KeePassX password manager is the first application I open after my Linux workstation bootup and the last I close before shutdown. It is strongly recommended to install and use a password manager:
- To create (really strong) passwords. Strong password is not necessary the password which contains many special characters, but the password which contains REALLY RANDOM characters. The only way to achieve it, is to use a password manager with a password generator.
- To store your passwords securely
- Never Reuse Passwords! Most of us have accounts in many online services and tend to use the same password. This is a big mistake and can be avoided by using a password manager.
My personal choice is:
because it is
- free and open source
- cross platform
- tested for many years
KEEP IT SIMPLE!
KeePassX on Linux desktop
So, to install KeePass in Ubuntu:
sudo apt-get install keepass2
KeePass is a .NET Windows application, which can run in Linux using Mono (an open source implementation of Microsoft’s .NET Framework). So, you will get something like this
Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: binfmt-support ca-certificates-mono cli-common libgdiplus libgif7 libmono-accessibility4.0-cil libmono-corlib4.5-cil libmono-data-tds4.0-cil libmono-i18n-west4.0-cil libmono-i18n4.0-cil libmono-posix4.0-cil libmono-security4.0-cil libmono-system-configuration4.0-cil libmono-system-core4.0-cil libmono-system-data4.0-cil libmono-system-drawing4.0-cil libmono-system-enterpriseservices4.0-cil libmono-system-numerics4.0-cil libmono-system-runtime-serialization-formatters-soap4.0-cil libmono-system-security4.0-cil libmono-system-transactions4.0-cil libmono-system-windows-forms4.0-cil libmono-system-xml4.0-cil libmono-system4.0-cil libmono-webbrowser4.0-cil mono-4.0-gac mono-gac mono-runtime mono-runtime-common mono-runtime-sgen xsel Suggested packages: keepass2-doc mono-dmcs xdotool libmono-i18n4.0-all libgnomeui-0 libgamin0 Recommended packages: libgluezilla The following NEW packages will be installed: binfmt-support ca-certificates-mono cli-common keepass2 libgdiplus libgif7 libmono-accessibility4.0-cil libmono-corlib4.5-cil libmono-data-tds4.0-cil libmono-i18n-west4.0-cil libmono-i18n4.0-cil libmono-posix4.0-cil libmono-security4.0-cil libmono-system-configuration4.0-cil libmono-system-core4.0-cil libmono-system-data4.0-cil libmono-system-drawing4.0-cil libmono-system-enterpriseservices4.0-cil libmono-system-numerics4.0-cil libmono-system-runtime-serialization-formatters-soap4.0-cil libmono-system-security4.0-cil libmono-system-transactions4.0-cil libmono-system-windows-forms4.0-cil libmono-system-xml4.0-cil libmono-system4.0-cil libmono-webbrowser4.0-cil mono-4.0-gac mono-gac mono-runtime mono-runtime-common mono-runtime-sgen xsel 0 upgraded, 32 newly installed, 0 to remove and 192 not upgraded. Need to get 7830 kB of archives. After this operation, 27,4 MB of additional disk space will be used. Do you want to continue? [Y/n]
You can access KeePass using Ubuntu Unity Dash (see image) or from the applications menu in other Ubuntu flavors. Open Dash (press SUPER key) and type something like “keepass”
Here is how main screen looks like:
Without a doubt KeePass is more powerful and feature rich than KeePassX. But KeePassX is native Linux software, which starts as a port of KeePass. KeePassX is working perfectly in Linux. It is Free software under General Public License. So, I prefer to use KeePassX on Linux.
KeePassX main features are:
- AES Encryption of passwords database
- Powerful password generator
- Auto type for username and password
- KeePass 2 databases (.kdbx) support
To install KeePassX:
sudo apt-get install keepassx
You can access KeePassX using Ubuntu Unity Dash (see image) or from the applications menu in other Ubuntu flavors. Open Dash (press SUPER key) and type something like “keepass”
Here is how main screen looks like:
How to Use KeePassX
First you have to create a database with your passwords. Set carefully a strong Master Password. This is the only password you have to remember.
It is recommended to use KeePassX Password generator for every new item you add in your database. Just press the “Gen” (Generate) button to create a strong password.
When you are in any login screen (usually on web browser), leave the focus on USERNAME field, find the account in your database and select “Autotype” (or define a keyboard shortcut if you prefer). KeePassX will auto-fill USERNAME and PASSWORD fields and press SUBMIT button. That’s all!
Increase KeePassX security
Well, the question is “if my computer or my mobile phone is stolen or if a hacker gained access to my files, what are the chances to find the master password of KeePass, and then to have access to all my passwords?“.
The answer is: KeePass(X) is safe enough. If you set a strong Master Password, it will take some years for an attacker to break your password using guessing and dictionary attacks.
Use a strong Master Password!
DO NOT USE “12345678”, your name, your birthday, etc). Use a password manager to create a strong password. Obviously, KeePass(X) is ideal for this purpose. It is recommended to keep this password in your mind. If you can’t, save this somewhere (in a file or a piece of paper), but omit some characters, which you can easily remember. Another method is described in this post: How To Create A Strong Password Without Having To Remember It.
Increase the number of transform rounds in: Database → Database Settings.
The default value is 6000. As a rule of thumb, press the button “Benchmark” and accept the value. The program opens with a short delay, but the attacker now needs much more time to try a master password. See more.
KeePass2Android on Android devices
KeePass2Android is an open source password manager application for Android with modern design and friendly interface. Main features:
- support for .kdbx (KeePass 2.x) databases
- can access databases directly from the cloud (eg Dropbox, Google Drive etc)
- autoFill: easily fill username and password fields with integrated keyboard (this is also very useful from the security point of view: protection against clipboard based password sniffers)
- can keep local cached copy of the database (very useful in cases you are offline)
Sync them all with Dropbox
I use Dropbox to synchronize KeePassX database in all my devices (computer, laptop, phone, tablet).
How? Just put your KeePassX database inside Dropbox folder.
Why Dropbox? It is the only one cloud service which offers an official desktop client for Linux (at least for now).
To install Dropbox client on Ubuntu:
sudo apt-get install nautilus-dropbox
Dropbox VS KeePass Sync Plugins
KeePass Plugins are better solution for sync to avoid conflicts. Actually, if you are the only person who update KeePass database merge conflicts cannot happen.
Unfortunately, very useful KeePass plugins like KeeCloud and KeeAnyWhere are not working on Linux (at least for now). See the following: 1, 2 and 3. On the other side, KeePassX does not support plugins.
Alternatives of KeePass(X)
Here are some other popular password managers:
- LastPass – the only one who offers some kind of Linux support
- Dashlane – read here for Linux support
- RoboForm – read here for Linux support
- 1Password – only the web interface in Linux
To make a long story short: excellent software, but rather for Windows users. The full featured version is not free.