Ottawa PC Users' Group, Inc.
by Alan German
only use one or two login passwords and so, previously, I
have never bothered to check out password encryption
programs. However, recently, I seem to have had to
consult my "top secret" hard-copy file of web
site passwords in order to access various obscure sites
that I use only infrequently. While this file folder is a
useful resource for storing multiple passwords, the
difficulty comes when needing to locate a given password.
Typically this means leafing through multiple printouts
of login credentials for a wide range of web sites that
aren't arranged in any kind of logical sequence. I
suppose I could organize these listings in a loose-leaf
binder, rather than using a simple file folder, but it is
probably even more efficient to use a computer-based
The essence of these software systems is an encrypted
database, opened by means of a master password, that
contains listings of individual web sites and their
associated login credentials. Even better, most of these
programs offer a way to enter a userid and password for
any given site more-or-less automatically, thus
expediting the login process.
My password manager of choice is KeePass, primarily as it
is open-source software that garners good reviews, but
also because the Windows version has a Linux equivalent
(KeePassX) which means that I can use the same password
database on both platforms. There are both 1.x and 2.x
versions of KeePass with Version 1.23 being compatible
with KeePassX. Consequently, it is KeePass Version 1.23
that is reviewed here.
By default, KeePass offers to store passwords for three
groups of applications, namely Internet, eMail and Backup
systems. I only require to store passwords for web sites
and so opted to set up a new database in the Internet
group. The only requirement is to select a master
password with which to access the database. Optionally,
one can also specify a "key file". This is an
additional security measure since both the master
password must be entered, and the specific key file must
be present, before the password database can be opened.
With the database open, a new set of login credentials
can be entered by selecting "Add Entry", either
by clicking on an icon, or by using the program's edit
menu. The subsequent dialogue box has fields for Title,
User name, Password, URL and Notes. An icon is associated
with each listing and this can be selected from an
available set of icons or a custom image can be used. The
entry can be set to expire on a given date and time;
however, by default, the expiry date is unchecked.
password that is entered (and repeated as a double check)
is encrypted in the final database and is displayed as a
series of asterisks. A button (three dots) lets you see
the actual password string behind the asterisks (when the
encrypted database is open). The "quality"
(i.e. strength) of the selected password is roughly
indicated by the length of a horizontal bar, and an
indication of the number of bits used in the string. For
the paranoid amongst us, there is a built-in password
generator that will produce (presumably) incredibly
secure passwords. My test used a 256-character string
producing a password with a full horizontal bar and 535
could use KeePass purely to store login credentials. The
web sites are listed in alphabetical order so retrieving
a given record is quite simple. One could then copy and
paste the userid (User name) and password (having used
the "three dots" button to extract the
encrypted text) from the data record into the login
prompts on the web page. However, as noted earlier,
KeePass provides an option for the program to
"fill-in the blanks" on the login screen. This
process is a little non-intuitive and, in my case,
required reading through a section of the web-based
KeePass Help Center (Help - Help Contents - KeePass Help
Center - Features - Auto-Type) a couple of times before I
clued in on the technique.
The first trick is to hit the drop-down "Tools"
button in the lower-left corner of the data record for
any given web site. With the desired web site open in the
browser at the login page, one clicks on "Auto-Type:
Select Target Window". Then, one uses the second
drop-down menu to select the appropriate listing which in
my test case was "Ottawa PC Users' Group (OPCUG)
Inc. - Mozilla Firefox".
The second trick is to navigate to "Tools - Options
- Advanced - Auto-Type" in KeePass's main menu and
enter a keyboard shortcut in the "Global auto-type
hot key combination" field. I opted for Ctrl + Alt +
P as the keystroke combination that would automatically
populate a web site's login credential fields.
Even then the process turned out to be somewhat hit and
miss. For example, I couldn't get the system to work for
OPCUG's web site as KeePass returned the login
credentials for a different entry. And, in my DropBox
account, KeePass selected the correct entry, but
populated the E-mail field (effectively the userid) with
my DropBox password instead of the user name! However,
the auto-type process worked fine for some other web
sites, e.g. National Capital Freenet.
While the automatic login process appears to be fraught
with difficulties, KeePass does at least let me store my
infrequently-used web site login credentials in an
electronic format, and provides a readily-available
resource for this information when it is needed. So, no
more leafing through dozens of pieces of paper for me!
Author: Dominik Reichl
Click here to view the
full OPCUG website with frames.
Copyright and Usage
Ottawa Personal Computer Users' Group (OPCUG), Inc.
3 Thatcher Street, Ottawa, ON K2G 1S6
opinions expressed in these reviews do not necessarily
represent the views of the OPCUG or its members.
comments or suggestions to the .