Passwords are often the only thing standing between a hacker and your online accounts. This guide will introduce you to using KeePassXC to create strong, unique passwords. As a bonus, we’ll show how password managers can also help you save time when filling out login screens and online forms. It’s an easy way to make browsing the web easier, faster, and more secure.
Why it’s a good idea to use unique passwords
I don’t think I need to convince anyone that passwords are annoying. It’s hard to remember them, so everyone uses the same password for all of their accounts. You know this, I know this. But hackers also know this.
If you use the same password everywhere, a hacker only needs to get your password once in order to break into many of your online accounts. And it seems like every week, we hear about a massive new password breach. (Think about how we recently learned that all of Yahoo’s 3 billion accounts were breached in 2013.)
Imagine if an attacker used your single, easy-to-remember password to access your health care records, your home address, credit card numbers, or your social security number. To minimize the damage from a breach, you should use unique passwords on each account. But it can be a challenge to remember each password.
Enter password managers
Password managers make it easy to remember a single password, and still have long, unique passwords on all of your accounts. How is this possible? You use just one password to unlock your secure password “vault.” From your vault, you can quickly fill out login forms on all of your devices.
What is KeePassXC?
KeePassXC is a free and open source password manager, based on the official build of a piece of software called KeePass, for Windows. In practice, KeePass isn’t really one application — it’s more like an ecosystem of compatible software created by open source developers. KeePassXC is one of the friendliest versions of KeePass under active development.
Get KeePass for all of the devices you want to use
KeePassXC can be downloaded for desktop operating systems, while mobile devices can use interoperable versions of KeePass. Download it for the devices you want to use.
Windows, Mac, and Linux users: Download KeePassXC here.
Create your KeePass database
After you’ve installed KeePassXC, open it up on your computer. The very first thing we’ll do is create our password vault, or a password database. Click “Create new database”
Next, we’ll create our Master Password that unlocks your password database. This is the only password that you need to remember. It needs to be a *really* good one, so no one can guess it. Consider using a long password with upper and lower cased letters, numbers, and symbols. Alternatively, use a passphrase — a phrase that only you will remember. Unusual passphrases can help to make them more memorable. NSA whistleblower Edward Snowden offers the example, “Margaret Thatcher is 110% sexy.” It’s long, has upper- and lower-cased letters, numbers, symbols, and spaces. And it’s hard to forget.
After choosing your master password, we need to make a decision: do you want to use a key file?
A key file is an additional file that will be required, along with the password, to unlock your database. This can be a very powerful defense if a remote hacker manages to get access to your database. Key files can be inconvenient, because you will regularly be asked to find your key file before you can access your passwords. If you create a key file, be careful to keep it in a safe place where you can access it on each device.
Save your database somewhere convenient, because we’re going to want to find it so that we can have it automatically update on all of your devices. When you open the database in your desktop application it will look something like this.
Sync across devices
If you want to sync your passwords across all of your devices, you will need to put your password database on a service, such as Google Drive, Dropbox, or a tool of your choice. You will need to download sync software on all of the devices you want to use.
Log into your app on all of the devices you want to use. Find and open the folder for your new sync app. By default, those are found here:
Windows: C:/Users/username/Google Drive
Mac: /Users/username/Google Drive
Linux: /Users/username/Google Drive
Move the database over to the sync application of your choice. It will update across all of your devices automatically. Don’t forget to have your mobile device use the new location for your database as well.
Plug KeePass into your browser
You can manually copy and paste logins from your password database into your online forms, but browser extensions would allow you to fill out forms automatically.
You can find more browser integrations here.
Because KeePass represents a large ecosystem of applications, each is slightly different, but the idea behind each browser extension is similar. Let’s walk through one example using the KeePassXC integration for Google Chrome.
We need to import our database so the browser extension will recognize it. First, to allow KeePassXC to share files with the browser extension, open the app and change your settings:
Mac & Linux users:
Preferences > Browser Integration > Enable KeePassXC browser integration
Tools > Settings > Browser Integration > Enable KeePassXC browser integration
From here you can choose your browser.
Click on the KeePassXC integration icon in your browser, usually next to your search bar. From here, click “Connect” and add a name for the connection between your browser and KeePassXC.
Now you can access your passwords from your browser.
Begin adding logins to your database
Click the icon with the key highlighted in green. Under “Title” at the top, give the website a label, and then enter the login credentials for the website. Notice that you can also generate passwords from this page. KeePassXC will create a random password using whatever length and characters you like.
Enter the URL for the website you want to access. After you’re done, click “OK” at the bottom.
KeePassXC will automatically update your password database in your browser.
From now on, you can automatically fill out websites you’ve added to your database by right-clicking on the login field, or by using keyboard shortcuts:
Windows users: Alt-shift-U
Mac users: Ctrl-shift-U
Linux users: Ctrl-shift-U
You can use KeePassXC to save your existing passwords and automatically fill them out. But the real benefit of password managers is to allow you to generate long, randomized passwords that you don’t need to remember. Consider changing passwords on the websites you visit most often, and updating them in KeePassXC. Be sure to use the application to randomize your passwords when possible.
The main downsides of KeePassXC
Once you’ve set up KeePassXC, it can also be very annoying to log in without it (e.g., if you want to log in on your friend’s computer). If you know you’re going to frequently use a password on a computer that does not have your password manager information, you may want to commit the password to memory rather than randomizing it.
You’re caught up!
Now you’re caught up with KeePassXC. I hope this has been helpful! If you have any questions, feel free to reach out here, or on Twitter at @mshelton. I’ve also written two separate guides on 1Password and LastPass, for those who are looking for alternatives.
Edit: Changed much of the article to include more well-supported KeePass applications, including KeePassXC, Strongbox, and KeePass2Android.
Last updated May 6, 2020.