by

Keepass For Mac 2016

  1. Keepass For Mac Os
  2. Keepass For Mac 2016 Version

A free, open-source, KeePass-compatible password manager for macOS.

KeePass is a free open source password manager. It allows you to store all your passwords in a secure database which can be locked with a master key or key file, keeping your passwords safe and helping you manage them. KeePass supports AES (Advanced Encryption Standard) and the Twofish algorithm to keep your data secure. 1Password is a commercial tool, with the option of a free 30-day trial. As its name indicates, the idea behind this password keeper for Mac is for the user to remember only one password, called master password, and which allows access to the app’s database. Once access is granted, all other passwords are managed via 1Password. So I ended up choosing a combination of the KeePass framework and Safari+Mac OS X keychain for my password storage needs, with KeePassX for my client, along with a mobile app, MiniKeePass, that syncs my KeePass database using Dropbox. As an added bonus, the iOS mobile app is open source as well.

MacPass behaves just the way a macOS app should

Tabs

Open files in individual windows or use tabs to use a single window.

Autosave

Your files will get saved constantly. Lost something and cannot recover it from an entries history? Browse versions to find what you're looking for!

Undo/Redo

MacPass supports Undo/Redo for everything you do with your data. Something went wrong and you want to revert it, just undo your changes an you're good to go!

Drag & Drop

Move or copy entries and groups inside a database or between two files. Add file attachments by dropping them onto entries. You even can add entries by dragging URLs onto the database.

Quicklook

Enable previews to leverage the QuickLook system for previews of a variety of file types to take a look at your file attachments.

But there's more…

Autotype

Autotype enables MacPass to supply authentication credentials for any text based input. From webforms to authentication dialogs in any application. With Global Autotype you even can invoke Autotype from anywhere with a system wide shortcut. For more information please refer to the documentation.

Full KDB and KDBX Support

MacPass can read and write KDB Legacy files as well as the latest KDBX Format. You can even convert KDB to KDBX and the other way around.

Custom Icons

Change the way your entries and groups look by choosing from the many icons. If you like a bit of color, let MacPass generate icons based on websites for you!

Password Generator

Generate passwords using the built-in generator. Adjust the method to comply with any restriction you might encounter.

Expiration Dates

Set a date, when passwords expire. MacPass will mark them with a special icon so you'll spot them easily. You can even search for expired ones!

Synchronization

Changes made to your database outside of MacPass can be merged. No data is lost and all files are synchronized! You even can merge arbitrary files into one single database. MacPass is able to merge even KDB files, although the format is not designed for synchronisation.

History

If enabled, your changes to entries will get stored inside the database. Just restore an old state or take a look at what changed over time.

Auto update

MacPass incorporates Sparkle to support auto updates. You're always up to date!

Plugins

Since there's no one-size-fits-all, MacPass allows for Plugins to alter and extend its feauture set. Head over to the Plugin respository and start customizing.

Open-source

MacPass is free, open source software licensed under the GPLv3. It's build using other open source software like TransformerKit, KeePassKit, KissXML, Sparkle and a lot more. The source code is available on GitHub.

1 Introduction

Passwords are our gateway to interacting with the digital world. It's how we show that it's really us because no one else could know our password, right? Passwords are not perfect or very convenient to use but it's the only thing we have now. Better options are being researched, one of them could be the U2F token but for now we're stuck with passwords.

I heard people don't follow the best practices for safe passwords. And who's to blame? We are supposed to have strong passwords containing all kinds of crazy characters and different for each site. And everybody is using at least 10 sites on a regular basis plus around 100 other random sites they already forgot about. Humans can simply never remember 10 or more strong passwords and if they can, it's probably because they've been participating in memorizing competitions.

Let the computer remember things for you and you can forget all your passwords except one. Using a password manager (in this article I'm introducing KeePass 2), you can save all your passwords securely encrypted with a single master password. This master password will be long but you'll be able to remember it easily because you'll use it every day and it's the only one you need.

In this article I'll introduce KeePass 2, the open source password manager as well as a security analysis. So you can have concrete arguments explaining why it's secure. The first part of each section will explain how to use the password manager securely and is required reading. The second part will explain how the security works and you don't have to read it.

1 1 Security analysis

  • It's necessary to use a different password on different sites in case one of them gets breached (it did happen, LinkedIn, Yahoo, ...). If you're a hacker and need a password for a more important website, first try to compromise other services that person is using.
  • What if somebody compromises my computer and steals my unlocked password vault? That could happen but in that case they'll also have access to all your private files and even if you didn't use a password manager, access to websites you're already logged in to. Keeping your devices free of malware is always necessary.
  • 'I still don't feel good about centralizing all my passwords in one place', you say. That is generally a sound security attitude but consider that your primary email account already centralizes access to most of your services because it's used for forgotten password reset.
  • For critical sites (such as email), it's best to also use 2 Factor Authentication.

2 Getting started

2 1 Download

The original KeePass 2 application is Windows only. It can be downloaded from this page http://keepass.info/download.html. Choose the Installer button on top right and wait a moment for the download to start.

Alternatively, download from https://www.fosshub.com/KeePass.html, choose 'KeePass Installer, Professional Edition' (it's a strange name choice. Don't download the classic edition).

For a Mac, download KeePassX from https://www.keepassx.org/downloads and install in the usual Mac fashion.

2 2 Installation

When starting the installation on Windows, it should show a security window asking if you really want to install this program. This window MUST show Open Source Developer, Dominik Reichl. If not, do not allow it and delete the downloaded installer as you got a bad copy.

Security Analysis:

  • The project homepage as well as SourceForge mirrors don't have HTTPS. That's a bummer but the application files are digitally signed by the developer and the certificate is recognised by Windows. Therefore checking the digital signature provides stronger security than HTTPS. Furthermore, the FOSShub link is served over HTTPS.
  • The homepage for KeePassX does use HTTPS as well as the download. It does not have digital signatures but it can be downloaded from a website owned by the project's author and not a third-party (as is the case with sourceforge).

2 3 Choosing the master password

After you install the program, you can create a new database. Now is the time to create your master password.

Setting the password

This will be the main password that unlocks your database. It must be strong, stronger than your Facebook or banking password. It must be a new password, not something you were using before on a website. You must remember it well (try to type it a few times and then again the next day).

Your master encryption password needs to be really good. It should be at least 12 characters long but a better way is to pick a dictionary book and randomly pick 5 or 6 totally unrelated words. Maybe you can even combine multiple languages! 'pasta blip port Bled nehmen' sounds good.

Setting 'encryption difficulty'

After creating your database, you may want to go to File / Database Settings and then Security tab. Here, click the '1 second delay' link to properly set number of key transformation rounds. This is basically something like 'encryption difficulty' and it increases the time taken to unlock the vault. A 1 - 5 sec delay is sufficient if you have a good password.

Don't forget to save you password vault file!

Security Analysis:

  • The problem with encryption passwords is that a potential attacker, after stealing your encrypted database, can just keep trying all possible words until they can crack it. Actually they'll program a computer to do it while they are having a beer. The computer can try alot of passwords per second.
  • Because of the danger of cracking the passwords, encryption tools also include a delay to slow it down. You can configure it in KeePass. The bigger delay and the better the password, the safer you are.
  • It's a good idea to increase the 'encryption difficulty' 5 years later because computers will be faster in the future.

2 4 Settings

These settings are subjective and also depend on who can have access to your machine. This is what I would recommend for normal use. In Tools / Options:

Keepass For Mac 2016

Enable 'Lock workspace after global user inactivity' and set it to 360 s or less.

Enable 'Clipboard auto-clear time'.

Enable 'Lock workspace when computer is about to be suspended'.

On the Interface tab, I like to enable 'Drop to background after copying data to the clipboard'.

2 5 Settings for KeePassX

This program is slightly different from the original Windows KeePass 2. Transform rounds ('encryption difficulty') can be set in Database / Database Settings. Again, you can click the Benchmark button to configure it to a recommended value.

Enable automatic locking in KeePassX / Preferences, on the Security tab.

2 6 Plugins

There are many plugins created by the community for KeePass. Currently I'm using none of them. Be careful because plugins can break security of KeePass and even their authors may not realize that. For example a browser integration plugin increases the risk quite a bit.

3 Day to day usage

Besides the security and cryptography, KeePass is a pretty ordinary program from a user perspective. Click Edit / Add Entry ... to add a new password entry. The program will automatically generate a new strong password for you so you only need to enter the site name and address (used by browser integration). Then click OK and File / Save to save the database.

To use a stored password, you have two options. The first one is to copy to clipboard (simply Ctrl+C) and paste in the website. The second option, which is slightly more convenient and slightly more secure is to use Auto-Type. Switch to your browser and place the cursor in the login form, in the user name field. Then switch to KeePass and select Perform Auto Type on the password entry. It will automatically log you in!

You can also create groups and assign icons to your entries but I think it's best to simply search for a site when you need it using the search box on the toolbar.

You can also use KeePass to safely store any other pieces of information such as bank PIN. It's not very suitable for storing files though. You may need to look at your OS' disk encryption or VeraCrypt.

Keepass For Mac Os

4 Syncing the database

It's 2016, you probably have more than one computing device. Maybe you have too many of them. And you need to access your password database on all of them. This is where KeePass lags behind the commercial password vaults because you'll need to set it up by yourself. But don't worry, you can just use Dropbox or Google Drive ... or OneDrive or SpiderOak or any other file sync service you may already be using. Just put your password database in there and you're done.

Sounds insecure? Well the database is encrypted so if your password is good, your data is safe. Still feeling uncomfortable about it? You can add another factor - a keyfile. KeePass allows you to generate a file that is required to decrypt the database. You will then manually (using an USB stick) copy this file to any computer you want to use the password database on. Do not put it in Dropbox! Without the keyfile (and your password) there's no way in hell anyone could crack your encrypted database.

Keepass For Mac 2016 Version

4 1 Step by step

Dropbox and Microsoft OneDrive will automatically sync any file you put in their special folder. Other similar services will probably do the same but I haven't used them.

First, add a keyfile to your password vault. If you already have created one, open it in KeePass and choose File / Change Master Key. In the dialog box here, enable both Master password and Key File. Type your master password again (don't need to change it). Then click Create to create a keyfile. Do not put this keyfile in your Dropbox. After finishing this, you can save the password vault to your Dropbox and it will be synchronized to your other computers using Dropbox.

Now you need to transfer the keyfile to your other computers. The best way to do this is offline, without using the internet. Copy the keyfile on an USB stick and use it to copy the file. Again, do not place the keyfile in the Dropbox folder. You should consider locking this USB stick safely to keep it as a backup of your keyfile. If not, don't forget to delete the keyfile off the USB stick before using it for something else.

Now you can use your password and the keyfile to open your password vault. The vault will be synchronized by Dropbox

4 2 Security Analysis:

  • If even a bit worried, use a keyfile.
  • If you lose your keyfile (or your master password), you won't be able to open the password database, ever. So write both on a paper and keep it at home, in a safe or something.
  • I'd prefer using a file sync service that supports file versions such as Dropbox or Google Drive. MS OneDrive can't.
  • Really, no one can break the encryption (AES algorithm). And if the NSA can, it'll cost millions of $$. Hacking your computer will be cheaper so that's what you should focus on next.
  • A practical way to delete the keyfile from an USB stick is to completely fill up the USB stick with other data (such as large movie files). Unfortunately it may not guarantee all traces of it disappear since flash chips may over-provision to make up for faulty portions. So the most secure way is to not use an USB but rather copy the file manually (it's just text and not that long).

5 Other password managers

Before KeePass I've been using LastPass. Together with 1Password, these seem to be the most established password managers at this time. Let me share some thoughts about how they compare. Note that the security analysis here focuses on the worst case scenarios and can sound a bit scary.

In terms of price and development model, KeePass is free and open source, LastPass is commercial but free for basic use and 1Password is fully paid. It's easier for security people to check the security of open-source software.

LastPass works as a browser plugin, same with 1Password. That's more risky from security point of view. For one, malicious websites might find some way to steal a password. KeePass is simple and isolated from the browser. Also, if a commercial password manager company changes management, gets sold or becomes subverted by a government, it could publish an update of its browser plugin that steals your data. That's a risk with all software that you use, including Windows or OS X. Again, KeePass is slightly smaller risk in this respect if you carefully check each update that you install.

For ease of use, the commercial programs may be more convenient. They take care of synchronization for you and 1Password is beloved for its user interface.

5 1 New password managers

While it's great that people try to innovate in the security area, I'd be always wary about new password managers until it's proven their developers know what they're doing. Security is not easy and a new product made by people without proper knowledge and experience can be a risk, even when the developers have good intentions.

6 Who am I to write about this?

I've been a software developer (a computer guy) longer than I can remember and in the past few years I've been focusing on cryptography engineering and security, studying and implementing cryptographic things at work. I found a crypto problem with a browser extension for KeePass. So I know enough to realize that I don't actually know enough yet! Also, I'm a level 45 crypto wizard ;)

Have I personally audited KeePass? Nope. But it's trusted by internet people and honestly, there's not that much to screw up since it's a rather simple program. I hope to take a look one day.