Using a local password manager app such as KeyPassXC, and some general strategies to secure your
passwords in one app:
- Guard your password database both physically and digitally. If someone gains access to the
locked file, they still need to know the password, but should anyone gain access, they will have free
reign of your digital life. Having a good strong master password, and storing the file on a removable
device (USB drive, SD cards, etc) kept in secure locations are good practices to avoid the worst case
scenario. When not in use, remove the media and keep with you or lock it up to avoid theft. - Always back up your password database. You are putting most of your eggs in one basket here as
mentioned above, so make copies on separate removable media devices and keep in several different
secure places. Consider giving an encrypted USB with a backup to a friend that you trust. (See
‘Encryption Containers’ section for combining encryption strategies with password managers.) Update
them often as you change and add new passwords, setting up a routine may be helpful to remember to
do this. Example, I store a copy in a VeraCrypt container on my daily driver external hard drive, and
keep three separate USB sticks that also have copies of the database, and different physical locations. - Use long character passwords with the typical use of upper case, lower case, number and symbol
combination (using at least one of each.) The longer the password, the more secure, assuming all else
equal. Minimum length should be at least 8 characters, but each additional character will add
significant protection from various common password hacking attacks. A 16 character password is just
as easy to copy/paste as an 8 character, but is exponentially more secure, so think big here! Note that
some sites or apps may require a minimum amount of characters, numbers/symbols, etc, and will also
have a maximum amount allowed, but most will accommodate 16-20 characters at least. Use all four
types of characters: numbers, lower case letters, upper case letters, and symbols. Some apps or sites
may restrict different types or groups of symbols/special characters, this is simply a trial and error
process if a site is not accepting your new password. KeePassXC allows you to easily generate a fresh
unique password with one click. - Never use the same password on different accounts. By using a local password manager, you only
have to remember one password to unlock your database, and then copy/paste the unique password into
the login box for each account. This adds a good layer of security to your accounts, as hackers can use
breach data to quickly attempt known passwords attributed to you on other accounts you own, to
attempt access. Example, you use the same password for Facebook and your Gmail account; if a hacker
gains access to one of the accounts, they can quickly discover the other account with little effort, and
attempt the same or similar passwords, don’t get caught with your pants down by using the same
password, or recycling old passwords, even on different accounts. By using KeePassXC, you can
generate random, strong passwords that are all unique for each account, with no need to memorize
them, as you will simply copy/paste it into the username / password boxes. On rare occasions, you will
encounter specific sites that will not allow a ‘paste’ function to occur, in which case you will need to
manually enter the unique password, but is the exception rather than the rule. - Add the date you updated your database on the KeePassXC file name to help keep track of
things. If you choose to separate and do multiple databases as outlined below in section 6, it is helpful
to name them in a way to easily differentiate them as well. Example, your database for daily/common
use for email and social media could be labeled ‘DAILY DRIVER Database – 13 Nov 2022’ and
another one for less used accounts as ‘Database 2 – 13 Nov 2022’ and continue to change the date as
you update/save them. I frequently will not delete old databases for a while until I’m certain I’ve
updated them properly across all USB sticks. Instead, I will simply save the old one in a folder labeled‘zz.Archived’ and click ‘Save Database as…’ with the updated date. This way, if you accidentally
update entries incorrectly across your USB sticks, you can fall back on older ones to ensure the current
ones are up to date. - You can create and manage as many database files as you want. This can be used to
compartmentalize various accounts. Example, you could have a database file for all of your social
media accounts, a separate one for banking, and so on. They would ideally have different master
passwords, but you may wish to simply use one password for all databases, but keep certain ones
detached from your computer unless in use, such as banking accounts. The stuff you use
daily/continuously, you could store in its own database on your local machine. You could also use
separate databases for different family members to restrict or grant access only to the accounts of your
choosing, or perhaps to help manage alias accounts more easily.
View Screenshots to see what it looks like! CLICK HERE
KeyPassXC:
Download the program for Linux, Windows or macOS here
View the User Guide for detailed instructions and FAQ’s here
The program works across Linux, Windows and macOS, and can be opened on a mobile with a
separate application called KeyPassDX here
