Sunday, December 17, 2017


I've written about KeePass several times in the past but it's been a while and I've made a couple of improvements.

A recent article in Sophos' Naked Security blog inspired me to update my use of KeePass.

Naked Security's summary of KeePass was:
KeePass is an open-source password manager that does all the things you’d expect a password manager to do at the very least – it stores all websites and service credentials in a highly-encrypted vault that can only be unlocked with one Master Password, which becomes the only password you need to remember.

There actually are 2 versions of KeePass. I've been using it so long that I started on version 1. Both versions are actively being maintained. There's nothing that I have wanted to do that version 1 doesn't do so I'm staying on that for now.


KeePass runs as a portable app. I have it on a USB drive that I keep on my keychain.

I also have it in a folder on my Dropbox including the active database. These are identical copies. I install on the USB drive and copy to the Dropbox folder.

On each of my PCs and laptops I have a shortcut on my desktop that points to the Dropbox instance of KeePass and opens the database read-only.

Don't worry about the security of the database. The KeePass database is AES 256 encrypted.


When I intend to update the KeePass database I run it from the USB drive. 

When I exit KeePass with changes to the database, I have an DB_Backup plug-in that makes a backup of the database and invokes a BAT file. This BAT file copies the new database from the USB drive to the KeePass Dropbox folder on that PC or laptop. A few more details on this BAT file are here.

This accomplishes 2 objectives. First it backs up the database in case the USB drive is lost or damaged. Second it provides access to the database to my other PCs and laptops via Dropbox.

While I haven't dug into KeePass version 2 I understand that this cloud (in my case Dropbox) capability is built into the base product.


While KeePass isn't as integrated as LastPass or Google's Smart Lock, it does let you specify which URLs are related to a KeePass entry.

For example, the following is my entry for xmarks:

This tells KeePass to use this user name and password when invoked on a URL that begins with "Xmarks - ".

In "Tools" is a wizard that helps you build the Auto Type selection. You just choose the target window from a drop-down list. Incidentally since KeePass is using the window name you can also use this feature for non-browser logins.

There is also a feature that will generate random passwords for you.

You can specify your own key sequence to invoke KeePass login. I use the left Ctrl key and the / key. Just place your cursor in the user name field and press your key sequence. KeePass will type the user name and password into the target window. There are simple script-like commands to tell KeePass when to tab, press Enter, etc.


On Android I use KeePassDroid and on iOS I use KeePass Touch.


I also use KeePass as an address book. KeePass allows you to create various folders in its database. I have one called "Names and Addresses."

No comments: