Managing Passwords 

In this edition of Scylla Tips and Tricks, we wanted to introduce the password management tool, Keepass, to help securely manage your passwords. As you may know, best practice is to create a unique password for every site and application. This is recommended to mitigate the threat of having all of your accounts compromised when your password is stolen from one site (we have all heard those news headlines about major security breaches).  Using different passwords means that your data/accounts are not vulnerable on other sites/applications.

With almost all applications/sites requiring an account, it is nearly impossible for someone to remember passwords without having a list. But, it has been shown that keeping a list of your passwords in Excel, Word, or notepad is not good enough because your passwords are not encrypted or protected.  In fact the 2014 hack of Sony Pictures was made worse and allowed the hackers to take over nearly every facet of the business because passwords were stored in un-encrypted files.  Simply password protecting your documents is also not sufficient as Office file passwords are easily cracked.  The solution to this issue is  to use a password management tool that stores your passwords in an encrypted format. For our clients, we strongly recommend KeePass.

What is KeePass?

KeePass is free/open source software that allows you to create an encrypted and password protected database to store your passwords. This means that you only need to remember one master password to unlock the Keepass database and retrieve your other passwords. Our recommendation is to store the KeePass database file (file extension .kdbx) on the server to ensure that the contents are routinely backed up. If it makes sense for your company, the database files can even be stored in network locations that multiple staff members have access to it as the database* can be shared and opened by team members at the same time.

*Please note that we strongly advise against sharing personal/individual passwords as a best practice and a violation of PCI, DISA and HIPAA recommendations.

Here is a quick list of some other great features KeePass provides:

1. Store multiple details for accounts like the login URL for a site. For Example, you can save account number, license details, security questions or phone numbers in the Note section of an entry.
2. Provides a history of old passwords just in case you need to recall on a previous password.
3. Option to have the software generate a very secure password for you to use. This can help you create unique strong passwords for your different accounts.
4. Options to copy entry details to autotype or password the login information for you. For better security, it clears the clipboard within 30 seconds.

How to start?

Just let us know you’d like to try it out.  We have the option of quickly and silently installing KeePass on your computer without interruptions. Once KeePass is installed, you will need to launch it and follow the prompts to create a database and start entering your account information. As mentioned before, we strongly recommend that you save the KeePass database on the server (either in your redirected Documents or in a server share of your choice). Feel free to reach out to us if you have an questions on the best place to save this file for your environment. During the Database configuration, you will be prompted to configure a master password. This password should be very strong, but also one that you can remember since there are no recovery options for this password.  Here is a good article on creating strong passwords: https://www.lifewire.com/strong-password-examples-2483118.

Now that you have a database, the tool allows you to create folders to help keep accounts organized. As the example below shows, the database has folders named General, Windows, Network, etc. [highlighted in green] and you can add additional groups by choosing the Group menu option. To save a new password entry, select the Entry menu option or the key icon [highlighted in red below] to open the add Entry window. Each entry has different fields that you can leverage to help identify and track details for an account. For example, entering the login URL will give the option of choosing with browser to open the site in. If you want to see the password you entered, selecting the Show Password button [highlight in purple] will make the password visible. KeePass even provides an option to create the password for you by selecting the password generator button [highlighted in orange]. You can even change the icon for the entry by choosing the image in the Icon field. Once the entry details are populated, select OK and Save (icon ) your database. NOTE: We recommend saving immediately after any entry changes.

Quick Tricks

Now that you have KeePass populated with your credentials, you can start shortcuts to help speed up your logins. Here are some examples:

• CTRL + I: Will create a new entry while in KeePass.
• CTRL + Alt + K : Will open KeePass or bring it to the front.
• CTRL + S : Will save the database file.
• CTRL + V: When in another application (login page on a browser) will take the highlighted keepass entry and automatically enters the username and password.
• CTRL + B: Copies the username of the selected entry and allows you to paste it. By default, it temporarily saves the password to the clipboard and will erase after 30 seconds.
• CTRL + C: Copies the password of the selected entry and allows you to paste it. By default, it temporarily saves the password to the clipboard and will erase after 30 seconds.
• CTRL + F: Opens the search window to help you locate an account which could be very helpful after you have any entries listed.
• CTRL + K: Allows you to duplicate the selected entry. This is nice if you are created a similar entry and wanted it to have all the same details.
• CTRL + U: Opens a webpage directly to the website (URL) of the account.