KeePassX 0.4.1 Review
key review info
- Application: KeePassX 0.4.1
- Reviewed on:
- Extensive management
- (7 more, see all...)
System administrators and computer security experts keep reminding users that they should use strong passwords and change them regularly. Unfortunately, strong passwords are usually complicated and hard to remember, therefore prone to be forgotten or misused. Even if you do manage to remember one or two complicated passwords, using them for all your different accounts is a pretty bad idea, since if one of them is compromised the others that share the password are sitting ducks.
But what if you could use a single password to open a secure container holding all your login credentials and other data that you might want to store in it? It would be great, and KeePassX is just the program to do all of that. Also, you don't have to worry about accessing your programs from other operating systems, hidden backdoors that would expose your data or cumbersome installation procedures. KeePassX is open source, so you can see the source code yourself and even contribute if you want, multiplatform, and it even provides prebuilt packages for a number of well-known Linux distributions.
The interface is pretty simple, but the toolbar icons will take a while to get used to, because their functionality isn't exactly obvious and they have no text. On the left sidebar you will find the groups, the top part of the window holds the actual entries and the bottom half displays their content. What will throw you off a bit at the beginning is the fact that KeePassX doesn't save its information after each action you take. You can either choose to manually click the save button on the toolbar or wait until you close the application, when you will receive a notification about your unsaved data. That is both a good and a bad thing, because it minimizes the risk of corrupting information by doing an automated save during a power failure or another unfortunate event of that type, but it also puts your unsaved data in danger should something of that sort happen.
Adding a new entry is a straightforward task; you either press the corresponding toolbar button, go to Entries -> Add New Entry in the menu or just press Ctrl+Y. A new window will appear, where you can choose a group and a custom icon for your entry, add a title to it, the usual login credentials (username and password), a URL address, a comment and even set an expiration date. More interesting is the little "Gen." button that is located to the right of the password fields. By clicking it you will open a very flexible password generator with customizable character set and length, a strength indicator. Whether the generated passwords are "Pronounceable" is something that can be argued upon, but if it's security that you want, you might want to spare a moment for the "Enable entropy collection" function. Enabling this option further enhances the security of the generated password by sampling random data from your mouse movements or the letters typed while the "Entropy Collection" window is selected.
Once you insert a couple of your accounts in KeePassX's database, the next step is to extract the required information, like usernames and passwords, when needed. The basic way would be to right click an entry, select "Copy Username to Clipboard," paste it in the login form where it is needed, then do that all again for the password, but this process requires quite a lot of mousing around. You can do it faster by remembering that Ctrl+B will copy the username to the clipboard and Ctrl+C handles the password, but there is a better way still. It's called AutoType, and it works like this. First, click on the field where your username is required, then switch to KeePassX, select the appropriate entry, press Ctrl+V and presto, your account details have been automatically entered in the required fields and you're already logging in.
The Auto-Type function can be further enhanced by choosing a global hotkey for the function, in KeePassX's Advanced Settings. Using it globally can be problematic because the application can't really guess where you want to enter your credentials, and you won't be very happy if they get pasted into your instant messaging application or IRC client. That can be avoided by selecting a target window when you create or edit an entry. To do that, open the application or page where these credentials are needed, then switch to KeePassX and, in the New Entry window, click "Tools -> Auto-Type: Select Target Window." You will be able to pick the desired application from a drop-down list. Also, the login screen of some applications may not work with the "Username TAB Password ENTER" sequence that KeePassX uses by default. To fix that, in the "Tools" menu there is an option to define a custom sequence. You will have to do it by hand, using a few simple macros, but it's better than just being stuck with a feature that is not working. Although Auto-Type is tagged as an experimental feature, it worked as advertised and I haven't had any problems with it.
KeePassX takes good care of your passwords and encrypts its container with the proven AES algorithm, but if you don't trust it you can switch to using Twofish. This can be done in the "Database Settings" window, where you can also choose the number of encryption rounds to be performed. Putting a higher number into that box further increases the security of the database by encrypting it for as many times as the number says, at the cost of performance. The clock button next to that field is very useful in that case, because it computes how many rounds your computer can do in one second and then fills in that number. This way you don't have to worry about loading times; the one second delay only applies when you unlock the database. Still, no matter how advanced the encryption is, it is only as good as your database password and its security.
KeePassX's documentation is pretty scarce. You only get a short description of the KeePassX project, the system requirements and an installation guide which isn't useful at all if you already installed the application from your Linux distribution's repository. The largest part of the documentation is represented by the Quick-start Guide, which covers the basics of using the application and in which you will find a short guide on setting up Auto-Type. KeePassX is currently available in 17 languages, but if you feel like adding one yourself you will find the necessary information and tools on the project's website.
KeePassX is very secure and customizable. The number of supported platforms is large enough, and it will be pretty hard to find yourself in the impossibility of accessing your passwords.
The settings window can be confusing with all the options spread out across multiple categories. The documentation isn't complete, and it doesn't have any screenshots.
If you are an advanced user that has many accounts and you don't want to risk having them compromised, don't write them down into a file called Passwords.txt, just use KeePassX instead.