Regain your privacy: pro tip week two
make the most of a password manager
Last week I talked a bit about DNS, the domain name system. It is a very fundamental system that affects your privacy a lot, if you didn't read it yet I really recommend you to check it out. This week I will talk about one of my favourite software tools, the password manager KeepassXC. You know, everytime you sign up for a new account on this or that website, you have to come up with a new username and password.
After a while, especially with those accounts you seldom use, you probably have forgotten your password. The question that repeatedly reaches our support managers is "can you help me figure out my password?". Most browsers and apps offer you to store your password, so you don't have to remember it, which can be problematic when you need to setup that app on a different device later on.
So what do you need to do to solve this once and for all? Read on!
Pro tip week two: make the most of a password manager!
A password manager, like KeepassXC, is a little software tools that helps you to create, organize and safely store all your passwords. When you get accustomed to using such a tool, you will never have to make up, forget or remember a password again.
It works like this: on one hand you have the app, a piece of software that you have to install on your device. KeepassXC works well on Windows/MacOS/Linux, but for Android and iOS the apps can have another name/publisher.
On the other hand you have an encrypted database. You create this database the first time you open the app, and you will have to save it to a storage medium. Since the database is encrypted with a password you can store the database safely on a cloud drive (like Dropbox, or Nextcloud). Personally I prefer to store my passwords on a USB thumb drive attached to my keychain. This way I'm sure there are as little passwords as possible permanently stored on any of my devices.
Install the app
Head over to https://keepassxc.org/download/ to find the appropriate download for your device. Follow the instructions closely and you'll be ready in less than 5 minutes.
Create your secure password database
The steps to create the database you have to execute only once. Then you can add ass many passwords as you like to that database. You are also allowed to create multiple databases for different purposes, that's entirely up to you.
A password database is stored as a file, something like mypasswords.kdbx. When you open KeepassXC the first time you have the choice to create a new database. If you click the button you will be asked to give that database a name (eg, mypasswords) and to set encryption settings (the defaults are fine though). To conclude the creation you will have to set a "master password". This should be easy to remember, yet hard to crack.
To create an easy to remember, hard to crack password my advice would be to come up with a rhyme of several words, something like "I count sheep when I sleep". The fact that it contains upper/lowercase and special characters (the spaces) make up for a pretty decent entropy of 87.5 bit.
When you have decided on your master password it is time to store the file. Choose a location on your system and click save.
Add and organize passwords
Now open your newly created database. You'll see a window with left only a folder "Root". This is the top folder in your password database. Right click the folder root and click New group.
You can name groups (which are represented by folders) to organize different types of passwords
To add a new password to a group, select the folder (like in the screenshot above), and lick the yellow key with green arrow (see screenshot above). It's the 4th icon in the top menu, start counting from left. A window (see screenshot below) will open, to fill out the password entry. There're few fields that need some clarification:
- Title: what's the purpose of the login
- Username: your username for this login
- Password: either the existing password for this login, or create a new one
- Repeat: always repeat the password, to verify that there aren't any typo's
- URL: optionally the url to the specific login page
- Notes: optionally some note(s)
Once you're satisfied click OK to save the password.
Automatically generate a hard to crack password
Say you are adding a new set of credentials and you want to generate the password on the fly. Create a new password entry like above, but instead of typing the password yourself, click the "dice-icon" on the right to the "Repeat" field.
Some extra fields, and a freshly generated password show up. Click the "eye-icon" to view the password. You will also see a colored bar so you can visually assess the strength of your password. You can tweak the length and accepted characters for a new password, next you click Regenerate on the right to have new password suggested with your chosen variables. Click on Accept to continue.
Once you accept the password it will automatically be added to the password and repeat field. Click OK to save the new entry and to go back to the main screen.
Using the passwords on the internet
Now you have all your passwords nice and safe in your encrypted database, you will probably want to know how
you can use them to login to websites and apps.
The oldskool way of doing things is copy pasting the username and password from the database. You don't have to show the password in the clear. Just select the row you need to use and press ctrl+b to copy the username, switch to the screen where you need to add it (like the sign-in window on a website) and press ctrl+v to paste. Then switch back and copy the password with ctrl+c. Then last switch, press ctrl+v to paste the password. Then enter, and you're logged in.
You might read this and think "oh boy, so complex" but in practice this whole procedure comes down to just a few seconds. And if you don't like the copy paste stuff, you can try a browser-extension, for at least Firefox and Chrome you can install such an addon.
Now you are equiped to easily manage your passwords. Make this part of your digital routine and you'll increase your security so much! Check out next week post to learn about your online fingerprint!