Image for

How I Manage Passwords with KeePass

Several weeks ago, I wrote a blog post about how horrible it is to have to deal with the various password restrictions websites use. Of course, that post was influenced by Jeff Atwood’s post, Password Rules are Bullshit. While writing the post, I did some research on what makes a good password. And after writing it, I spent several weeks thinking about my own password management strategies.

July 2020 Update

I wrote this blog post back in 2017, and a little bit has changed since then! I used to manage my passwords with KeePass, but more recently I've been using Bitwarden. My reasoning for using a password manager (described below) is largely unchanged – I simply like Bitwarden better than KeePassXC now. You can read my comparison between Bitwarden and KeePassXC here.

Really, the password problem boils down to this:

In a world where I have accounts to dozens of different websites that I’m actively using, a password manager really is the only good solution (other than Sign In with Google) anyone’s come up with so far. Although I’ve spent years avoiding any kind of password manager (putting all your passwords in one place just seems like a bad idea (it is a single point of failure, after all)), I think I’m finally giving in. Sigh. (Really though, if you do it right, the benefits outweigh the risks.) After researching the different password manager options available, I settled on KeePass because:

I put some thought into getting everything set up nicely, and tried out a couple different applications. KeePass is open source, and there are several different options for post platforms listed on its download page. Here’s what I’m using:

To get started, I installed KeePassXC on my computer and created a new password database file in my Dropbox folder. I’m adding passwords to it (and changing them to new, pseudo-random passwords) as I visit the websites I use. After a couple weeks of this, most of my passwords will be in KeePass!

That one website that requires your password to be 12-14 characters with at least one letter and one number but no symbols? Handled. Somebody got hacked? OK, just generate a new password. Nothing new to remember. Password strength? 24 characters of pseudo-random letters and symbols, where websites allow it. New password every 6 months? Not a big deal. I think this is going to work well.

Share!

Did you like this blog post? Why not share it with your network!