Protect Your Passwords From Hackers

How to Keep Your Computer Secure with KeePassX

With all the news stories about large companies being hacked and losing data, it seems that protecting our data is becoming virtually impossible.

As users, we can't really do all that much to make sure our bank is protecting our data except for voting with our feet when they do something that puts us at risk.

There have been so many high profile cases of companies being tested by what can only be considered as professional hackers that the whole thing feels like John Wayne in The Alamo. Sooner or later the bandits are coming in.

So what can we do to protect ourselves? Well, the best we can hope is that the companies we entrust with our data have bothered to encrypt that data as securely as possible.

Even with an encrypted database, hackers can still get to the real data simply by throwing dictionaries of words at the usernames and logins and by using what is known as brute force to try every password combination.

There is a joke that sums up the premise of what you can do to best protect your data. Two men are sat on the branch of a tree with a bear rapidly climbing up to attack them. One of the men notices his friend tying the laces of his shoes. He says "You know you can't outrun that bear don't you?" to which the man replies "I don't need to outrun the bear. I just need to outrun you."

Quite simply the point behind this is that if you make your password more secure than everybody else's password then the hackers might never get to see the unencrypted details for your accounts. 

People are generally opportunistic. When walking past an apple tree are you going to climb the tree and pick the ones at the top or are you going to pick the apples lower down. Burglars tend to go for houses that are the least secure. 

It is all about weighing up the factors of risk, time and effort and the potential rewards. Simply put. Don't make yourself low hanging fruit.

KeepassX can help you protect your home computer and your internet passwords in multiple ways and this article will discuss how.

How to Get KeepassX

Protect Your Passwords With KeepassX

Gary Newell

KeepassX is available in the repositories for all the major Linux distributions.

If you are using a Debian/Ubuntu based Linux distribution you will be able to install KeepassX either using the Software Centre, Synaptic or apt-get.

For example in a terminal type the following:

sudo apt-get install keepassx

If you are using Fedora or CentOS then you will want to use YUM Extender or YUM to install keepassx.

For example in a terminal type the following:

yum install keepassx

openSUSE users can use YAST or Zypper.

How to Create a KeepassX Database

Create A Keepass Database

 Gary Newell

To create a Keepass database click on the first icon in the toolbar.

A screen will appear asking for you to enter a password for the Keepass database and optionally a box for generating a keepass file.

This web page provides details why and how to use a keyfile to protect your data.

The KeepassX Main User Interface

The KeepassX User Interface

Gary Newell

KeepassX is basically a place to store all of your usernames and passwords so that you no longer need to remember them.

Now you might be thinking that this is putting all of your eggs in one basket and all a hacker needs to do is get past one of your passwords instead of lots of different usernames and passwords for different sites.

The truth is that if you use a good keyfile, then it is going to be quite difficult to get past your KeepassX security.

Another point is that in order to access your KeepassX database a hacker will need to have gone beyond your computer's firewall and have full access to your computer. (You are already compromised).

Remember the point made earlier on about risk, time and effort, and rewards. A hacker can spend hours trying to break into your home computer in order to get one person's credentials or they can break into an online service which has literally thousands or tens of thousands of people's credentials.

Many people use the same username and password for multiple services including banking, email, PayPal, eBay, and other sites. KeepassX will let you have multiple passwords which are incredibly difficult to crack without you having to remember them. This makes you more secure than 99% of the other users of any site.

The icons at the top of the screen allow you to create a new password database, open an existing database, save a database, add a new entry to the current database, edit an entry in the current database, delete an entry from the database, copy a username to the clipboard and copy a password to the clipboard.

There are two main panes to the interface. The left pane contains a list of groups and the right pane has the entries within each group.

By default there are two groups:

  • Internet
  • Email

In the internet group, you could add sites such as Google, eBay, PayPal, etc.

You might want to create another group called local for storing local application passwords.

Add a New Entry Into KeepassX

Add A New Keepass Entry

Gary Newell

To add a new entry either click on the new entry icon in the toolbar or right-click in the right pane and choose new entry.

A screen will appear with the following fields:

  • Group
  • Icon
  • Title
  • Username
  • URL
  • Password
  • Repeat (Password)
  • Quality
  • Comment
  • Expiry Date

The group can be any one of the groups in the left pane and you can choose an icon to associate with the entry.

The title helps you determine what the entry is for (i.e Google). Enter the account's username into the username box and the URL to the site in the box provided.

Enter a password into the box and repeat it. The quality bar will increase in color depending on how difficult it is to break.

The button next to the password box toggles between showing asterisks (*) and the real password.

You can enter a comment to describe the entry better if required. 

If you know the password expires after a period of time you can enter the date when the password will expire.

To finish creating an entry press OK.

Generating More Secure Passwords

Generate Secure Passwords

Gary Newell

One of the best things you can do is generate a better password than the one you are currently using and change the password for the online account to the generated password. 

Think of the most secure password you can and enter it into the box for an entry. It won't be anywhere nearly as secure as the generated passwords produced by KeepassX.

When creating a new entry click on the generate button.

The password generator has three tabs:

  • Random
  • Pronounceable
  • Custom

A random password will be just that. You can make sure it passes the online account's conditions by choosing upper case letters, lower case letters, numbers, white spaces, minus, underline and special characters.

Clicking on the generate button will create a password. You can see the password that has been generated by clicking on the little eye icon.

You will instantly see how random the password is. There is no way any human being can remember such a password and it would take a hacker a long time using brute force to break it.

It is possible to make the password even more secure by increasing the password length.

Generating Pronounceable Passwords Using KeepassX

Create Strong Readable Passwords

Gary Newell

A completely random password might be too much for some people.

Fortunately, KeepassX lets you generate a random password which is more human readable.

Simply choose the pronounceable tab within the generate password screen.

Your password can contain numbers, letters, uppercase and optionally special characters.

When you click generate, a new password will be created but unlike the random generation, it contains real words.

By default, the password is 25 characters long but you can make it shorter if you wish. The shorter the password the less secure it is.

Using the KeepassX to Enter Online Passwords

Using KeepassX

Gary Newell

So how does having a database full of passwords help you?

Well, when you load for instance Google and it asks for your username and password you can click the copy to clipboard icons within KeepassX and paste the username and passwords into the relevant fields and log in.

This prevents you from having to save passwords within Google (and other online accounts).

By using the copy to clipboard icons you protect yourself from keyloggers that may have inadvertently installed themselves on your system (If you are running Linux this is less likely but not impossible).

Also by using KeepassX you can use much stronger passwords than you normally would because you don't need to remember them yourselves. ​

You can also keep a hint for yourself as the comment in KeepassX. This is much more secure than setting up a password reminder within an online application.

Many hackers will attempt the recover password option using information they have found out about victims which are openly stored on their Facebook or other online accounts. 

Don't make it easy for them. Protect your usernames and passwords today with KeepassX.