In this edition of Scylla Tips and Tricks, we wanted to introduce the password management tool, Keepass, to help securely manage your passwords. As you may know, best practice is to create a unique password for every site and application. This is recommended to mitigate the threat of having all of your accounts compromised when your password is stolen from one site (we have all heard those news headlines about major security breaches). Using different passwords means that your data/accounts are not vulnerable on other sites/applications.
With almost all applications/sites requiring an account, it is nearly impossible for someone to remember passwords without having a list. But, it has been shown that keeping a list of your passwords in Excel, Word, or notepad is not good enough because your passwords are not encrypted or protected. In fact the 2014 hack of Sony Pictures was made worse and allowed the hackers to take over nearly every facet of the business because passwords were stored in un-encrypted files. Simply password protecting your documents is also not sufficient as Office file passwords are easily cracked. The solution to this issue is to use a password management tool that stores your passwords in an encrypted format. For our clients, we strongly recommend KeePass.
What is KeePass?
KeePass is free/open source software that allows you to create an encrypted and password protected database to store your passwords. This means that you only need to remember one master password to unlock the Keepass database and retrieve your other passwords. Our recommendation is to store the KeePass database file (file extension .kdbx) on the server to ensure that the contents are routinely backed up. If it makes sense for your company, the database files can even be stored in network locations that multiple staff members have access to it as the database* can be shared and opened by team members at the same time.
*Please note that we strongly advise against sharing personal/individual passwords as a best practice and a violation of PCI, DISA and HIPAA recommendations.
Here is a quick list of some other great features KeePass provides:
How to start?
Just let us know you’d like to try it out. We have the option of quickly and silently installing KeePass on your computer without interruptions. Once KeePass is installed, you will need to launch it and follow the prompts to create a database and start entering your account information. As mentioned before, we strongly recommend that you save the KeePass database on the server (either in your redirected Documents or in a server share of your choice). Feel free to reach out to us if you have an questions on the best place to save this file for your environment. During the Database configuration, you will be prompted to configure a master password. This password should be very strong, but also one that you can remember since there are no recovery options for this password. Here is a good article on creating strong passwords: https://www.lifewire.com/strong-password-examples-2483118.
Now that you have a database, the tool allows you to create folders to help keep accounts organized. As the example below shows, the database has folders named General, Windows, Network, etc. [highlighted in green] and you can add additional groups by choosing the Group menu option. To save a new password entry, select the Entry menu option or the key icon [highlighted in red below] to open the add Entry window. Each entry has different fields that you can leverage to help identify and track details for an account. For example, entering the login URL will give the option of choosing with browser to open the site in. If you want to see the password you entered, selecting the Show Password button [highlight in purple] will make the password visible. KeePass even provides an option to create the password for you by selecting the password generator button [highlighted in orange]. You can even change the icon for the entry by choosing the image in the Icon field. Once the entry details are populated, select OK and Save (icon ) your database. NOTE: We recommend saving immediately after any entry changes.
Now that you have KeePass populated with your credentials, you can start shortcuts to help speed up your logins. Here are some examples:
Now don’t forget to combine keepass with two-factor authentication on all sites that support it for the strongest security.
Now don’t forget to combine Keepass with two-factor authentication on all sites that support it for the strongest security.