KeePassXC Password Manager- Why you need this in your life!

Using a local password manager app such as KeyPassXC, and some general strategies to secure your
passwords in one app:

  1. Guard your password database both physically and digitally. If someone gains access to the
    locked file, they still need to know the password, but should anyone gain access, they will have free
    reign of your digital life. Having a good strong master password, and storing the file on a removable
    device (USB drive, SD cards, etc) kept in secure locations are good practices to avoid the worst case
    scenario. When not in use, remove the media and keep with you or lock it up to avoid theft.
  2. Always back up your password database. You are putting most of your eggs in one basket here as
    mentioned above, so make copies on separate removable media devices and keep in several different
    secure places. Consider giving an encrypted USB with a backup to a friend that you trust. (See
    ‘Encryption Containers’ section for combining encryption strategies with password managers.) Update
    them often as you change and add new passwords, setting up a routine may be helpful to remember to
    do this. Example, I store a copy in a VeraCrypt container on my daily driver external hard drive, and
    keep three separate USB sticks that also have copies of the database, and different physical locations.
  3. Use long character passwords with the typical use of upper case, lower case, number and symbol
    combination (using at least one of each.) The longer the password, the more secure, assuming all else
    equal. Minimum length should be at least 8 characters, but each additional character will add
    significant protection from various common password hacking attacks. A 16 character password is just
    as easy to copy/paste as an 8 character, but is exponentially more secure, so think big here! Note that
    some sites or apps may require a minimum amount of characters, numbers/symbols, etc, and will also
    have a maximum amount allowed, but most will accommodate 16-20 characters at least. Use all four
    types of characters: numbers, lower case letters, upper case letters, and symbols. Some apps or sites
    may restrict different types or groups of symbols/special characters, this is simply a trial and error
    process if a site is not accepting your new password. KeePassXC allows you to easily generate a fresh
    unique password with one click.
  4. Never use the same password on different accounts. By using a local password manager, you only
    have to remember one password to unlock your database, and then copy/paste the unique password into
    the login box for each account. This adds a good layer of security to your accounts, as hackers can use
    breach data to quickly attempt known passwords attributed to you on other accounts you own, to
    attempt access. Example, you use the same password for Facebook and your Gmail account; if a hacker
    gains access to one of the accounts, they can quickly discover the other account with little effort, and
    attempt the same or similar passwords, don’t get caught with your pants down by using the same
    password, or recycling old passwords, even on different accounts. By using KeePassXC, you can
    generate random, strong passwords that are all unique for each account, with no need to memorize
    them, as you will simply copy/paste it into the username / password boxes. On rare occasions, you will
    encounter specific sites that will not allow a ‘paste’ function to occur, in which case you will need to
    manually enter the unique password, but is the exception rather than the rule.
  5. Add the date you updated your database on the KeePassXC file name to help keep track of
    things. If you choose to separate and do multiple databases as outlined below in section 6, it is helpful
    to name them in a way to easily differentiate them as well. Example, your database for daily/common
    use for email and social media could be labeled ‘DAILY DRIVER Database – 13 Nov 2022’ and
    another one for less used accounts as ‘Database 2 – 13 Nov 2022’ and continue to change the date as
    you update/save them. I frequently will not delete old databases for a while until I’m certain I’ve
    updated them properly across all USB sticks. Instead, I will simply save the old one in a folder labeled‘zz.Archived’ and click ‘Save Database as…’ with the updated date. This way, if you accidentally
    update entries incorrectly across your USB sticks, you can fall back on older ones to ensure the current
    ones are up to date.
  6. You can create and manage as many database files as you want. This can be used to
    compartmentalize various accounts. Example, you could have a database file for all of your social
    media accounts, a separate one for banking, and so on. They would ideally have different master
    passwords, but you may wish to simply use one password for all databases, but keep certain ones
    detached from your computer unless in use, such as banking accounts. The stuff you use
    daily/continuously, you could store in its own database on your local machine. You could also use
    separate databases for different family members to restrict or grant access only to the accounts of your
    choosing, or perhaps to help manage alias accounts more easily.
    View Screenshots to see what it looks like! CLICK HERE
    Download the program for Linux, Windows or macOS here
    View the User Guide for detailed instructions and FAQ’s here
    The program works across Linux, Windows and macOS, and can be opened on a mobile with a
    separate application called KeyPassDX here

Apologies for the boogered up format, didn’t copy/paste well from the LibreOffice doc into the forum; and my reference to ‘Encryption Containers’ is to my upcoming guide to using VeraCrypt to encrypt your digital goodies. Both are quite easy to get used to, and add huge layers of security and peace of mind, not to mention a sense of organization.

I’ve been writing these up to help friends and family ‘see the way’ forward towards Linux and some basic tools to navigate everyday digital life.

Thanks Graphenegoat. Good info.

I’ve been using Master Password for years on the Apple platform and prefer it to other password managers for various reasons.

Here’s an article on it along with Linux installation directions.

1 Like

I was using the password manager that came with McAfee for years. Now that I am on Linux, I have been using BitWarden. I like the way you can use folders.

1 Like

Good to see others using these programs, they have been very helpful.

I plan to expand this little write up into a short and sweet ‘Get going now’ and then some longer explanations of why you’d want to use certain features/types of these apps. Mainly, using offline, local copies only with no need to rely on a cloud, or browser integration. While convenient to have passwords stored in browser and/or cloud, it increases risk.

Thinking of adding a Yubikey hardware token to my main KeePassXC database for an extra layer of security, which may be overkill, but I use one for crypto stuff anyway, it’s the size of a small key and easy to tote around.

Another handy piece of info to help emphasize good password strength importance:

We have used this app and its predecessors for years! Very happy with it! When using it on multiple platforms, to avoid “conflicted copies” of the database always OPEN by selecting “Open Existing Database” and open the database from that file window.
Highly recommend this app!! Thanks for the tips!!

1 Like