Password Management with KeePassX
Working with as many systems as I do, I have to keep track of a pretty huge number of user accounts and passwords across many diverse environments. For a long time I used a GPG encrypted text file to store this information, but recently I went looking for a more structured solution. I found KeePassX, and promptly fell in love.
KeePassX is a password management application for Linux and OSX. It supports the same database format as KeePass Password Safe for Windows, providing a cross-platform solution for managing passwords securely. It’s database is protected using either AES or Twofish encryption with a 256 bit key, which provides adequate encryption for the majority of users.
The interface is extremely simple. Select ‘File -> New Database’, and then enter a password or passphrase. KeePassX has the option to also use a key file for authentication - allowing you to place a key on a USB stick to add a physical authentication token to your password for added security.
Click for larger image
Once your database is created, choose a name and location for it with File -> Save Database As. KeePassX sorts your passwords into groups that you define for easier organisation. To create a group, right-click in the group panel of the dialogue and select ‘Add New Group’ or select the ‘Add New Group’ option from the ‘Edit’ menu. Name your group, and then select it in the group pane and click either the small + symbol on the toolbar or ‘Edit -> Add New Entry’.
The ability to attach a file to an entry I find extremely useful to attach keys, seed files, or other tokens that are linked to this account. I also find the feature to generate passwords directly in the Entry dialogue extremely valuable, saving me from making transcription errors when I store or change a password.
Click for larger image
While KeePassX doesn’t natively support any kind of synchronisation, a service like dropbox would easily allow you to keep your password databases in sync between your Windows, Linux, and OSX machines. I use Subversion to make sure that my passwords are up-to-date on every machine I use them on. I also maintain separate databases with separate passphrases for home and work use, allowing me to only check-out the database I need on that particular host.
A feature I find surprisingly useful is that KeePassX will copy usernames/passwords to clipboard without the text being viewable. In an office environment where I often have a vendor or another consultant sitting by me assisting, being able to get at infrequently used passwords I haven’t memorised without showing them to all and sundry is a relief. KeePassX will clear the clipboard of secure information within a configurable time period, to minimise the risk of accidental pastes of root passwords into work IRC. Yes, $colleague, I’m looking at -you- =)
Click for larger image
For those using locked-down or shared Microsoft Windows workstations, KeePass Password Safe is available as a portable app from PortableApps.com.
EDIT: As people have pointed out in the comments, there are also mobile versions of KeePass - in fact I have the J2ME version on my Nokia S60 cell phone. Unfortunately my insanely long passphrase is almost impossible to type in even with qwerty on a phone so while it’s a great idea to have access to the database on my phone I find myself unable to really use it =)