How-To

How to Set Up KeePass as Your Next Password Manager

By Mark O'Neill

Updated September 19, 2022

Using strong, unique passwords for each online account you own is crucial. This means no passwords like 12345 but instead something like 7hb9qZaIcMCnCYdFTxx5. To remember passwords like that, you need a password manager such as KeePass.

If being online on a constant basis teaches us anything, it’s that you need long, strong, unique passwords for each online account you own. This means no passwords such as 12345 or abcde. If you use them, you’re asking to be hacked. Instead, you need something like 7hb9qZaIcMCnCYdFTxx5. But unless you’re an android with a computer-like brain, how are you supposed to remember passwords like that? The answer is a password manager such as KeePass.

There are SO many password managers at the moment. Wikipedia maintains an extensive list, but out of all of them, the main players are KeePass, LastPass, and 1Password, and I know a few people fond of Dashlane. But after trying these ones out extensively over the years, my fondness remains with KeePass. This is because it is easy to use, is open source, and has a portable version.

Setting Up KeePass For The First Time

I am a big believer in forgetting about bells and whistles and instead focusing on products that just work. Give me a barebones stripped-down piece of software any day of the week if it will always do what you need it to do. I don’t need something all shiny and amazing looking but which breaks down when I breathe on it.

Download KeePass

I am going to focus on the portable version as that’s my thing. I try not to install anything unless I have to.

If you go to the KeePass downloads page, you will see the latest Windows versions at the top. The ones below that are the previous version, but you should always use the most current version. The installable version is on the left, and the portable version is on the right.

If you are a Mac or Linux person, or you use Android or iOS, there are versions of KeePass for those platforms too. If you scroll down the downloads page, you will see them. As you can see from the list, they cover a whole variety of platforms, including Blackberry, Palm, Windows Phone, Chromebooks, and the Command Line.

They are not all called KeePass, but they are all compatible with KeePass password databases.

Open the Main App

Once the zip file has been downloaded, open it up. If you have chosen the installable version, install it on your computer. If you have chosen the portable version, make a KeePass folder on cloud storage or a USB stick. I recommend the encrypted cloud storage service Sync, which gives you 5GB free of charge.

Now click on KeePass.exe to start the program up, and you will see the login window that protects your database.

However, since you do not have a database yet, close this login window and a blank database window will jump up.

Create a Database

Now we need to create a new encrypted database where our passwords will be securely stored.

First click File–>New. You will then see this.

Click OK and you will be prompted to save a KDBX file (the file format of a KeePass password database).

Make sure it’s in the same folder as the other KeePass components. You could put the KDBX file someplace else on your computer, but what would be the point? Keeping it all together (especially on cloud storage) makes the most sense.

You can also rename the KDBX file. You don’t have to use the name it gives you.

Make an Unbreakable Password

An encrypted database is only as strong as the master password protecting it. If you use something easy like your name, your spouse’s name, your dog’s name, your birthday, etc., then that pretty KeePass database is going to get pounded to dust in no time.

On the other hand, if you put a lot of thought into your master password, then you can put the secret to eternal life in there, and nobody will ever get to it except you.

So this next part is the most important part of the process.

You should ideally make your password a minimum of 10 characters with lower case letters, upper case letters, and numbers. If possible, also throw in a few special characters like a comma, a full stop, or a semi-colon. You need to make it as hard as possible.

To ensure you are typing it in properly, repeat the password where indicated, and as you do, the “Estimated Quality” of the password will show. You want that going as high as possible. I got it to 91 bits, which is OK because this is just a temporary database for this article. If I was making a real database, I would ideally want it well over 100 bits, maybe 120.

In Step 3, the only thing I would change is the encryption standard to ChaCha20. This is a MUCH stronger encryption protocol than the standard AES-256.

Print Out An Emergency Sheet

One last thing before the database is made and opened. You will be asked if you want to print an “Emergency Sheet.” I strongly recommend you do this. For obvious reasons, there is no “Forgot Your Password? Click Here To Reset It” option. So if you forget your master password, or you die, and your next-of-kin needs your passwords, then you or they are going to have a major problem.

So print out the sheet, write the master KeePass password down, then hide it somewhere. If it is for your next-of-kin, put it in a sealed envelope with the will and the life insurance policy where they can find it easily. And obviously, if you later change the master password, remember to update the sheet!

Customize Your Database

Your database will now open, and you can start generating and saving passwords.

On the left are groups where you can categorize your logins. These are the ones KeePass gives you, but you can delete them or rename them as you wish. You can also make unlimited numbers of new groups.

It will have two sample entries already saved on the right, and you can delete them. But before you do, open one of them to see what a typical password entry would look like.

In the years that I have been using KeePass, I have only ever had to use the “Entry” tab. The other tabs are pretty useless for me.

So when you click the small key icon on the main database interface (in the toolbar), a box like the one above will show. But it will be empty. You need to fill it in. The title would be the name of the website, software, whatever. The user name…well, that is self-explanatory. The URL would be the name of the website or software service, obviously.

Now the password. For security reasons, the password is concealed with dots. The password will reveal itself if you click the button with the three dots on the right-hand side. Click the button again to mask the password.

To generate a password, click the key icon under the three dots button, and you will get this menu. Choose “Password Generator.”

You only need to concern yourself with the first part. Choose the length of your password (I recommend a minimum of 25 characters). Then choose what you want in the password.

Now click OK at the bottom, and you will see your box has been pre-populated with the new password. Click on the three dots button to view it.

Click OK to save the password and close the box.

Logging In

When you want to log in someplace, right-click the entry in KeePass and choose Copy Username. Then click in the username box on the website and CTRL + V to paste the username in (or CMD + V on a Mac). Then right-click on the entry again, choose Copy Password, and repeat the process in the password box.

You have to hurry, though. After 12 seconds, KeePass wipes the information from your clipboard for security reasons. You can shorten or lengthen the time in the KeePass options. Personally, I have it lowered to 6 seconds. In the options, you can also have KeePass log out of the database after a certain time period, but I have this disabled. But this would be good in an office environment.

Conclusion

With the simple KeePass, there is no excuse for not using a password manager. You can’t say, “it’s too complicated!” because this is as simple as it gets. Stop the risk of getting hacked and start using longer unhackable passwords.