A Simple Guide To Using KeepassXC
- An Inexpensive Password Management Solution
There are two main way of getting started with KeepassXC:
- creating a database and manually entering the required credentials
- creating a database and importing a .csv file [ note: this can be problematic if the .csv file was generated by another password manager ]
Database creation is not difficult, and offers the option of authentication dongle support, including support for Yubikey [ note:
the Yubikey input needs to be HMAC-SHA1 ]
Once the database has been created and, optionally, previous credentials imported, it is then just a case of installing the relevant plugin for the browser you are using (most major browsers are supported) and adding sites as you go; although this is where using KeepassXC can be awkward, as it is necessary to know the https:// login page for the site you are wanting to store credentials for, and this may not always be the page that the browser is directed to when you go to log into a website or web service.
Note: the browser plugin is a three-part process that requires minor configuration in the main KeepassXC configuration and then connecting the plugin to the KeepassXC database from within a browser window after downloading and installing the relevant plugin.
Making KeepassXC work with various websites can also be very difficult, quite aside from the fiddly (and finicky) process for adding or updating credentials (which involves clicking on the browser icon when KeepassXC detects changed or new credentials). The following is a short list of links for three websites that have proven to be particularly awkward for KeepassXC users to find:
- eBay: https://signin.ebay.co.uk/ws/eBayISAPI.dll?
- Gog: https://login.gog.com
- PayPal: https://www.paypal.com/uk/signin?
The easiest solution is to simply use Notepad++ alongside KeepassXC and to note new / amended usernames and passwords before entering them into KeepassXC manually (maybe not as secure, but infinitely preferable to being locked-out of various services completely because the password manager has failed to update your new, super-secure, AES-256-GCM passphrase or because you overlooked the need to confirm a change with you dongle confirmation (very easy to do).
There can also be issues with KeepassXC and USB keys (changing the Removal policy to the better performance option can help, but means that the device must only be removed via the Safely Remove Hardware systray icon), and many changes require an operating system restart before they will work properly (including the change to USB key removal policy); however, this appears to have been resolved in more recent releases of KeepassXC and does not appear to be causing problems on Windows 7 x64 now.
Note: uBlock Origin will break KeepassXC functionality; however this can be resolved by whitelisting the website or webpage in question.
All told, KeepassXC is a good solution (and is worthy of donations to keep it in development), with its only major weakness being the difficulty involved in getting it to work with various websites (locking it down to certain pages for sites is sound practice from a security perspective, but not good when many sites, - ironically for the same reason, - hide or obscure their main login page). This makes it a veritable nightmare for many people who visit websites like https://www.gog.com/ and try to login via the floating box only to find that KeepassXC will not populate their login details because KeepassXC will only accept logins via (in this case) https://login.gog.com.
- Just John, @: Ex5NY27U corequery.uk
- secure email address as detailed above -