name to describe this particular entry. For example: ‘Gmail’.
Password: Your passphrase for this account. You can enter a passphrase manually or click the [Gen.] button next to the Repeat field to generate a random passphrase. (See the following section for more about the Password Generator.) You can make your passphrase visible by clicking the button with the button just to the right of the Password field.)
Repeat: Confirm that you have entered the correct passphrase by typing it a second time.
Optional elements include:
Username: The username associated with this entry. For example: "securityinabox".
URL: The website associated with the password entry. For example: "https://mail.google.com".
Expires: You can add a reminder for yourself to change the password at a specific time (every six months, for example) by clicking the Expires box.
Notes: Here you can enter general notes about the entry. Examples might include server configuration information, links to privacy policies, chosen "security questions," etc. Your comments will be encrypted, along with your passwords, when you close the database. While the entry is open, however, your notes will be visible to anyone who can see your screen.
To can change the icon for this entry or to add an attachment (which will be encrypted along with everything else), select the corresponding category in the left-most column.
Note: Creating or modifying the password entries in KeePassX does not change the passwords on your actual account! Think of KeePassX as a secure electronic address book for your passwords. It only stores what you write in it, nothing more.
Figure 2: The KeePassX Add Entry screen
Step 2.Type the relevant information for the account or passphrase you want to store in your KeePassX database.
Note: If you’d like to generate a new, random passphrase for this entry using KeePassX’s Password Generator, see the following section.
Step 3. Click[OK].
Important: Notice the asterisk (*) after New database in the title bar. This means you have made changes to your database but have not yet saved them.
Step 4. Click the button to save your password database.
It is possible to create a strong passphrase yourself, but it is difficult. And it is especially difficult if you expect your passphrase to be memorable. It is much easier to generate long, complex and completely random passphrase that is nearly impossible to remember but guaranteed to be strong. KeePassX provides a Password Generator to help with this process. If you are willing and able to rely on KeePassX every time you need to enter a particular passphrase, you should consider adopting this strategy.
You can generate a random passphrase while creating a new entry or while editing an existing entry. To do so, follow the steps below when you get to the Add entry or Edit entry screens.
To generate random passwords on KeePassX, perform the following steps:
Step 1.Click[Entries > View/Edit entry] if you want to generate a new password for an existing entry. Alternatively, add a new entry and follow the steps below.
Figure 1: Selecting KeePassX options to edit an entry
Step 2.Click the [Gen.] button next to the Repeat box.
Figure 2: KeePassX Edit Entry screen
The KeePassX Password Generator allows you to specify the length of your passphrase and the types of characters from which it will be created. We will stick with the defaults in this example, so our random passphrase will be 16 characters long and will contain upper- and lower-case letters and numbers.
Tip: As long as nobody else can see your screen, you can view the randomly generated passphrase by clicking the button to the right of the second Password box. (The one that contains a hidden passphrase.) Clicking the same button again will hide your passphrase.
Figure 3: Generating a new password on KeePassX
KeePassX will automatically enter the randomly generated passphrase into the Password and Repeat fields. If this entry already contained a passphrase, it will be replaced by the new one when you click OK.
You can edit existing entries to change your password or modify other details. If nothing else, you should change your passwords periodically.
Important: If you rely on KeePassX to record your passphrase for a particular account – rather than memorising it – don't forget to sign in to your account before generating a new passphrase in KeePassX. Otherwise, you might replace the passphrase in your KeePassX entry, save your database, and find that you can no longer sign in to your account. If this happens to you, there is a History screen, for each password entry. (It is shown on the left-hand side of Figure 3, below.) You can use this feature to access previous passphrases for this entry.
To edit an entry, follow the steps below:
Step 1. Click[Entries > View/Edit entry] to edit your KeePassX entry associated to the selected account.
Figure 1: Selecting options to edit a KeePassX entry
Step 2.Edit information associated to your selected KeePassX entry.
Figure 2: Editing a KeePassX entry
With an open entry, you can add new information or edit existing information, including the passphrase. You can also use the [Gen.] button to generate a new, random passphrase. When you are done, you can save your changes by following the steps below.
Step 4.Click the button to save your password database.
Note: Remember that making changes to a KeePassX entry only updates the KeePassX database. It does not automatically update corresponding information elsewhere. If you change an account or login passphrase, you will need to make changes both to the account and to your KeePassX entry.
One of the best features of KeePassX is that it safely stores long, strong passphrases so you do not have to memorize them (or reuse them, which is extremely risky). KeePassX lets you copy your passphrases from the database and paste them directly into relevant password or login screens. (Passphrases copied in this way will only remain in your clipboard for about 10 seconds. So if someone with physical access to your device comes along behind you and tries to paste into an empty document, your passphrases will not be exposed.)
In this example, we’ll sign into a webmail account by copying and pasting a passphrase from our KeePassX entry for the Gmail email service.
Step 1.Right click on the required password entry to activate a drop-down list.
Step 2. Select[Copy password] as follows:
Figure 1: Coping a KeePassX password for a selected entry
Step 3. Go to the related account or site and paste the password into the appropriate field:
Figure 2: A Gmail Account displaying a pasted password
Tip: For efficient copying, pasting and switching windows, use the keyboard shortcuts. Press and hold the Ctrl key, then press C to copy a password. Press and hold the Ctrl key, then press V to paste that password. Press and hold the Alt key, then press the tab key to switch between open programs and windows.
Note: By using KeePassX all the time, you never actually have to see or know what your password is. The copy/paste functions take care of moving it from the database to the required window. If you use the Random Generator feature and then transfer this password to a new email account registration process, you will be using a password that you have never seen in plain view. And it still works!
Leaving your KeePassX password database open is a bit like storing your valuables in a vault and forgetting to close the door. Anyone with access to your computer for a few seconds can duplicate everything in it. So, when you're not actively copying and pasting passphrases, you should close your database. You will have to enter your master passphrase next time you need to lookup an entry, but that's a good thing.
KeePassX includes a few optional settings designed to make this easier, including the ability to lock your database automatically. Follow the steps below to enable this feature and to practice locking your database in a hurry.
Step 1. ClickTools and selectSettings from the KeePassX menu bar, as shown below
Figure 1: Selecting Settings menu
This will activate the Settings screen
Figure 2: The KeePassX Settings screen
Step 2. ClickSecurity from the list of categories on the left
Figure 3: KeePassX Security settings
In this example, we will configure KeePassX to lock automatically after one minute.
Figure 4: Configuring KeePassX to lock automatically
Step 3. Check the Lock database after inactivity of box
Step 4. Type a number of seconds in the field to the right
Tip: Notice you can also change the number of seconds that KeePassX leaves copied passphrases in the clipboard before deleting them. If the default 10 seconds does not feel like enough, you might want to change the value in Clear clipboard to 20 seconds.
Step 5. Click[OK]
You can also lock your password database manually. Follow the steps below to practice saving and locking your database quickly.
Step 6. PressCtrl-S to save your password database. (You can also click the button.)
Step 7. PressCtrl-Llock your password database. (You can also click the button.)
Figure 7: A locked database in KeePassX
To open your database again, follow the steps below.
Figure 5: Opening a locked KeePassX database
Step 8. Type your master passphrase into the Password box.
You should create multiple copies of your password database and try to keep at least one backup that is relatively up-to-date. All of your backup copies will be protected by your master passphrase, so it is generally safe to store them on regular, unencrypted hard drives and USB memory sticks.
To make a backup copy of your password database, follow the steps below:
Step 1. Navigate to your password database
Figure 1: Locating your password database
Step 2. Right-click your password database
Figure 2: Copying your password database
Step 3. SelectCopy
Step 4. Navigate to another location. In this example, we use a USB memory stick.
Figure 3: Finding a location for your backup
Step 5. Right-click in the location you have chosen
Figure 4: Choosing a backup location
Step 6. SelectPaste.
Figure 5: Pasting a backup copy of your password database
Step 7. Right-click the backup copy of your password database.
Figure 6: Renaming your backup copy
Step 8. SelectRename.
Figure 7: Choosing a new name for your backup copy
Step 9. Type a new name for your backup copy so you don't get it confused with your master copy.
Step 10. PressEnter.
Figure 8: A new password database backup
Tip:KeePassX does not automatically update all copies of a database when changes are made. You have to do this manually. It’s a good habit to regularly replace backup copies of your KeePassX database. That way you won’t lose all of your new entries if you misplace your database file.
6.4 Importing a password database from KeePass or older versions of KeePassX
The password database format used in older versions of KeePassX (including version 0.4.3) is no longer maintained. If you have password databases that were created using these versions of KeePassX or KeePass, you should import them into a new version (2.0.2 or newer) of KeePassX and re-save them. To do so, follow the steps below.
In this example, we will assume that you already have an up-to-date password database open in KeePass, but you can also import databases into a fresh installation of KeePassX.
Step 1. ClickDatabase and selectImport KeePass 1 database, as shown below.
Figure 1: Importing an older password database
In this example, we will import a file called "old-database.kdb" located on the Desktop.
Step 2. Navigate to the location of your older password database.
Figure 2: Locating your older KeePass password database
Step 3. Select the password database file.
Step 4. Click[Open].
Step 5. Type the master passphrase for your older password database.
Figure 3: Entering the master passphrase for your older password database
Step 6. Click[OK].
Note: If you already have a database open, KeePassX will open your older database in a second tab
Figure 4: A second, older password database open in a second tab
You can save this database normally and it will be converted to the current KeePassX database format.
Step 7. Click the button to save your older database in the new format.
Figure 5: Saving an up-to-date copy of an older password database
In this example, we are saving our imported password database to the Desktop and naming it "imported-db.kdbx".
Step 8. Navigate to the location where you would like to store a new copy of this password database.
Step 9. Type a filename for your new password database into the File name box.
Figure 6: Choosing a location and a name for your updated password database
Step 10. Click[Save].
Your imported database is now up-to-date and should contain all of the entries it had before. You can access and modify it normally using up-to-date versions of KeePassX and its original master passphrase.
Note: Don't be confused by the filename displayed in the KeePassX title bar or tab. It will reflect the previous name of this password database, even when you are opening an imported, up-to-date file. (Note the "old-database.kdb" in the figure above. In fact, this database is now called "imported-db.kdbx".)
Q: On the outside chance that I forget my master password, is there anything I can do to access retrieve my saved passphrases?
A: Nope. There is nothing you can do in that situation. To prevent this from happening, you could use some of the methods for remembering a password or passphrase that are described in the Create and maintain strong passwords guide.
Q: And if I uninstall KeePassX, what will happen to my passwords?
A: The program will be deleted from your computer, but your database (stored in a .kdbx file) will remain. You can open this file at any time in the future if you install KeePassX again.
Q: I think I accidentally deleted the database file!
A: Hopefully you made a backup beforehand. Make sure you haven't simply forgotten where you stored the file in the first place. Search your computer for a file with a .kdbx extension. If you really have deleted it, and if you act quickly, you may be able to use recovery software to restore the file.