KeePass: Storing Passwords Securely

Posted 15th October 2006 in Software

I am somewhat embarrassed to admit that for some time I’ve stored a lot of sensitive information inside plain text files on my hard-drive; not passwords, but rather an extensive list of usernames, URLs, and such, in order to keep track of it all.

After doing some research on e-mail encryption (OpenPGP, GnuPG, etc.) I accidentally came across PasswordSafe, by Bruce Schneier. It was a neat program designed to store usernames and passwords securely. I added some of my passwords to try it out, backed up the encrypted file …

Then, a couple of hours after trying PasswordSafe, I stumbeled upon KeePass, another open-source program, similar to PasswordSafe, except that it most notably packed more features. Instead of using Blowfish, it uses AES or Twofish, which doesn’t say that much to me, but these algorithms are supposedly very good, so it makes little difference. After trying out these two programs, I can wholeheartedly recommened them both, but I think KeePass is superior, because it has more options available to you. My only gripe with it is that the developers refuse to add an e-mail field. A shame, really.

I got two KeePass databases now: One for the accumulating website usernames/passwords I have gathered throughout the years, and another core database with only a few, very important passwords stored inside. I only have to write down the master password for the latter and I got it all covered. Just remember: if you want to do this, to make a long and complicated master password, write it down, and back up the encrypted database file on a removable disk!

Download KeePass for Windows (unofficial ports to other OS, like Linux, available).