Tag: keepass

  • Tips to Safeguard Your Digital Secrets

    Tips to Safeguard Your Digital Secrets

    Introduction

    Password manager databases, asynchronous keys, digital signatures, and MFA recovery passcodes are designed to identify you, decrypt files, or help you recover from a failed 2FA login. Care must be taken to protect these digital items so they do not fall into unwanted hands.

    The below techniques are not a cure all, and other options should be considered. But, these are basic beginning steps that can be taken to help keep your data private.

    What ever options you choose, always make sure to BACKUP your data on a flash drive and store it in a “real world” safe. If keys, digital signatures, databases are lost or corrupted, there is no method to recover them.

    Method 1 – Hide the Folder

    Place your password database or asynchronous keys in a hidden folder. In Linux, to make a hidden folder, use a dot in front of the directory name like”.ssh”. To make a folder hidden in Windows, right click the folder, select properties, to go the general tab and select “hidden”. Although this method does not provide much protection by itself, it is a good starting point.

    Method 2 – Set File Permissions

    Change permissions on the files or folder so that only your account can access it. Use an explicate deny to all users including the system and administrator accounts. In Linux, this means changing a file’s rwx permissions to something like 400. In Windows, files are inherited by the parent folder. Right click on file, select properties, select, security tab. Under the “Group or username” section, select the edit button. Highlight each account, except your account, and select “Remove”.

    Method 3 – Print a Hard Copy

    After initially setting up an account on an application or website, you may given recovery or one-time authentication passcodes. This is an backup procedure to grant you access to the application in the event of an emergency that your regular MFA fail to work. Rather than printing these codes to PDF and keeping them on your PC. Print the passcodes to paper and store them off the network in a physical “real world” safe.

    Method 4 – Add a Passphrase

    In asymmetric cryptography, you have a public key and a private key. The private key is to remain confidential. To help protect your private key, you can add a passphrase to it. A passphrase is a password for your private key. When used in conjunction with other security features, it may help slow down attackers. They will have to crack, yet another password, before they can access the key.

    Method 5 – Encrypt Files

    Store important files in an encrypted folder. In Windows, any file dropped into an encrypted folder will automatically be encrypted too. Simply right click on a folder, select properties, go to general tab, select advanced attributes, and select “Encrypt contents to secure data”. The Microsoft OS will automatically take care of encrypting and decrypting the folder and contents when it is accessed locally.

    Ensure that your password manager database is encrypted. If you are using KeePass it is automatically encrypted when the database is generated.

    Method 6 – Flash Drive (preferred method)

    Store the private key or database on a portable flash drive or YubiKey and only plug it in to your computer when you need to access it. For added safety, encrypt the flash drive.

  • Managing Your Passwords

    Managing Your Passwords

    Forward

    Good password habits are essential for any person who works regularly online. Due to regulations or contracts with customers, many business are required to have specific password polices. In 2024, here are some of the most recent recommendations concerning passwords.

    Password Best Practices

    As part of a good password management practice, whether at home or work, you should incorporate some or all of the below ideas.

    • Do not reuse old passwords. Maintain a password history.
    • Always use 2FA, where possible.
    • Require long complex passwords. (12+ characters)
    • Change your password, whenever you are involved in a data breach.
    • Use a unique password for each separate application.
    • Store passwords in an encrypted format.
    • Use a password manager.
    • Change your passwords on a regular basis.
    • Use public/private passkeys, instead of passwords, where possible.

    Use a Password Manager

    Rather than using the same password to login to everything, it is recommended to use a desktop password manager. Avoid browser based password managers. An application like KeePass, allows you to set unique strong passwords for each website or application.

    • Use 2FA to login to the password manager.
    • Authorize specific users to only access specific vaults.
    • Identify risky users and risky accounts in advance.
    • Disable browser based password managers.
    • Set to automatically generated strong passwords.
    • Train all employees / users on how to use the password manager.
    • Consider enabling PAM, if appropriate.

    Reference: https://keepass.info

    Conduct Regular Password Audits

    Just as important, as creating and maintaining passwords, is conducting a routine audit on your password database. A routine audit could catch unwanted activity early and prevent undesired access being granted. Things to look for, would be:

    • Who has been accessing the passwords?
    • Was there after hours access?
    • Was there multiple sequential failed attempts in a short time frame?
    • Did a user accessed all passwords in a short time frame?
    • How frequently has a single key been accessed?
    • Identify at-risk users who are accessing the database (been a victim of a breach lately?)
    • Review logs for restricted functions (create, delete, copy, or modify passwords).
  • Export a KeePass Master Key File

    Export a KeePass Master Key File

    To in increase security, you can require a KeePass to use both a key file and a password to open the database. This makes it technically, two factor authentication (2FA).

    Go to file > change Master password. Check the ‘Show expert options’

    Enter a new master password. Check the key file box. Select Create. When completed, save the key file to a secure location. Such as a USB stick with Drive letter G:

    Plug in the USB stick. Launch KeePass, enter the password, and make sure the “key file/provider:” is pointed at your USB stick. The database will now open.

    Finally, be sure to backup the key file to your backup location. External hard drive, cloud, etc. If the key file is ever lost. There is no way to ever open the database.

  • Change Font Size in KeePass

    Change Font Size in KeePass

    Go to Tools > Options > Interface (2). Change custom list font and custom password font from default 8pt to 10 or 11pt.