KeePass

One Password to Rule Them All

As many of you know, the rules around Duo Authentication and the “remember me” function were changed recently. Previously Duo would remember an authentication for 60 days, so we weren’t having to constantly re-authenticate through Duo, however, since the change went into effect, Duo now requires us to re-authenticate every 5 days. This change was put into effect after a few security incidents were discovered by the Texas A&M Division of IT.

To make your lives easier in relation to passwords, Technology Services – Student Affairs is recommending the use of a password manager that is available through the Software Center on your computer. KeePass is a password manager that stores a secure, encrypted list of your usernames, passwords, and associated sites or programs. While it may seem counterintuitive or unsafe to store all your passwords in one place, the use of password managers has shown to be safer than other methods of password management, such as having a browser store passwords or attempting to create memorable passwords for each site. There are several reasons why this is the case.

  • Password managers encrypt the database where they store the password so they can’t be accessed without a “master password” or “master key.”

  • Because you only have to remember a single master password, all of the rest of your passwords no longer have to be “memorable” allowing for passwords that are harder to crack. Most password managers have a “password generator” that can generate a random series of letters and numbers that is more secure.

  • The biggest risk in password management is using a single password for multiple sites or apps so if a hacker gains access to one account, they may be able to access many other accounts creating a serious risk of identity fraud and theft.

  • Using a password manager also makes it easier to keep track of passwords resulting in fewer “forgotten passwords.”

  • Many password managers can remember when passwords are due for a change so you can use them to manage how often you change your passwords. Most Security professionals recommend a change every 60-90 days at the minimum. Many employers who work with critical or confidential data require password changes every 30 days.

So how can you start using a password manager? It’s actually pretty simple to get started, as KeePass, the password manager recommended by DoIT, is available through the software center!

How to Install, Setup, and Configure Keypass!

To begin with, just click on your start button and start typing “Software center” and an option to open it will pop up. Once you’ve opened the Software Center you can see a list of available software for you to download.Software Center Screenshot for Installing Keypass

In the upper right corner of the software center, there will be a search box. Type “KeePass” into the search box and search for it. Alternatively, you can scroll through the list of available software to find KeePass, and once found double click on the KeePass entry.

You will be given the install button to click to begin the installation.  Once the installation is begun it will take a couple of minutes and the install button will change to an “uninstall” option.  This means that KeyPass was successfully installed on your computer.  You can go ahead and close out of the software center.   

Once you have Installed keepass from the software center, you can search for Keepass in your start menu to open it.

Once the program opens, you’ll need to create a new database by clicking “File” at the top of the window and then selecting “New” from the drop-down menu. Once you click the new option you will get an information window telling you you that your data will be stored in a KeePass database file.  After Clicking OK you will be prompted to choose a location where KeePass should save this file.  It is important that you remember where the database file is stored.  You should regularly create a backup of the database file on a separate location such as a network drive or a usb drive. 

Once you have chosen the location of your KeePass Database file, a new box titled “Create Composite Master Key” will pop up prompting you to create a master password. The goal is to make the Master password the only password you need in the future, so make sure this one is easy to remember. As best practice a password should be at least 8 characters long and have a combination of characters that includes at least one of each of the following:

  • Lowercase letters 
  • Uppercase or Capital letters 
  • Numbers 
  • special characters (such as ! @ # $ % etc.)
  • PLEASE NOTE that the Department of IT has no way to recover or Reset your KeePass MasterPassword, so make sure it’s one you can remember!

Once you have chosen your password, go ahead and click OK at the bottom of the window and a new window will appear entitled “Database Settings” the default settings here are perfectly fine so you can just click the “ok” button.  You don’t even need to worry about a “database name.” This will return you to the main KeePass windows, where the new database you created is now displayed.

The KeyPass window is divided into 2 main areas.  On the left is the group navigation pane with several default groups already created for you.  On the right is the Entries Pane that shows individual usernames, passwords, associated web addresses, and a Notes section.   From the main window, you can select different groups on the left to view the accounts associated with the groups on the right. You can also edit, add, and remove groups simply by right-clicking, or by going to the “Edit” menu at the top and selecting what you want to do.  

  1. Select which group you want the new account to be associated with  
  2. Either go to “edit” and click “Add Entry” or right-click on the Entries page and click “add entry”  
  3. This will open the Add Entry window as seen below.  

To add an existing username and password, pick a title for the account, input the username, password, and repeat the password.  You can also include a URL that the account is associated with and make notes on the specific account.   

*Note* the password field already looks like it has been filled out in the above example.  This is part of the auto-generation feature.  Using randomly generated passwords makes an account more secure, but you’ll need to change the password in the system to what has been randomly generated.  You can see what was randomly generated by clicking the 3 dots to the right of the 1st password blank.     

If you don’t want to use the auto-generation feature, you can clear out the randomly generated password and type in whatever your current password is.   

At the bottom, there is a checkbox for “Expires” where you can select a date and time.  You can use this a couple of different ways.  You can set it as a reminder to change your password even if the system isn’t requiring it, or you can set it to coincide with when the password actually expires.   

For Security Reasons, Keepass does not autofill entries in web pages.  Once you have a password entry entered into the KeePass Database, you can copy and paste it to any window or just click and drag it to entry fields to start using KeyPass. If you included the URL in the entry, you can also double-click the URL in Keypass and it will open up that website in your browser.