There is a lot of chatter on the net about the need to improve personal password management. If you are like me (up until recently) you have constantly reused the same password over and over again on various websites on the web. This is very dangerous – the details of which are outside the scope of this post – just google it if you want proof.
Recently I decided to do something about it. There are lots of solutions if you operate in an unregulated environment (ie personal use only), however if you work in the corporate world (like me) and have firewalls and don’t have PC admin rights, then a workable solution is not so easy. I have solved the issue (for me) and want to share this with you in this post.
My requirements were
- I had to have a solution that worked on my work PC (I do not have admin rights)
- I had to be able to share my passwords with my home computer (an iMac)
- I had to be able to access my passwords where ever I was, even if I wasn’t in front of my iMac or work PC (ie public PCs, iPad, iPhone etc).
I researched a lot of software products, and settled on KeePass.
KeePass has the following features that appealed to me
- It is open source
- It is free
- The OS community has produced a Mac and iPhone (minikeepass) version
- You can run the program from a USB memory stick, and it does not need to be “installed” – ie no Admin Rights needed on your PC. This also means you can simply copy he software into any folder on your pc and it will work.
I downloaded the software on my work PC (just download from the link above, and extract it into a folder of your choice), and created a new password database. I have set up a very strong password on this database, so it is not getting cracked anytime soon. I then proceeded to move all of my passwords from my password protected Excel Spreadsheet to the database. I am now fully migrated and life has never been better.
How to get the most out of KeePass on you PC
KeePass has a great feature that allows you navigate to a login screen, then hit a set Keyboard combination, and KeePass will automatically retrieve your username and password from your KeePass database and log you in. I can’t over emphasise how good this is. I have set my keyboard shortcut to Ctrl-Shift-Z so I can do it with one hand.
KeePass uses the window name as the identifying factor to find the correct username/password combination. It is therefore essential that you can uniquely identify each application or website from the window name. So far, so good for all of my passwords. If there is more than one window with the same name, KeePass presents you with a list, and you have to select the one you want – not a major issue.
One feature that is not immediately obvious, but is of immense value is that you can set up a single username/password and use it over and over for multiple applications. At my work, we have password federation that means my passwords for many websites and applications are always in sync.
If you navigate to the “auto-type” tab in KeePass, you can add additional windows to the same username/password combination. Everytime I come across a new application that uses my work master password, I just go to the “auto-type” tab and add the new window.
This window allows you to configure different login sequences. ie some applications need you to add the username, others just need the password. This can be configured from the Auto-Type screen.
Accessing Passwords from other devices
One issue is how do you access your KeePass password database from your other devices. KeePass recommends you use dropbox, but unfortunately dropbox needs to be installed on your PC (no admin rights) and also is blocked through our corporate firewall. The way I solved this was to use a a tool called Send to Dropbox which is a service that allows you to email a file to your dropbox service. I signed up to the service and then added the unique email address assigned to me to my Outlook address book with the name “send to dropbox”. Now I can email any file to “send to dropbox” and it will go straight through my firewall to my dropbox account, and I can access the file from my other devices.
I have installed minikeepass on my iPhone and iPad, as well as dropbox. Every time I need my passwords, I open dropbox on my iPhone, then select the latest KeePass file. You can then select to open it in “minikeepass”.
The next thing I wanted to solve was that I wanted my KeePass database to be updated each day back to dropbox (this would normally happen if you had dropbox installed on your PC, but I don’t have admin rights). I have a half solution to this problem. I found this software called sendemail.exe that once again does not need to be installed on your PC. I placed the exe file in my keepass folder and then used Windows Scheduled Tasks to automatically run the exe file send my KeePass database once per day to my dropbox account. It took a bit of mucking around to configure sendemail.exe, but this is the command line that I ended up using:
“C:\Documents and Settings\My Documents\KeePass-2.18\sendEmail.exe” -f email@example.com -u Keypass -m Here is the updated KeePass file -t firstname.lastname@example.org -s smtp.gmail.com:25 -xu email@example.com -xp MyGmailAccountPassword -a mykeepassdatabase.kdbx -l send.log -o tls=auto
Just change the email account names and passwords to your details and hopefully it will work for you.
The reason it is only half a solution is that this script only works from outside my work firewall (ie I cannot send gmail from behind the firewall). To solve this, I have set my Windows Schedule Task to run in the evening when I am at home on my home network – then it works.
Hope this solution works for you.