All of us use a password to log in to different online accounts, whether in banks, email, websites to see the consumption of electricity, gas, water and much more. We continually have to manage dozens of passwords, bearing in mind that it is not advisable to reuse the same password for several services, it is very important to have a password manager like KeePass, an Open Source software that will allow us to store them all safely in one « safe”. If you want to know everything about KeePass and how it works, then you have all the details.
Characteristics, encryption and main functions
KeePass is an Open Source software that allows us to create a “safe” and store all the usernames and passwords we have there. If you cannot remember so many passwords, and you want to centralize that all your usernames and passwords are in the same place, this software is one of the best that you can use.
The operation is very simple, the program is in charge of creating a small encrypted database where we will have all our access credentials, in addition, this database will be encrypted with the best symmetric encryption algorithms such as AES-256 or ChaCha20, in addition, we will have a master key to decrypt this entire database. In case you want to use a key in file format to decrypt the database, you will also be able to do it, and you can even use the Windows username and password (if you do not change the password later) to access the database of data.
The use of this program is completely free, you do not have to pay anything. Officially it can only be installed on Windows operating systems from Windows 7 to Windows 11, and also on Linux, MacOS and FreeBSD operating systems. There are official KeePass contributions that are compatible with Android and iOS operating systems, in this way, we can always carry our passwords with us.
The best thing about this program is that it is not only available for installation on different operating systems, but it also has a portable mode, without the need to install it. In this way, we can carry all our passwords on a pen drive, both the program and the completely encrypted database. This feature is very important if we have several computers and always want to carry the KeePass password database with us.
Once we know the main features, the types of encryption and what functions it has, we are going to teach you how to use it.
Download and installation
The first thing we have to do is go to the official KeePass website, at the top of “Latests News” we can see the latest versions released by the development team. We have chosen the latest version available which is 2.50 final stable. We click on the hyperlink that will take us directly to the specific menu where we can download.
In this menu we can see the new features of the latest available version, compared to the previous stable version of the program. We also have both the new features and the improvements incorporated to have a better performance and even the correction of possible bugs. If we click on the “Download KeePass 2.50” section we can directly access the download section of this program.
In this web menu we can download the latest stable versions, both version 1.X and version 2.X. We have downloaded the latest version 2.50 available on the web. Once you have decided on the version to download, you will have to choose between downloading the program’s setup.exe installer to install it on your computer, or downloading the “Portable” version that does not require any type of installation and can be run on any computer .
A very important detail of the portable download is that we can always carry it with us on a flash drive. Any settings we make will not be stored outside of the main directory, so we can have everything in one folder and make any settings we want.
The first time we open the portable version executable, it will ask us if we want to check if there is an update of the program every time we start it, to always be up to date with regard to improvements in security, performance and bug fixes.
Once we have installed or opened the portable version executable, we are going to access the program to start creating our safe and store all our passwords there.
Using this keystore
Although the graphical user interface is very simple, it is specifically designed to occupy the minimum possible resources on our computer. When we run the program for the first time, we can see that everything is blank, in fact, we don’t even have the database where we should store all our passwords. Next, we are going to explain how to create the database, add new access credentials and other options.
Create encrypted database
The first thing we need to do is create a database where we will store all our passwords. To be able to do this, we click on «File / New Database», we will get a message that will indicate that all the data will be stored in this database and that everything is really in a normal file, when we click on OK we Windows explorer will come out to save this file, which is the one that will contain the database with all our passwords. We can give it the name we want, but we must keep it well because it will be the entire password database as soon as we start registering them.
After choosing the database name and location, we need to configure its security. For this, it is absolutely necessary to put a master password to decrypt the database when we want to manage our passwords. In this “Master Password” the program will indicate the strength of the password, in addition, we also have the possibility of displaying the advanced options that have:
- Use a file to decrypt the database . This file will be used as the “master key” so it is very important that no one has access to this file. Also, if the file is lost or changed in the slightest, we will not be able to access our key database, so it is advisable to make a backup of this file.
- Use the Windows user account . This allows us to access the database with the Windows access credentials, both the username and the password. We do not recommend choosing this option because if the Windows user account changes, even if we have the same username/password, we cannot access the database, and it is necessary to make a backup to restore everything from the backup. This option is dangerous because we can lose access to the database, especially if we have not made a backup as indicated by KeePass.
We have chosen authentication through a master password that only we know. The strength indicator will tell us if it is strong or weak, in the case of not having the recommended length and complexity, we will get a warning indicating that the key is weak.
Once we have entered the password, we can configure the database options before creating it. For example, we can configure the name of the database and even put a description to this database, we also have the possibility to give it a default username for new entries, and even customize the color of the database .
The most important option is in the “ Security ” section, and it is that we can use both the AES 256-bit symmetric encryption as well as Chacha20, both encryptions are currently the most secure that exist, so you can choose any of them. We also have the possibility to choose a key derivation function, by default it is AES-KDF and we can choose the number of iterations that we want. Other options are to select Argon2d and Argon2id as key derivation functions.
In the “Compression” tab we can choose not to compress the information, or choose the Gzip compression that does not have much impact on resources and the compression is quite decent, especially for this type of user and password data.
In the “Recycle Bin” tab is where we can enable a recycle bin so as not to permanently delete the entries that we create, this is something important so as not to make a mistake when deleting user accounts.
In the “Advanced” section we can choose other configuration options such as choosing templates for a group of keys, limiting the history of entries and even limiting the history in size (MB). Regarding the master key, we can force it to recommend that we change this password every few days, and even force it to be changed to improve security. Finally, we can also force the master key to change the next time we try to open the database.
Once we click on “OK” to create the database, we will get a message that will allow us to print a document with all the important information to open the database, of course, if we print this it is absolutely necessary to save it somewhere safe, because there will be all the information necessary to access the database.
Now that we have created the database, we are going to access it to start entering new access credentials.
Add new access credentials
Adding new access credentials is really easy. The first thing we need to know is where to register these passwords, we can do it in the main database, or use the different groups such as “General”, “Windows”, “Network”, “Internet”, “eMail” and “ Home Banking”. However, we also have the possibility of creating our own group with the name we want, and even delete the groups that have already been created, there is no problem and we can configure it as we want.
To add a new credential, we right-click anywhere in the menu and choose the “ Add Entry ” option.
A new drop-down menu will automatically appear where we will have to put the title of the entry, the username, the password, repeat the password, it will indicate the strength of the password, and we can also put the URL if it is a website and even some additional notes. We also have the possibility to configure that this key that we have set will expire at a certain time.
In the ” Advanced ” section we can also put additional information and even attach a file that we want. In the “Properties” section we can configure the color background, put a tag and other settings. We can also activate and configure the auto-type and see the change history of this entry (limited by the database configuration that we have seen before).
Once we have created it, it will appear in the main menu of “Database” or in the different groups.
We also have the possibility to add new entries in the different groups, we simply open the group on the left side, and on the right side we right click and “Add entry”, as we did before.
As you have seen, creating a new entry is really easy and simple, in this way, we can have all our access credentials very well organized. Remember that you also have the possibility of adding attached files, ideal for storing additional keys or certificates.
Other options and settings
In the upper bar we have the different « File » menus where we can create a new database, open an existing one, close it, save it in the created file, configure the database options, change the master key, import a password database from KeePass, Excel, other password managers like LastPass and many more options. We also have the possibility of exporting our database in CSV format, in HTML, etc.
In the ” Group ” section is where we can create a new group, edit an existing group, duplicate a group to later modify it, delete an already created group, change the order of the groups that we have created and even copy a group to another different database or export it. In the « Entry » section is where we can add new entries, select all and even export it. We can also modify all the entries, add attachments and many more actions that we have seen before. In the ” Find ” section is where we can search for our credentials if we have many, to make it easier for the user to find a specific one.
The “View” menu is where we can change the language of the program, show the toolbar and other settings related to the graphical user interface of the KeePass program. Finally, we have the “Tools” menu where we can generate a secure password, generate a list of secure passwords, launch a wizard, open tools related to the database, configure triggers, install plugins and see all the general options of the program .
As you can see, we have a large number of options available to perfectly adapt to the needs of users.
Conclusions
KeePass has proven to be one of the best options to securely store our passwords. This Open Source program, which is totally free and cross-platform, uses the two most robust and secure symmetric encryption algorithms that we can find today: AES with 256 bits and ChaCha20. In addition, we also have the best key derivation algorithms that we can use, so the security of our data is guaranteed. We must bear in mind that it is very important to choose a very robust master password, because the security of the rest of the passwords that we have in the database will depend on the length and complexity of this key.
Although this program has a very simple graphical user interface, and it may even seem that the program is something “old”, internally it has the latest technologies in encryption and security that exist. Another point in favor is the speed of operation, the ease of creating groups of passwords and even the ease of creating new entries, with a multitude of options available. Finally, something that we would like to highlight is that it will not only protect our usernames and passwords, but also any information or note that we add to the entry, and it even protects the attachments that we put, ideal for protecting digital certificates and private keys. to authenticate us elsewhere.