Password-Managers – GrapheneGoat

You need a Password Manager (instead of the pile of sticky notes you have!)

Generally, you should be using a password with at least 12 characters and a mix of upper/lower case letters, numbers and even symbols. Not all websites allow all symbols, but most will accept any symbols that are on the top row of your keyboard such as !@#$%^&*()_ characters. However, I would rather see you use 15+ length passwords, generated by a password manager. Read on.

Top Recommendations for Password Managers:

1. KeePassXC

2. Bitwarden

3. Proton Pass

Use a dedicated password manager, a software program that stores your login credentials for you in a single database file, that file being locked with a password of its own.

Today I only have to remember one password to access my entire digital life, I don’t even know what my passwords are for my hundreds of accounts. I rely on the password manager, in my case a program called KeePassXC, to do the work for me, and centralize all of my login credentials. Let’s go over some basics of passwords themselves, and some strategies for using a password manager in an effective way that should suit most of us for our digital lives.

1. As mentioned, use long passwords with all four types of characters: upper/lower case letters, numbers and symbols.

2. ALWAYS keep a backup of your password manager database file, and guard it.

3. NEVER use the same password for any two accounts, even for non-important things; if your Snapchat password is breached and made available, hackers will attempt that same email/username and password combo on bank websites, social media, crypto accounts and so on. Recycling passwords is a big no-no. (that we are/were ALL guilty of doing at some point, let’s fix it)

4. Do not reuse old passwords, for similar reason as above. Instead, use KeePassXC auto generate button next to the password field on an entry, it will generate a random strong password for you. You can change the types of characters used, as well as the length of the password. If a site will let you use a 20-30+ character password, then go for it, it’s simply a copy/paste, so length is irrelevant to convenience, but exponentially harder to break.

5. Change your passwords periodically? This is falling by the wayside thankfully, and actually can cause more harm than good in the real world application. Those that are forced to change their passwords every 90 days for example, as is common still, they are less likely to use a strong password, making your account more vulnerable. Simply rely on the strength of a good unique, long, strong password for each account and safeguard it, there is no need to change it unless that service is breached, or the password is compromised in some other way.

If the site you are using requires a password change say every 90 days, you can set KeePassXC to warn you that it’s time to reset.

6. Be careful when sharing your password information over messaging and email. If you choose to put all of your credentials in one .kdbx file, it must be protected carefully. If you need to compartmentalize your credentials, consider creating multiple databases with unique passwords. However know that the more that you create, the more work will be required to keep all of them up to date.

-o-

KeePassXC

Download KeePassXC directly from their site: https://keepassxc.org/

Install KeePassXC onto your device

On Debian/Ubuntu based Linux, you can download and install by issuing the following command into your terminal:

sudo apt update && sudo apt install keepassxc

And hit enter to accept, this will download and install KeePassXC onto your system. Now search Applications menu for it and open to begin creating a database.

Create a database and name it something you will recognize, I also like to add today’s date onto the file name to help keep track of things. You will be prompted to enter a passphrase, this is the master password and should be something strong (12+ mixed characters) and something that you will remember. Best practice is to never write that down anywhere for maximum security. This will be the password you need in order to open/unlock the database file to access all of your others that you put into the database.

Save the database file (.kdbx is the default format) in the desired folder on your machine. Ensure to make copies of this as backups.

Begin adding entries and credentials of all of your accounts. (Click the ‘+entry’ sign on top center left of database) Add as much information to each entry as you can such as recovery or seed phrases, URL link to the login page of the site, PIN numbers, method of 2FA (Two Factor Authentication) and anything else needed.

Keep the database file safe by closing it when not in use, and guarding the physical media it is on, and make backups to something like a USB drive.

It’s really that easy, now to access an account of yours, use your master password to unlock the database, and copy/paste the credentials onto the site you are accessing. KeePassXC allows you to integrate with browsers for autofill, but I do not trust these types of features and prefer the completely offline method and using Ctl + C / Ctl + V (copy/paste) method.

* Bonus trick: I store a copy of my password database on an encrypted USB stick that lives with me everywhere I go. In order to open a .kdbx file, you need KeePassXC software, I highly encourage you to download KeePassXC software onto the same USB stick, I have a version for Linux, macOS and Windows. The reason I do this is that I can go up to any computer and if KeePassXC is not already installed on the machine, I can install from the USB drive and then open my password database .kdbx file. (This allows you to access your information if internet is unavailable to download KeePassXC- KeePassXC can be used for more than just login information, you could store contacts and other important information)

Example KeePassXC database:

———————————

**(To use the database on a mobile phone, use KeePassDX app from F-Droid: https://www.keepassdx.com/)

Example KeePassDX entry on mobile:

**KeePassXC has one of the best How To guides I’ve ever seen, so I won’t recreate it too much, I encourage you to skim through it to see all of the features available:

https://keepassxc.org/docs/KeePassXC_GettingStarted.html

Here is an 18 minute beginner tutorial on KeePassXC installation and use by Switched to Linux:

-o-

Bitwarden

Bitwarden offers a cloud based Password Manager which may be more appealing to you if you don’t have the best data management practices that KeePassXC requires. Bitwarden is also free and open source software, end to end encrypted, zero knowledge (meaning even Bitwarden cannot decrypt and see your data or passwords) and will update a central database in the cloud. This Password Manager database is accessible via a web browser, or via the app on any mobile or desktop platform. Making changes from any device, will update the central cloud database and will be visible from any of your other devices. The free version will be adequate for most users, but paid tiers offer more options.

*Always export a copy to store locally, do not rely on the cloud alone! Do this often, you’ll thank yourself later should you get locked out, and even the best cloud services can get hacked or deleted.

-o-

Proton Pass

Proton Pass comes standard with your Proton Mail account along with the other Proton products such as their VPN, calendar and cloud services. Proton Pass launched in 2023, it is the newest of these three options, however has proven to be solid so far. This is also a cloud based Password Manager much like Bitwarden, and includes alias emails on the fly in addition to a password manager, all for free. Access via a web browser or from the app on your devices. Proton is also free and open source software, end to end encrypted, and is a zero knowledge service meaning even Proton cannot decrypt and see your data or passwords.

-o-

To switch Password Managers, you can export your database into CSV format and import to another Password Manager app. Don’t store your database in CSV however, unless protected in an encrypted container, use the security (encryption) of your Password Manager’s database. Use the CSV format only to transfer your data.

In KeePassXC, click ‘Database’ in top left corner and select ‘Export to CSV’

Ascending the final summit block of Mt. Olympus, WA