KeePassX for Windows - Secure Password Manager

Posted10 August 2016

Table of Contents

...Loading Table of Contents...

    KeePassX is a cross-platform, free and open source (FOSS) password manager that allows you to store all of your passphrases in one secure, portable database.

    Required reading

    What you will get from this guide

    • The ability to save all of your passphrases in one encrypted database
    • The ability to copy and paste those passphrases so you do not have to memorise them
    • The ability to generate completely random passphrases
    • The ability to encrypt notes and files attached to the entries in your password database

    1. Introduction to KeePassX

    KeePassX is a tool that helps you store and manage various passphrases inside an encrypted database file. This file is encrypted to a master passphrase that you create. KeePassX can also generate strong passphrases for your accounts.

    Because this database is encrypted, you can store copies in various places, which makes backup relatively easy. We do not recommend sending your database by email or storing it online where it might be accessed by others, but many KeePassX users keep a copy on their primary computer, a copy on a USB memory stick and a copy on their backup drive.

    In the sections that follow, you will learn how to:

    • Create password database and set a master passphrase
    • Save your newly created password database
    • Generate a random password for a particular service or account
    • Extract passwords from KeePassX when you need them
    • Change your master passphrase

    1.0. Things you should know about KeePassX before you start

    If you use KeePassX consistently for a particular account or passphrase, you may not need to remember that passphrase at all. In fact, you never even need to see it. You can simply copy it from KeePassX and paste it into the login or password screen. (KeePassX will wipe it from your clipboard memory when you're done.) Furthermore, the random passphrases that KeePassX generates are typically much stronger than the ones we come up with ourselves.

    1.1. Other tools like KeePassX

    KeePassX is available for GNU Linux, Windows and Mac OS X. Similar tools include:

    • KeePassDroid: Free and open-source sofware for Android. Its database format is compatible with KeePassX.
    • MiniKeePass: Free and open-source sofware for iPhone. Its database format is compatible with KeePassX.
    • KeePass: Free and open-source software for Windows and GNU/Linux. Its database format is compatible with KeePassX.
    • 1Password: a commercial product available for Mac OS X, Microsoft Windows, iPhone and iPad.

    2. Install KeePassX

    To download and install KeePassX, follow the steps below:

    Step 1. Visit the KeePassX download site: https://www.keepassx.org/downloads

    Figure 1: KeePassX download site

    Step 2. Click [ZIP bundle v2.0.2] under the Windows download section, as shown below:

    Figure 2: KeePassX download file for Windows

    This will activate a download screen.

    Figure 3: Saving KeePassX

    Step 3. Select [Save File]

    Step 4. Click [OK] to start downloading the KeePassX archive.

    When it has finished downloading, find the archive (most likely in your Downloads folder).

    Figure 4: Extracting the KeePassX application folder

    Step 5. Right-click the KeePassX archive and select [Extract All...].

    Figure 5: Selecting a destination for the KeePassX application folder

    Step 6. Click [Browse...] to select a location where you would like to extract the KeePassX application folder

    Figure 6: Selecting a folder to extract the KeePassX file

    Step 7. Navigate to the location where you want to keep your KeePassX application folder and click [Select Folder].

    Figure 7: Extracting the KeePassX file

    Step 8. Click [Extract] to extract the KeePassX application folder

    Figure 8: Extracting the KeePassX file to the selected location

    The KeePassX application folder is now on your computer. To launch KeePassX, navigate into this folder and double-click the application file by following the steps below:

    Figure 9: KeePassX extracted and installed

    Step 10. Double-click the [KeePassX-2.0.2] application folder

    Figure 10: KeePassX application

    Step 11. double-click the KeePassX application file to launch KeePassX

    3. Create and save a new KeePassX database

    After launching KeePassX, follow the steps below to create and save a password database.

    Figure 1: KeePassX with no database open

    Step 1. Click Database and select [New Database] from the KeePassX menu bar.

    Figure 2: Creating New Database in the KeePassX menu

    Important: Your master passphrase will be used to encrypt your password database. This is how KeePassX protects all of the other passphrases it stores, so it is extremely important that you choose a strong master passphrase and that you not use it anywhere else. Unfortunately, this passphrase must also be memorable. (You obviously can't keep your KeePassX master passphrase inside KeePassX, but writing it down might defeat the purpose of using an encrypted database in the first place. And if you forget it, you will lose access to everything in your database.) So take your time and come up with something strong and memorable. For more advice, see the Create and maintain secure passwords guide.

    Figure 3: Choosing a passphrase for your KeePassX password database

    Step 2. Choose a strong, memorable master passphrase and type it into the Enter password and Repeat password fields.

    Note: If you want to check your master passphrase (assuming nobody else can see your screen), click the button. To hide your passphrase, click the same button again.

    Step 3. Click [OK].

    Figure 4: A new, empty, unsaved KeePassX password database

    Important: As with most electronic documents, you must save your password database after you create it and whenever you update it. Otherwise your changes will be lost. A database that has never been saved will say "New database*" in its title bar. See the figure above for an example. One that has been modified since it was last saved will have an asterisk (*) after the filename in its title bar.

    Step 4. Click Database and select Save database as from the KeePassX menu bar.

    Figure 5: Saving a new KeePassX password database for the first time

    KeePassX will activate a file browser so you can choose a location for your password database and give it a name.

    Figure 6: Choosing a name and location for your password database

    Step 5. Navigate to the location where you want to save your database

    In this example, we will save our KeePassX database on the Desktop, but you can put it anywhere. If you store it on a USB flash memory stick along with a copy of the KeePassX application, for example, you will be able to access and use your database from other computers. (As long as you trust those computers not to be infected by malware!)

    Step 6. Type a filename into the File name box

    Tip: In this example, we name our database my-database.kdb, but you can name it anything you like. If you are worried that someone with access to your computer might see this file and demand that you give them your master passphrase, you might want to come up with something less conspicuous. If you add a different three letter "extention" to the end off the filename, for example, your operating system will usually give it a more "normal looking" icon. You could name your password database "Recipes.docx," for example, or "Rental Agreement.pdf". But keep in mind that if you give your password database a name that does not end in ".kdbx", you will not be able to double-click the file to open it in KeePassX. You will have to launch KeePassX first, then open your database using the menu. Luckily, KeePassX remembers the last database you opened, so you won't have to do this often.

    Figure 7: Choosing a name and location for your password database

    Step 7. Click [Save]

    Figure 8: After saving your empty KeePassX database for the first time

    Note: The title bar of your password database should no longer say "New database*."

    Now that you have saved your KeePassX database, make sure you can find and re-open it using your master passphrase before you start adding entries to it.

    Step 8. Click Database and Select Close database from the KeePassX menu

    Figure 9: Closing a KeePassX database

    Now find and re-open your KeePassX database using your master password.

    Step 9. Click Database and Select Open database from the KeePassX menu

    Figure 10: Opening a KeePassX database

    KeePassX will activate a file browser so you can locate your password database.

    Figure 11: Locating your KeePassX database

    Step 10. Navigate to the location where you saved your database and click the file.

    Step 11. Click [Open]

    Figure 12: Entering your master passphrase

    Step 12. Type the master passphrase for this KeePassX password database.

    Step 13. Click [OK]

    Figure 13: Re-opened, empty password database

    Tip: If you were unable to open your database because you forgot the master passphrase, you will have to generate a new one. There is no way to recover a lost passphrase.

    4. Create and manage password entries

    4.1 Create a new group if needed

    Follow the steps below to create a new Group. In this example, we will create a group called "Email".

    Step 1. To create a new group entry, click [Groups > Add new group] from the KeePassX menu.

    Figure 1: Creating a new group in KeePassX

    Step 2. Type the name of your group in the Name box.

    Figure 2: Naming a new group in KeePassX

    Step 3. Click [OK].

    4.2. Create a new password entry

    Follow the steps below to create a new entry in your KeePassX password database.

    Step 1. Make sure the correct Group is selected.

    Figure 1: Selecting a group for your new entry

    Step 2. Click the button.

    Figure 2: The Add Entry screen

    The Add Entry screen allows you to store information about a particular account or passphrase inside your KeePassX database. Most of this information is optional.

    Key elements include:

    • Title: A name to describe this particular entry.
    • Password: Your passphrase for this account. You can enter a passphrase manually or click the [Gen.] button next to the Repeat field to generate a random passphrase. (See the following section for more about the Password Generator.) You can make your passphrase visible by clicking the button with the button just to the right of the Password field.)
    • Repeat: Confirm that you have entered the correct passphrase by typing it a second time.

    Optional elements include:

    • Username: The username associated with this entry.
    • URL: The website associated with the password entry.
    • Expires: You can add a reminder for yourself to change the password at a specific time (every six months, for example) by clicking the Expires box.
    • Notes: Here you can enter general notes about the entry. Examples might include server configuration information, links to privacy policies, chosen "security questions," etc. Your comments will be encrypted, along with your passwords, when you close the database. While the entry is open, however, your notes will be visible to anyone who can see your screen.

    To can change the icon for this entry or to add an attachment (which will be encrypted along with everything else), select the corresponding category in the left-most column.

    Note: Creating or modifying the password entries in KeePassX does not change the passwords on your actual account! Think of KeePassX as a secure electronic address book for your passwords. It only stores what you write in it, nothing more.

    Step 3. Type the relevant information for the account or passphrase you want to store in your KeePassX database.

    Figure 3: Filling out the Add Entriy form

    Note: If you’d like to generate a new, random passphrase for this entry using KeePassX’s Password Generator, see the following section.

    Step 4. Click [OK].

    Figure 4: New entry created

    Important: Notice the asterisk (*) after New database in the title bar. This means you have made changes to your database but have not yet saved them.

    Step 5. Click the button to save your password database.

    4.3 Generating random passphrases

    It is possible to create a strong passphrase yourself, but it is difficult. And it is especially difficult if you expect your passphrase to be memorable. It is much easier to generate long, complex and completely random passphrase that is nearly impossible to remember but guaranteed to be strong. KeePassX provides a Password Generator to help with this process. If you are willing and able to rely on KeePassX every time you need to enter a particular passphrase, you should consider adopting this strategy.

    You can generate a random passphrase while creating a new entry or while editing an existing entry. To do so, follow the steps below when you get to the Add entry or Edit entry screens.

    Figure 1: Editing or creating an entry

    Step 1. Click the [Gen.] button next to the Repeat box.

    Figure 2: The KeePassX Random Password Generator

    The KeePassX Password Generator allows you to specify the length of your passphrase and the types of characters from which it will be created. We will stick with the defaults in this example, so our random passphrase will be 16 characters long and will contain upper-and lower-case letters and numbers.

    Tip: As long as nobody else can see your screen, you can view the randomly generated passphrase by clicking the button to the right of the second Password box. (The one that contains a hidden passphrase.) Clicking the same button again will hide your passphrase.

    Step 2. Click [Accept].

    KeePassX will automatically enter the randomly generated passphrase into the Password and Repeat fields. If this entry already contained a passphrase, it will be replaced by the new one when you click OK.

    Figure 3: A KeePassX entry with a randomly generated passphrase

    Step 3. Click [OK].

    Figure 4: A new or edited entry with a randomly generated passphrase

    Step 4. Save your KeePassX database.

    4.4. Editing an existing password entry

    You can edit existing entries to change your password or modify other details. If nothing else, you should change your passwords periodically.

    Important: If you rely on KeePassX to record your passphrase for a particular account – rather than memorising it – don't forget to sign in to your account before generating a new passphrase in KeePassX. Otherwise, you might replace the passphrase in your KeePassX entry, save your database, and find that you can no longer sign in to your account. If this happens to you, there is a History screen, for each password entry. (It is shown on the left-hand side of Figure 3, below.) You can use this feature to access previous passphrases for this entry.

    To edit an entry, follow the steps below:

    Step 1. Select the group from the list on the left-hand side of the window to see the entries in that group.

    Figure 1: Choosing a group in the main KeePassX database window

    Step 2. Right-click the chosen entry and select View/Edit entry.

    Figure 2: Selecting a KeePassX entry to view or edit

    This will open the selected entry for editing.

    Figure 3: Viewing or editing a KeePassX entry

    With an open entry, you can add new information or edit existing information, including the passphrase. You can also use the [Gen.] button to generate a new, random passphrase. When you are done, you can save your changes by following the steps below.

    Step 3. Click [OK].

    Figure 4: A modified KeePassX entry

    Step 4. Click the button to save your password database.

    Note: Remember that making changes to a KeePassX entry only updates the KeePassX database. It does not automatically update corresponding information elsewhere. If you change an account or login passphrase, you will need to make changes both to the account and to your KeePassX entry.

    5. Use the entries in your KeePassX database

    One of the best features of KeePassX is that it safely stores long, strong passphrases so you do not have to memorize them (or reuse them, which is extremely risky). KeePassX lets you copy your passphrases from the database and paste them directly into relevant password or login screens. (Passphrases copied in this way will only remain in your clipboard for about 10 seconds. So if someone with physical access to your device comes along behind you and tries to paste into an empty document, your passphrases will not be exposed.)

    5.1 Sign into an account using KeePassX

    In this example, we’ll sign into a webmail account by copying and pasting a passphrase from our KeePassX entry for the Riseup email service.

    Step 1. Browse to the login screen of your service provider.

    Figure 1: A Riseup email login screen

    Step 2. Type your username.

    Note: If you entered a Username for this entry in KeePassX, you can copy it to the clipboard with the right-click menu. You can then paste it into the login screen rather than typing it.

    Step 3. Switch to KeePassX.

    Figure 2: Finding the appropriate entry in your KeePassX password database

    Step 4. Click the Group to which your entry belongs.

    Step 5. Right-click the appropriate entry and select Copy password.

    Figure 3: Copying a passphrase using the right-click menu

    Step 6. Switch back to the login screen

    Step 7. Right-click in the password box and select Paste.

    Figure 4: Pasting a passphrase into a login screen

    You should see a (hidden) passphrase appear in the Password box.

    Figure 5: Pasting a passphrase into a login screen

    Step 8. Click [Login].

    Figure 6: Successfully signed in using KeePassX

    Tip: For easier copying, switching between applications and pasting, practice using keyboard shortcuts:

    • Select the Group, Click the entry, press and hold the Ctrl key, then press c to copy your passphrase.
    • Click inside the Password box, Press and hold the Ctrl key, then press V to paste that passphrase.
    • You can use Ctrl-B instead of Ctrl-C to copy a username (instaead of a passphrase) from within KeePassX
    • To switch between open windows quickly, you can Press and hold the Alt key, then press the Tab key

    6. Managing your KeePassX database

    6.1 Lock and close KeePassX

    Leaving your KeePassX password database open is a bit like storing your valuables in a vault and forgetting to close the door. Anyone with access to your computer for a few seconds can duplicate everything in it. So, when you're not actively copying and pasting passphrases, you should close your database. You will have to enter your master passphrase next time you need to lookup an entry, but that's a good thing.

    KeePassX includes a few optional settings designed to make this easier, including the ability to lock your database automatically. Follow the steps below to enable this feature and to practice locking your database in a hurry.

    Step 1. Click Tools and select Settings from the KeePassX menu bar, as shown below

    Figure 1: Selecting Settings menu

    This will activate the Settings screen

    Figure 2: The KeePassX Settings screen

    Step 2. Click Security from the list of categories on the left

    Figure 3: KeePassX Security settings

    In this example, we will configure KeePassX to lock automatically after one minute.

    Figure 4: Configuring KeePassX to lock automatically

    Step 3. Check the Lock database after inactivity of box

    Step 4. Type a number of seconds in the field to the right

    Tip: Notice you can also change the number of seconds that KeePassX leaves copied passphrases in the clipboard before deleting them. If the default 10 seconds does not feel like enough, you might want to change the value in Clear clipboard to 20 seconds.

    Step 5. Click [OK]

    You can also lock your password database manually. Follow the steps below to practice saving and locking your database quickly.

    Step 6. Press Ctrl-S to save your password database. (You can also click the button.)

    Step 7. Press Ctrl-L lock your password database. (You can also click the button.)

    Figure 7: A locked database in KeePassX

    To open your database again, follow the steps below.

    Figure 5: Opening a locked KeePassX database

    Step 8. Type your master passphrase into the Password box.

    Step 9. Click [OK].

    6.2 Back up your KeePassX database

    You should create multiple copies of your password database and try to keep at least one backup that is relatively up-to-date. All of your backup copies will be protected by your master passphrase, so it is generally safe to store them on regular, unencrypted hard drives and USB memory sticks.

    To make a backup copy of your password database, follow the steps below:

    Step 1. Navigate to your password database

    Figure 1: Locating your password database

    Step 2. Right-click your password database

    Figure 2: Copying your password database

    Step 3. Select Copy

    Step 4. Navigate to another location. In this example, we use a USB memory stick.

    Figure 3: Finding a location for your backup

    Step 5. Right-click in the location you have chosen

    Figure 4: Choosing a backup location

    Step 6. Select Paste.

    Figure 5: Pasting a backup copy of your password database

    Step 7. Right-click the backup copy of your password database.

    Figure 6: Renaming your backup copy

    Step 8. Select Rename.

    Figure 7: Choosing a new name for your backup copy

    Step 9. Type a new name for your backup copy so you don't get it confused with your master copy.

    Step 10. Press Enter.

    Figure 8: A new password database backup

    Tip: KeePassX does not automatically update all copies of a database when changes are made. You have to do this manually. It’s a good habit to regularly replace backup copies of your KeePassX database. That way you won’t lose all of your new entries if you misplace your database file.

    6.3. Resetting your master passphrase

    You can change the master passphrase for a KeePassX database any time, and you should do so periodically. To change your master passphrase, follow the steps below.

    Step 1. Click Database and select Change master key from the KeePassX menu bar, as shown below:

    Figure 1: Changing your master passphrase

    This will activate the Change Master Key screen.

    Figure 2: Choosing a new master passphrase

    Step 2. Choose a strong passphrase and type it into the Enter password and Repeat password boxes.

    Step 3. Click [OK].

    Step 4. Click the button to save your database.

    6.4 Importing a password database from KeePass or older versions of KeePassX

    The password database format used in older versions of KeePassX (including version 0.4.3) is no longer maintained. If you have password databases that were created using these versions of KeePassX or KeePass, you should import them into a new version (2.0.2 or newer) of KeePassX and re-save them. To do so, follow the steps below.

    In this example, we will assume that you already have an up-to-date password database open in KeePassX, but you can also import databases into a fresh installation of KeePassX.

    Step 1. Click Database and select Import KeePass 1 database, as shown below.

    Figure 1: Importing an older password database

    In this example, we will import a file called "old-database.kdb" located on the Desktop.

    Step 2. Navigate to the location of your older password database.

    Figure 2: Locating your older KeePass password database

    Step 3. Select the password database file.

    Step 4. Click [Open].

    Step 5. Type the master passphrase for your older password database.

    Figure 3: Entering the master passphrase for your older password database

    Step 6. Click [OK].

    Note: If you already have a database open, KeePassX will open your older database in a second tab

    Figure 4: A second, older password database open in a second tab

    You can save this database normally and it will be converted to the current KeePassX database format.

    Step 7. Click the button to save your older database in the new format.

    Figure 5: Saving an up-to-date copy of an older password database

    In this example, we are saving our imported password database to the Desktop and naming it "imported-db.kdbx".

    Step 8. Navigate to the location where you would like to store a new copy of this password database.

    Step 9. Type a filename for your new password database into the File name box.

    Figure 6: Choosing a location and a name for your updated password database

    Step 10. Click [Save].

    Your imported database is now up-to-date and should contain all of the entries it had before. You can access and modify it normally using up-to-date versions of KeePassX and its original master passphrase.

    Note: Don't be confused by the filename displayed in the KeePassX title bar or tab. It will reflect the previous name of this password database, even when you are opening an imported, up-to-date file. (Note the "old-database.kdb" in the figure above. In fact, this database is now called "imported-db.kdbx".)

    FAQ

    Q: On the outside chance that I forget my master password, is there anything I can do to access retrieve my saved passphrases?

    A: Nope. There is nothing you can do in that situation. To prevent this from happening, you could use some of the methods for remembering a password or passphrase that are described in the Create and maintain strong passwords guide.

    Q: And if I uninstall KeePassX, what will happen to my passwords?

    A: The program will be deleted from your computer, but your database (stored in a .kdbx file) will remain. You can open this file at any time in the future if you install KeePassX again.

    Q: I think I accidentally deleted the database file!

    A: Hopefully you made a backup beforehand. Make sure you haven't simply forgotten where you stored the file in the first place. Search your computer for a file with a .kdbx extension. If you really have deleted it, and if you act quickly, you may be able to use recovery software to restore the file.