Thursday, April 05, 2007

KeePass - Password Manager

KeePass is a "free, open-source, light-weight and easy-to-use password manager."

KeePass is your master key to all your locks. It is a better way of saving, storing and tracking your password in your computer. No doubt it is better than having them around in some text file or draft email copy (I know we do that!). For quite sometime I have been saving my growing and ever increasing web logins and passwords in a text file. But then I realised that somehow it was getting difficult each day managing them from there. Plus I have a collection of UNIX boxes with weird passwords on each. I had to look out for a open source password manager. I played around with two and am currently using KeePass.

The other open source password manager which I tried was "Password Safe".

There are some stark reasons for me sticking to KeePass:
  • KeePass has an excellent GUI and is easy on the eyes and friendly to use
  • It allows between two very powerful encryption algorithms to choose for encrypting the password storage file: AES(Rijndael) or Twofish
  • KeePass 1.x is portable and does not require a install. It truly does not store anything anywhere in the system other than the password database.
  • Import/Export the database file from/to a range of formats like TXT, HTML, XML and CSV
  • It provides options to make groups, subgroups, trees, attach files (PGP signature files) etc.
  • Auto-Type, Global Hot Key, Drag-n-Drop
  • A nifty and strong built-in password generator
  • Has a plugin based architecture.
  • The application along with its files occupies only about 888KB of disk space with its actual size being close to 873KB (The storage file or DB has not been included here - its going to be as big as the number of entries - typically 5KB for 14 entries in my machine)
  • Occupies a steady 8MB-10MB of system RAM or memory when open (much more than "Password Safe")
The upcoming release with some more new features, KeePass 2.x is for Windows XP and requires the .NET runtime to be set. I would have been happier if they would have left the .NET out of this, I as a user with very less system RAM did not have too many happy experiences with .NET

Download KeePass 1.0.6 install package : KeePass-1.06-Setup.exe
Download KeePass 1.0.6 zipped package: KeePass-1.06.zip
Released on: 2006-10-14 10:23

A wonderful thing about using password manager is that I can be sure that the passwords generated are the most difficult ones to crack.

The sad part about using a password manager like KeePass is that I have to carry the database with me and also have KeePass to be able to open it. One way is to store the password data file and KeePass application in a USB drive. But I have seen instances where USB drives are not permitted to be used (though floppies are, don't ask me why!) and then we will be without access to anything much than the master password.

Well there seems to be a online solution to a part of the problem (partly open source as the libraries for encryption are open source) called Clipperz.

But if you are a deskaholic/laptaholic and online most of the time, have numerous logins, think that the extra space saved by not remembering all the passwords can be reused, have a USB key chain to flaunt (with something in it!) or just want to try out a cool looking open source password manager then KeePass would be your one stop solution.

Be safe:
Remember whatever be the encryption algorithm or software solution; you are only as safe as the complexity of the password.

3 comments:

Anonymous said...

Keepass is just a password database not a password manager because it lacks auto-fill forms feature. Unfortunatelly there i sno decent open source alternative for a decent password manager. You will be blasted by switching to Web Replay or Roboform. Both are free to use for your 10 most important passwords.

Techknight said...

No KeePass is not a password database alone. Did you try KeePass before making this comment? Does auto-fill alone make a password manager a password manager? Truth is I have used RoboForm long long time back though. I checked RoboForm and found the following about Roboform and KeePass:
1. Both memorize your passwords and log you in automatically. KeePass auto-types the login and password for you.
2. KeePass does not fill forms its a password manager. It never was meant to be a web form manager.
3. Both encrypt your passwords to achieve complete security.
4. Both generate random passwords that hackers cannot guess.
5. KeePass is not a antiphisher - its supposed to be a password manager.
6. Both defeat Keyloggers by not using keyboard to type passwords. KeePass even keeps the password encrypted when its loaded in memory .
7. Both store the login, password and rest of details in encrypted files.
8. These encrypted datafiles can be easily carried around and reused with a different copy of the KeePass application.
9. Both search for keywords in your passwords, notes, details but NOT in the Internet. Why on the internet?
10. Portable: RoboForm2Go runs from USB key, no install needed and so is KeePass
10. PDA-friendly: sync your passwords to Pocket PC and Palm. What is a sync but a unique single copy of the datafile being transfered from one location to the other? KeePass data store can be copied across machines/drives, emailed even without KeePass
11. Neutral: works with Internet Explorer, AOL/MSN, Firefox. KeePass too will work anywhere a login or password can be typed.
12. IE 7 and Vista are now supported. Does not matter much as long as the datafile and application can be run on a platform (OS) KeePass will work too. Currently KeePass is available for Linux, MacOSX, PalmOS, PocketPC and Smart Devices; in case portability is a concern.

If I see so many similarities between the two why should I be restricted to 10 most important passwords and pay for something which has more than what I need? I find KeePass rather better than RoboForm in terms of being a true password manager. Hiding the same features under different names and terms is usual when I would like to sell a product but KeePass is free, no one is forcing anyone into using (extra features which I dont need!) it or even charging them for using it. KeePass is light and does only what its been meant to do nothing more and nothing less. It does its job well, is more simple and does not overwhelm with extra features which I never asked for. RoboForm and Web Replay are good tools and they can be useful to many for many other reasons, but they try to be so many things in one, whereas I just need one.

KeePass makes it extremely easy to manage my login, passwords, notes, associated URLs, files and hence I think qualifies to be called a Password Manager.

Tara (PassPack) said...

Just my two cents.

First cent: KeePass *is* a password manager, and an excellent one at that. Denying this is about the silliest thing I've ever heard.

Second (biased) cent: Clipperz is mentioned in the article, but PassPack (http://www.passpack.com) has got more of the features that KeePass users are accustomed to. Not *all* of them, but the trade off is 24/7 access via internet.

Like I said, just my two cents.