Manage Your Passwords With KeePass in Linux And Android

KeePassX password manager is the first application I open after my Linux workstation bootup and the last I close before shutdown. It is strongly recommended to install and use a password manager:

  • To create (really strong) passwords. Strong password is not necessary the password which contains many special characters, but the password which contains REALLY RANDOM characters. The only way to achieve it, is to use a password manager with a password generator.
  • To store your passwords securely
  • Never Reuse Passwords! Most of us have accounts in many online services and tend to use the same password. This is a big mistake and can be avoided by using a password manager.

My personal choice is:

  1. KeePassX on Linux desktop
  2. KeePass2Android on Android devices
  3. Sync them all with Dropbox

because it is

  • free and open source
  • cross platform
  • tested for many years

KEEP IT SIMPLE!

KeePassX on Linux desktop

KeePass is a free, open source, light-weight password manager, created basically for Microsoft Windows operating system. Actually, you may use KeePass in Linux.

So, to install KeePass in Ubuntu:

sudo apt-get install keepass2

KeePass is a .NET Windows application, which can run in Linux using Mono (an open source implementation of Microsoft’s .NET Framework). So, you will get something like this

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  binfmt-support ca-certificates-mono cli-common libgdiplus libgif7
  libmono-accessibility4.0-cil libmono-corlib4.5-cil libmono-data-tds4.0-cil
  libmono-i18n-west4.0-cil libmono-i18n4.0-cil libmono-posix4.0-cil
  libmono-security4.0-cil libmono-system-configuration4.0-cil
  libmono-system-core4.0-cil libmono-system-data4.0-cil
  libmono-system-drawing4.0-cil libmono-system-enterpriseservices4.0-cil
  libmono-system-numerics4.0-cil
  libmono-system-runtime-serialization-formatters-soap4.0-cil
  libmono-system-security4.0-cil libmono-system-transactions4.0-cil
  libmono-system-windows-forms4.0-cil libmono-system-xml4.0-cil
  libmono-system4.0-cil libmono-webbrowser4.0-cil mono-4.0-gac mono-gac
  mono-runtime mono-runtime-common mono-runtime-sgen xsel
Suggested packages:
  keepass2-doc mono-dmcs xdotool libmono-i18n4.0-all libgnomeui-0 libgamin0
Recommended packages:
  libgluezilla
The following NEW packages will be installed:
  binfmt-support ca-certificates-mono cli-common keepass2 libgdiplus libgif7
  libmono-accessibility4.0-cil libmono-corlib4.5-cil libmono-data-tds4.0-cil
  libmono-i18n-west4.0-cil libmono-i18n4.0-cil libmono-posix4.0-cil
  libmono-security4.0-cil libmono-system-configuration4.0-cil
  libmono-system-core4.0-cil libmono-system-data4.0-cil
  libmono-system-drawing4.0-cil libmono-system-enterpriseservices4.0-cil
  libmono-system-numerics4.0-cil
  libmono-system-runtime-serialization-formatters-soap4.0-cil
  libmono-system-security4.0-cil libmono-system-transactions4.0-cil
  libmono-system-windows-forms4.0-cil libmono-system-xml4.0-cil
  libmono-system4.0-cil libmono-webbrowser4.0-cil mono-4.0-gac mono-gac
  mono-runtime mono-runtime-common mono-runtime-sgen xsel
0 upgraded, 32 newly installed, 0 to remove and 192 not upgraded.
Need to get 7830 kB of archives.
After this operation, 27,4 MB of additional disk space will be used.
Do you want to continue? [Y/n]

You can access KeePass using Ubuntu Unity Dash (see image) or from the applications menu in other Ubuntu flavors. Open Dash (press SUPER key) and type something like “keepass”

Here is how main screen looks like:

Without a doubt KeePass is more powerful and feature rich than KeePassX. But KeePassX is native Linux software, which starts as a port of KeePass. KeePassX is working perfectly in Linux. It is Free software under General Public License. So, I prefer to use KeePassX on Linux.

KeePassX main features are:

  • AES Encryption of passwords database
  • Powerful password generator
  • Auto type for username and password
  • KeePass 2 databases (.kdbx) support

To install KeePassX:

sudo apt-get install keepassx

You can access KeePassX using Ubuntu Unity Dash (see image) or from the applications menu in other Ubuntu flavors. Open Dash (press SUPER key) and type something like “keepass”

Here is how main screen looks like:

How to Use KeePassX

First you have to create a database with your passwords. Set carefully a strong Master Password. This is the only password you have to remember.

It is recommended to use KeePassX Password generator for every new item you add in your database. Just press the “Gen” (Generate) button to create a strong password.

When you are in any login screen (usually on web browser), leave the focus on USERNAME field, find the account in your database and select “Autotype” (or define a keyboard shortcut if you prefer). KeePassX will auto-fill USERNAME and PASSWORD fields and press SUBMIT button. That’s all!

Increase KeePassX security

Well, the question is “if my computer or my mobile phone is stolen or if a hacker gained access to my files, what are the chances to find the master password of KeePass, and then to have access to all my passwords?“.

The answer is: KeePass(X) is safe enough. If you set a strong Master Password, it will take some years for an attacker to break your password using guessing and dictionary attacks.

So:

Use a strong Master Password!

DO NOT USE “12345678”, your name, your birthday, etc). Use a password manager to create a strong password. Obviously, KeePass(X) is ideal for this purpose. It is recommended to keep this password in your mind. If you can’t, save this somewhere (in a file or a piece of paper), but omit some characters, which you can easily remember. Another method is described in this post: How To Create A Strong Password Without Having To Remember It.

Increase the number of transform rounds in: Database → Database Settings.

The default value is 6000. As a rule of thumb, press the button “Benchmark” and accept the value. The program opens with a short delay, but the attacker now needs much more time to try a master password. See more.

KeePass2Android on Android devices

KeePass2Android is an open source password manager application for Android with modern design and friendly interface. Main features:

  • support for .kdbx (KeePass 2.x) databases
  • can access databases directly from the cloud (eg Dropbox, Google Drive etc)
  • autoFill: easily fill username and password fields with integrated keyboard (this is also very useful from the security point of view: protection against clipboard based password sniffers)
  • can keep local cached copy of the database (very useful in cases you are offline)

Sync them all with Dropbox

I use Dropbox to synchronize KeePassX database in all my devices (computer, laptop, phone, tablet).

How? Just put your KeePassX database inside Dropbox folder.

Why Dropbox? It is the only one cloud service which offers an official desktop client for Linux (at least for now).

To install Dropbox client on Ubuntu:

sudo apt-get install nautilus-dropbox

Dropbox VS KeePass Sync Plugins

KeePass Plugins are better solution for sync to avoid conflicts. Actually, if you are the only person who update KeePass database merge conflicts cannot happen.

Unfortunately, very useful KeePass plugins like KeeCloud and KeeAnyWhere are not working on Linux (at least for now). See the following: 1, 2 and 3. On the other side, KeePassX does not support plugins.

Alternatives of KeePass(X)

Here are some other popular password managers:

  1. LastPass – the only one who offers some kind of Linux support
  2. Dashlane – read here for Linux support
  3. RoboForm – read here for Linux support
  4. 1Password – only the web interface in Linux

To make a long story short: excellent software, but rather for Windows users. The full featured version is not free.