The objective of this post is the following: set a system to ensure strong passwords, which is robust and easy to use.
This solution uses the following:
- Keepass, a password manager
- A cloud space, in this case Dropbox
- Keecloud, the Keepass2 plugin that will link the two above
- Keefox, a firefox plugin for the ease of use
Note on KeepassX
KeepassX was initially a port of Keepass on Linux (Keepass was only available on Windows at the time). Both programs are now cross platform, Keepass relying on Mono, KeepassX on Qt. However the main difference is that (for now) KeepassX does not accept plugins (this is important if you want to use Keefox).
Keepass installation & configuration
I use the most recent version of keepass (“Keepass 2”). Once installed, we can make the following changes to make it easier for a day-to-day use:
Keep in mind that these options are my preference, you need to adjust them according to your security practices. For instance, the delay for closing the database is important, as a too short delay is ennoying (you need to type your password all the time) but also more secure.
In the “interface” tab, I check the following for an easier use
- Close button [X] minimises the main windows instead of terminating the application
- Minimise to tray instead of taskbar
Create a database
Using a “strong” password
There are lot’s of discussions and tutorials on how to generate a strong password. I find that this article from Wired is a very good resource to read to understand the issue.
The TL;DR version of the article boils down to;
- High entropy
- True randomness (a thing at which humans are weak)
- Not using terms already present in “dictionnaries” used for attacks
The conclusion is that a strong password is difficult to remember. Hence why we are using a password manager. This is why I use the password generator from Keepass, with at least 12 characters (alphanumerics, punctuation and specials)
For those passwords that I try to remember, sometimes I use the plugin Pronounceable Password Generator.
Store your database in the cloud
We’ll use Dropbox to store our database in the cloud.
There is the “simple” approach to simply put the database on the synced cloud folder, and to open it from here everytime. However, in this configuration you need to close the database after a change so that it is re-uploaded to the cloud. This can creates conflicts.
The “advanced” approach uses the plugin Keecloud.
- Download Keecloud (the “pglx” file)
- Place it whereever in the Keepass installation folder (I put it in the “Plugin” folder)
- Re-start Keepass
- Open the previous database (or any other database in fact, but by opening the database that you intend to use, you will be able at the end of the process to save the new login/password created – if you don’t save them in the database, you’ll have to type them by hand…)
- Use the “URL credential wizard”:
The wizard connects to the Dropbox account (in your browser). You need to autorise the access:
Once accepted, you can close the wizard.
At the end, the wizard provides the “username” and the “password” needed for Keecloud to access the dropbox drive.
IMPORTANT: Select “save as entry” to keep this information in your keepass database (if this option does not show, it’s because you launched the wizard without opening a database). If you don’t, you’re good to restart the wizard… or to use a pen and some paper!
Open the database with keecloud
Of course we need to have, at hand:
- Your database available in dropbox
- In a text editor, the “credentials” previously created, so to copy/paste them easily.
Then you can “Open > Open URL”:
From the dialoge, you have the following entries:
The parameters are the following
- URL: dropbox://path/to/yourkeepassdatabase.kdbx
- Username: the one created previously
- Password: the one created previously
- Remember: Remember user name and password (unless you want to specify the username/password everytime you open the database…). For clarity: we are here talking about the password used for the link keepass > keecloud > dropbox, not the actual Keepass database password.
Then you need to enter your database password:
And there you are!
For the next time you want to open your database, no need to go through the whole procedure again, use the “open recent” from the file menu:
How to use keepass in Firefox
As previously mentioned, you can use the extension “keefox” (I have not tried with the other alternatives).
There is a good tutorial available on their website (http://tutorial.keefox.org/part1).
Leave a Reply