KeePass and KeePassX Cross-platform Password Management

The enormity of passwords one has to maintain is inversely proportional to the excitement level in creating new accounts that require them. Either that or:

  • Use a base passphrase and tailor it according to the site being logged into.
  • Simply reuse the same password – a practice highly discouraged and should be stopped.
  • Use a password manager to generate and maintain strong passwords.

There is a compelling case to use the third option: It removes the major burden of doing the first two options and in their place, just a single password to maintain. As to what comprises a good password manager, will be left to one’s preference. Having said that, what I consider relevant features are the following:

  • Has cross-platform support: Linux, Mac OS X, and Windows.
  • Does not require installation. Therefore, along with the password database, can be carried around in a USB flash drive and can run in non-admin mode.
  • Strong database encryption.
  • Preferably an open-source application.

These four points are covered by KeePass (Windows) in combination with its fork KeePassX (Linux and Mac OS X). I am using both to at least demonstrate the point regarding cross-platform  as KeePassX is a fork. The database compatibility though between the two applications is with KeePass 1.xx and KeePass 0.4.x, therefore I stick with those releases.

Installing on Windows

KeePass has a different installer for Portable Mode and it came with a zip file. All it needed was to unzip it to a directory on the USB flash drive.

Installing on Linux

KeePassX does not have a compiled binary for Fedora so it has to be built from source. I used my just-recently configured Fedora 14 as the build box. Fig. 1 shows the mounted USB flash drive where it would eventually be installed.

Location of KeyPassX Installation

Fig. 1: KeyPassX Installation Location

There were very a few things that need resolving along the way as the Linux box is practically devoid of relevant development tool-chain. The following are the items that were encountered during the build process:

  • The INSTALL readme file requires qmake-qt4.
  • qmake-qt4 PREFIX is an option to install directly to a preferred directory. For this I used qmake-qt4 PREFIX=/media/<usb_flash_drive> as seen on Fig. 1.
  • The build requires g++.
  • During the build process, an X header file missing error occurred. Electing not on precision installation for X development, I just did sudo yum groupinstall "X Software Development". That should install everything X but the kitchen sink.

Did a make and make install afterwards. This installs the binary on the directory specified by PREFIX.

Installing on Mac OS X

Installing on Mac is a drag-n-drop operation. Fig. 2 shows the installation from the KeePassX-0.4.3.dmg installer to the USB flash drive, whose volume is mounted as NO NAME. Note that the volume already shows three installations: a Linux, Mac OS X, and Windows.

Mac OS X KeePassX Installation

Fig. 2: KeePassX Installation on Mac OS X

The User Interface

Fig. 3 shows the built KeePassX binary on Linux.

KeePassX Running on Linux

Fig. 3: KeePassX Running on Linux

Fig. 4 shows Mac OS X KeePassX:

KeePassX Runnng on Mac OS X

Fig. 4: KeePassX Runnng on Mac OS X

Fig. 5 shows Windows KeePass:

KeePass Running on Windows

Fig. 5: KeePass Running on Windows

The password generator utility is itself a nice utility which can be accessed from the menu directly. This is handy when generating a quick password without intending to save it to the database. Fig. 6 shows the password generator utility.

KeePassX Password Generator Utility

Fig. 6: KeePassX Password Generator Utility

The Final (Pass)word

I use three kinds of platforms on a daily basis: Linux, Mac OS, and Windows, and I use all of them to access different sites. Having KeePass/KeePassX (on my USB flash drive) eliminated the need for mental gymnastics remembering my passwords for each site. I only have to remember the one password to open my KeePass/KeePassX key database. I have to add though that before transitioning to KeePass, it took me a while to memorise the single password I planned to use on it. I only committed to using KeePass when I was absolutely sure I was able to remember the password to it. After being comfortable with the password, I changed all relevant login passwords generated from KeePass and never looked back ever since.