parasurv's webspace

World Password Day

May 8th, 2020

Note: I am not a security expert, I am just a simple computer user, with some experience.

This sounds really silly to me. A day for passwords? I am not too fond of making "days" for different causes at, because it makes it feel less important for the other 364 days. Also there are sure more than 365 good things and people to care about in our life…

I saw the message on Mastodon, by The Privacy Foundation, whatever it is, that today is World Password Day. Cool! I have to write about this. This is an important part of our life, because we have passwords, pincodes and other codes. Even for an average person, they have more than 10: Email, bank account, code for the debit card, social media passwords (2-3 sometimes), etc.

How do you manage it?

Personally I only have 4 passwords in my head. My primary email (which also acts for recovery, which is not smart, I think), my debit card pincode and for the bank account and the 4th one is the most important: the password for my password manager.

I have been using a password manager for a few years now. Started distrusting web browsers with my gazillion passwords. Web browsers by nature are very vulnerable and always targeted by bad people. No matter if it is open-source, they will find a way to it…

My password manager: KeePassXC

He is my trusted friend. He is my true keeper. What does it know? Well start at the beginning. KeePassXC is free software, which keeps your account passwords and other kind of information in a encrypted database.

When you first start the program, you can create a database which you can protect with a master password by default, but I recommend creating a key file for it. In that case if one of them is missing, you can't access your database. In fact, you can have your key file on USB drive, or another device. The third option is to use a YubiKey.

Personally I like these options, and before that when I was using the browser for password keeping, I didn't think much about security this way. I don't have a USB key, as I don't use my passwords other than on my PC. But if I would have a laptop, I would definitely put my key file on one.

What I wouldn't do personally is to save my database or my key file on another computer (aka. "cloud"). Because other people's computer is not secure!

Things I really like about KeePassXC

There are some, I hope I won't miss any…

You can categorize your passwords into folders and give them different icons. Small stuff, but makes it things more usable.

Keyboard navigation is good, you can copy your user (Ctrl+B) and password (Ctrl+C) information with a shortcut.

There are so many settings that you can use, it's really worth your time to go through it and personalize it a little. There are some I personally use:

  • You can setup that you only start one instance, and you can start it minimized.
  • When you copy stuff from it, you can hide the KPXC window.
  • You can clear your clipboard after a given time.
  • Lock database after x seconds of inactivity. It might look a little bit paranoid on a single user PC, but I like it. In this way I will never forget my master password, because I have to use many times, every day.

I am not a fan of browser integration, but it might still a good choice for elderly or less experienced computer users. There is an extension for every major browser (no Opera, but there is for Brave and Vivaldi, hehe). Never used these, and never will, not even in Firefox.

There are other options I don't use, as I wrote before, take your time with these.

I also like that when you create a new entry, you have a very good password generator at hand, and you can give himit any number of characters to use, but beware that most websites doesn't really support more than 32-64 character long password, which is mindblowing these days.

You can also setup expiration date for your passwords. The note function is very handy if you want some extra info on that website/account.

I have never had a problem with opening my database or upgrading the program itself. If you are not using a password manager, I highly recommend KeePassXC to check it out (no I am not sponsored by them, it's just a good software)!

This was my day 12 post for #100DaysToOffload, where we write about anything we want on our personal blog for a hundred day straight, hehe. If you are interested, check it out and join us in these crazy times!