Password management… cross platform and in the cloud

The objective of this post is the following: set a system to ensure strong passwords, which is robust and easy to use.

This solution uses the following:

  • Keepass, a password manager
  • A cloud space, in this case Dropbox
  • Keecloud, the Keepass2 plugin that will link the two above
  • Keefox, a firefox plugin for the ease of use

Note on KeepassX

KeepassX was initially a port of Keepass on Linux (Keepass was only available on Windows at the time). Both programs are now cross platform, Keepass relying on Mono, KeepassX on Qt. However the main difference is that (for now) KeepassX does not accept plugins (this is important if you want to use Keefox).

Keepass installation & configuration

I use the most recent version of keepass (“Keepass 2”). Once installed, we can make the following changes to make it easier for a day-to-day use:

2016-02-11 12-20-48

Keepass configuration options

Keep in mind that these options are my preference, you need to adjust them according to your security practices. For instance, the delay for closing the database is important, as a too short delay is ennoying (you need to type your password all the time) but also more secure.

In the “interface” tab, I check the following for an easier use

  • Close button [X] minimises the main windows instead of terminating the application
  • Minimise to tray instead of taskbar

Create a database

2016-02-10 18-52-38

Keepass database creation menu

Using a “strong” password

There are lot’s of discussions and tutorials on how to generate a strong password. I find that this article from Wired is a very good resource to read to understand the issue.

The TL;DR version of the article boils down to;

  • High entropy
  • True randomness (a thing at which humans are weak)
  • Not using terms already present in “dictionnaries” used for attacks

The conclusion is that a strong password is difficult to remember. Hence why we are using a password manager. This is why I use the password generator from Keepass, with at least 12 characters (alphanumerics, punctuation and specials)

For those passwords that I try to remember, sometimes I use the plugin Pronounceable Password Generator.

Store your database in the cloud

We’ll use Dropbox to store our database in the cloud.

There is the “simple” approach to simply put the database on the synced cloud folder, and to open it from here everytime. However, in this configuration you need to close the database after a change so that it is re-uploaded to the cloud. This can creates conflicts.

The “advanced” approach uses the plugin Keecloud.

Keecloud plugin

  1. Download Keecloud (the “pglx” file)
  2. Place it whereever in the Keepass installation folder (I put it in the “Plugin” folder)
  3. Re-start Keepass
  4. Open the previous database (or any other database in fact, but by opening the database that you intend to use, you will be able at the end of the process to save the new login/password created – if you don’t save them in the database, you’ll have to type them by hand…)
  5. Use the “URL credential wizard”:
2016-02-10 18-30-37

Keepass & keecloud “URL credential wizard” menu entry

2016-02-10 18-31-00

Keecloud URL credential wizard

The wizard connects to the Dropbox account (in your browser). You need to autorise the access:

2016-02-10 18-31-33

Dropbox notification (browser) that keecloud request access

2016-02-10 18-33-42

Dropbox notification (browser)

 

Once accepted, you can close the wizard.

2016-02-10 18-33-43

Back to the wizard – clic next to finish the configuration

At the end, the wizard provides the “username” and the “password” needed for Keecloud to access the dropbox drive.

2016-02-10 18-36-09

URL credential to save and use to open the database directly from dropbox

IMPORTANT: Select “save as entry” to keep this information in your keepass database (if this option does not show, it’s because you launched the wizard without opening a database). If you don’t, you’re good to restart the wizard… or to use a pen and some paper!

2016-02-10 18-36-32

Keepass database with the newly created URL credentials for keecloud

Open the database with keecloud

Of course we need to have, at hand:

  • Your database available in dropbox
  • In a text editor, the “credentials” previously created, so to copy/paste them easily.

Then you can “Open > Open URL”:

2016-02-10 18-40-37

Open database menu from keepass

From the dialoge, you have the following entries:

  • URL
  • Username
  • Password
  • Remember
2016-02-10 18-43-07

Open from URL menu in keepass

The parameters are the following

  • URL: dropbox://path/to/yourkeepassdatabase.kdbx
  • Username: the one created previously
  • Password: the one created previously
  • Remember: Remember user name and password (unless you want to specify the username/password everytime you open the database…). For clarity: we are here talking about the password used for the link keepass > keecloud > dropbox, not the actual Keepass database password.
2016-02-10 18-43-57

Open URL menu from keepass

Then you need to enter your database password:

2016-02-10 18-42-55

Keepass master key dialog (to open the database)

And there you are!

For the next time you want to open your database, no need to go through the whole procedure again, use the “open recent” from the file menu:

2016-02-10 18-45-15

Open recent menu option in keepass, very usefull !

How to use keepass in Firefox

As previously mentioned, you can use the extension “keefox” (I have not tried with the other alternatives).

There is a good tutorial available on their website (http://tutorial.keefox.org/part1).

 

Leave a Reply