Secure your passwords and personal data with KeePassX


Autofill is the forte of web browsers. Almost all mainstream browsers now offer to store the user ID and password. However, with information theft on the rise, many users want to avoid saving login details to browsers. KeePassX offers an autotype feature that lets you easily fill the login details for a website. This feature is currently available only in the Linux version of KeePassX.

To use the autotype feature, first open the login page (e.g., your email login page); then, open KeePassX and go to the entry corresponding to this email account. Right-click the entry and click Perform AutoType (Figure 6). Login details are automatically fed to the login page – without the browser getting to know a thing! To configure the AutoType process, click on the Tools button on the bottom left corner of a New Entry dialog (refer to Figure 4).

Figure 6: Linux users can fill in login text automatically using the AutoType feature.

AutoType is a great feature, but it is available on Linux only. Other users can still copy and paste passwords and user IDs from the KeePassX window, just as you can. Data copied onto the clipboard is automatically wiped off in a few seconds. (You can configure the time the data will remain on the clipboard before it is cleared.)

The KeePassX window has separate buttons to copy the user ID (user icon) and password (key icon). (The second and third buttons from right on the top menubar.) If you want to change the duration after which the clipboard is cleared, go to Extras | Settings | Security and change the number of seconds.

Locking the Workspace

You are away from your desk for a few seconds, but you leave the screen unlocked. Those few seconds are all it takes for a social engineer to get the data. The effect of such an attack is more severe if the attacker gets access to your KeePassX window.

KeePassX allows you to lock your workspace with a single click by just clicking the rightmost icon on the top menubar (the padlock). To set the idle time before KeePassX automatically locks itself, go to Extras | Settings | Security. You can also set the option to lock KeePassX if you just minimize the window.

Using ownCloud

You can save the KeePassX database file anywhere, move it, or even email it as an attachment. This freedom opens a lot of new avenues for innovative use cases – the most obvious being a multiple-system environment.

Users today don't have just one device: A single user often has a personal laptop, the office laptop, a tablet, and a mobile phone – or sometimes more than one. Although KeePassX is a desktop application (there is no way to access it via another device), you can use the KeePassX database file to make the passwords available across platforms. Any file-sharing application, such as iCloud, Google Drive, or Dropbox, can help you transfer the KeePassX database file to other systems.

Why not do this the open source way? The free ownCloud tool is a great way to set up your own file-sharing cloud. You can set up a private installation of ownCloud to make the KeePassX database available on all your devices: You don't need a third-party server. Install ownCloud on your home PC and access it via the LAN/WiFi from other devices.

After downloading ownCloud from the website [4], installation is very easy. (See the installation instructions online [5] or refer to the user manual for more on operating ownCloud [6].) You just need a web server running on your computer. You can then drop the ownCloud folder to the web server's root directory. Access the folder via your browser and set up the admin user, and you are ready to roll.

After you log in successfully, you can add another layer of security by enabling ownCloud encryption. To do so, click on the drop-down menu on the far right and go to the Apps page. Scroll down to select the Encryption plugin, enable it, log out, and log in again to generate the encryption keys. Upload the KeePassX file to ownCloud.

To make sure your ownCloud is available throughout your local network; you need to edit the config.php file in the owncloud/config folder. Open the file, go to the trusted_domains section, and add the IP address of the system hosting ownCloud. Now you can access your ownCloud from other network devices. If you log in from another device, you will see that the KeePassX file is available on your LAN (Figure 7). Install KeePassX on your mobile device, and open the database file (Figure 8). All your passwords are now available on your mobile devices.

Figure 7: A tool like ownCloud lets you provide network access to the KeePassX database file.
Figure 8: Once the database file is available on your LAN, you can use KeePassX from a mobile device.

Since the network you are using is your home network, and it is possible you will make changes to the KeePassX file when you are not on the home network, be sure the file is synced before you use it on other devices, or you might end up with several version of the same file.

Encryption Algorithms

KeePassX uses two of the most secure encryption algorithms available today: AES and the Two Fish algorithm.

AES is a symmetric-key cipher, meaning the same key is used for the encryption and decryption of the data. It is a block cipher, with block size fixed at 128 bits (i.e., it operates on chunks of 128 bits of data). The key size used for an AES cipher can be 128, 192, or 256 bits. Check out AES encryption process with the flash animation available online [2].

Two Fish algorithm was one of the five finalists during the AES selection process. Although Two Fish was not selected because of performance concerns, it offers similar or even better security than the Rijndael algorithm that was eventually chosen for AES. Two Fish is also a symmetric key algorithm, with block size of 128 bits and key size ranges from 128 to 256 bits. The Two Fish algorithm is not patented, and the implementation is available for download [3].

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More