Secure your passwords and personal data with KeePassX

Secret Stash

Article from Issue 173/2015

KeePassX is an open source personal data management tool that lets you keep your passwords, URLs, attachments, and peace of mind

I am an avid Internet user, and as soon as I hear of a new website or an Internet-based service, I head over to the site to experience it firsthand. Almost all the websites need some kind of authentication before they let me use their services. The problem is, I personally find it very difficult to remember passwords, and with the increasingly common news of data and identity theft, I am scared to save passwords in browsers. Writing passwords down is out of question. Another possible way out is to use the same password everywhere – which is again a very unsafe option.

Online security has become a huge concern among Internet users today. News of some website being hacked fails to even surprise anymore. Although websites are doing whatever they can to keep user data safe, end users also have a role to play in ensuring security and privacy online. One important step is to use strong passwords for all the different Internet accounts. The other task is to manage passwords in a discrete and efficient way – don't just write them on Post-it notes and leave them around your workspace. Unfortunately, strong, unique passwords are difficult to memorize, which creates the need for some kind of efficient, secure means for tracking and managing authentication information

KeePassX [1] is a personal data management tool that helps you store your user IDs, passwords, email attachments, and comments all in a single secure database. This database is encrypted and is accessible only when you enter the correct key. KeePassX also helps you generate strong passwords.

The KeePassX personal data management tool (Figure 1), which was originally called KeePass/L (L for Linux), started as a Linux port of a Windows password manager tool called KeePass Password Safe. KeePass/L gradually grew beyond its Linux roots and became a fully cross-platform application, with support for both Windows and Mac OS), and the name officially changed to KeePassX in March 2006.

Figure 1: KeePassX lets you store passwords and personal information from all your online accounts in a single user interface.

Installing KeePassX

For this article, I will assume you are using Ubuntu 14.04 as the host system, but the steps are similar for other systems. On Ubuntu you can use the apt-get command to install KeePassX (Figure 2). Just type

sudo apt-get install keepassx

or find KeePassX with your GUI-based package management tool.

Figure 2: KeePassX is very easy to install on Linux systems.

If you are using a system that doesn't have an available package, you can still install KeePassX from source code. Download the source tarball from the project website, extract the archive with tar, and change to the created folder:

tar xzvf keepassx-<version>.tar.gz
cd keepassx-<version>

Now, enter the qmake command and compile using make. Finally, install using make install.

Getting Started

The easiest way to launch KeePassX in Ubuntu is via the search feature.

The first step is to create a database file. The KeePassX database file, which has a .kdb extension, holds the personal information you want to store in KeePassX. The KeePassX window shows two options: you can either create a fresh database or open an old KeePassX database (you'll need the password to open it). If you are creating a new database, you'll need to create the password (Figure 3). KeePassX then instantly creates a new database file and opens it for editing.

Figure 3: You'll need to enter a password when you create the database file.

KeePassX lets you organize personal data from different online accounts into groups. Groups provide a logical separation for your data and make it easier to manage many accounts. Two groups are available by default: Internet and eMail. You can add or delete groups as necessary, and nested groups are supported.

User data is saved as entries in groups, and each entry contains a bundle of data associated with a specific account, including a username, password, URL, and more. To add an entry, click on the group in which you'd like the entry to be added and then click the Add New Entry button. A new form opens (Figure 4). The next time you want to log in to the account, you can refer to KeePassX for login information, plus any comments you might have left for later reference.

Figure 4: Add personal data for one of your online accounts to the New Entry form.

As you can see in Figure 4, a KeePassX entry can also refer to an attachment. The attachment file is also stored in the database and can only be downloaded from the entry.

Also, you can set up entries in KeePassX with expiry dates. Expired passwords are easily spotted in the entry detail view. It is good practice to set expiry dates for your passwords even if the website doesn't enforce them. Setting an expiry date ensures that your account's exposure to misuse is limited.

Add the necessary details in the Add New Entry dialog and click OK. You have now saved your first entry in KeePassX.

Password Generator

Password policies are enforced by websites to make sure users have strong passwords, but they can sometimes be very irritating. KeePassX lets you generate passwords easily with its own password generator. You can configure the password generator so that the passwords conform to specific password policies.

Select Extras | Password Generator from the top menubar, or you can reach the password generator by clicking on the Gen button in the New Entry dialog (refer to Figure 4).

The KeePassX password generator (Figure 5) has three tabs: Random, Pronounceable, and Custom. The Random tab lets you select character groups to include in the password, and you can even make sure the new password has characters from every group you have selected. The Pronounceable tab is almost the same as random, with the obvious difference that passwords generated here can be pronounced. (Although you are not supposed to go around pronouncing your password out loud, a pronounceable password typically contains words or word fragments that make it easier to remember and thus is less likely to be written down than a random password.) The Custom tab lets you generate passwords from the set of characters you enter.

Figure 5: KeePassX will generate a password and even lets you define password policies.

Figure 5 shows the tab for generating a random password. Below the tabs, you can see the Options section. You can set the password length using Length field. On the right of the Length field is the Quality indicator bar, which shows the strength of password that will be generated based on current settings. Note the quality level changes when you add/remove character groups or change the password length.

The Enable entropy collection checkbox allows you to add entropy to the seed used for generating the password. (See the box titled "Entropy.") Add entropy by moving the mouse pointer as randomly as you can. If you disable Collect only once per session, KeePassX will prompt you to add entropy whenever you want to generate a password.


In physics, entropy means randomness or uncertainty. In information science, entropy is a measure of randomness in data. The more random your password is, the more difficult it is to crack. Lets see how all this works in KeePassX context.

The password generator in KeePassX uses a random number generator implemented within software. Software-based generators can only produce pseudo-random (PRNG) results. The generator starts with a seed, and, if the seed is well known, anyone with knowledge of the PRNG algorithm can derive the same values. A seed with high entropy is difficult to regenerate.

Computers use several ways to add entropy to the seed pool. For example, most Unix-like operating systems provide a /dev/random and /dev/urandom device. These devices extract random bits to build encryption keys, one-time session keys, and seeds for probability outcomes. These devices hold entropy. In /dev/random, for example, environmental "noise" is gathered from the user, through mouse movements, disk usage, and other activities, then thrown into an entropy pool.

Click the Generate button, and a new password appears in the New Password text box. Click the eye icon to the left of the Generate button to see the new password.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More