Synchronize passwords in KeePass

Digital Safe

Article from ADMIN 75/2023
By
Usernames and passwords play an important role in security. In this article, we show you how to set up the KeePass password manager and keep it synchronized across multiple devices.

Password management tools such as KeePass [1] are hugely helpful when dealing with access credentials. The secure and encrypted database of the free, open source software lets you store your login credentials, including notes, links, and other information you need for access. To use this information, you only need the password for the password safe itself, making it far easier to manage passwords, especially when complex combinations are used. The benefits KeePass offers are great even if you only run it on a single computer.

However, the tool is not only designed for single-computer use; you can use the database to store your credentials on multiple devices. The associated file is only a few kilobytes in size, even if it contains many entries, and the content is securely encrypted by 256-bit AES. KeePass clients for many operating systems – besides Linux, macOS, and Windows – include Android, iOS, and iPadOS.

In addition to keeping your passwords safe, you'll benefit from more convenient and easier logins to various services, because you'll be able to copy the credentials and passwords to the clipboard.

Database Entries

Of course, synchronizing data from KeePass with other services always starts with installing KeePass on a computer, creating a new database, and then adding some initial entries. You can create several databases with the tool and use the one you currently need with the program. If you want, you can change the language in KeePass after the install by selecting View | Change Language ; then, download the appropriate language files in the window of the download page and (on Windows) copy them to the directory C:\ Program Files\KeePass Password Safe 2\Languages. To change the language, double-click. If you install KeePass on multiple computers, you can simply copy the language file. You only need to download it once.

From the context menu of your database in KeePass, use Add Group to create a new password group. Groups are basically equivalent to folders that help you organize your credentials. In the window, you specify the name of the group and define the icon to be displayed. The name and icon can be adjusted at any time by opening the context menu and selecting Edit Group .

Once you have opened a group, you can create a new entry by selecting Add Entry in the context menu for the right window (Figure 1). Enter the name (Title ) as you want it to be displayed in KeePass, along with the login name (User name ) and password (Password and Repeat ) for that entry. You can press the button with the three dots next to the password to show and hide the password. You also have a place to enter a description or supplementary information, such as an associated account number, for the entry (Notes ). In this field you can freely choose the data to enter. PINs, TANs, and other information are in safe hands in KeePass, as are tax numbers, account numbers, and other data you need all the time but want to keep safe. Admins can even store SSH keys and use them directly from KeePass with the KeeAgent plugin. The Remote Desktop Manager Plugin extension lets you use credentials for Microsoft Remote Desktop Manager. I will go into more detail about plugins in a separate section.

Figure 1: KeePass lets you store your passwords and critical data in a central interface. Folder structures and various databases help organize your data.

Once you have created your first password database, launch KeepPass and open the database, enter the database password, and navigate to the entries you need; you can store these in a tree structure. KeePass remembers the database you last opened and opens it automatically the next time you start the program. To control this behavior, go to Tools | Options and select the Remember and automatically open last used database on startup entry in the Advanced tab. This option is useful if you work with different account names and different databases on a single computer.

If you click on an entry in the database, KeePass displays the associated data. If you have entered a URL for the entry, you can open the website directly in the default system browser. KeePass also gives you a search field where you can search for entries. This option is especially interesting if you work with numerous data records and have forgotten where a particular record is stored.

Double-click on the Password column to copy passwords to the clipboard. Windows only stores the password in the clipboard for a few seconds and then deletes it again for security reasons. You can set the number of seconds the password is available in the clipboard in Tools | Options | Security by selecting Clipboard auto-clear time (Figure 2). The context menu and various paste options can be used to paste passwords into different programs.

Figure 2: The KeePass options let you customize the solution to suit your needs.

KeePass on Mobile Devices

Compatible apps (e.g., IOSKeePass or KeePass Touch) let you use your KeePass data on the iPhone or iPad. For Android, you can use the Keepass2Android, KeePassDroid, KeePassMob, or KeepShare apps (Figure 3). It is worth testing the various apps because they offer different features, such as direct access to cloud storage. Just make sure you choose an app that can handle your version of the database. For mobile access, the database needs to be available on your smartphone.

Figure 3: With numerous apps on the iPhone and iPad and on Android devices, you can access KeePass password databases on the go if you store them in the cloud.

Access to a password database is possible with cloud storage synchronization. You can use pretty much any kind of cloud storage and download the database to or synchronize it on the mobile device. Note that changes might only change a copy of the database, not the original. You always need to check whether you are opening a database in the cloud or on the local device; this is especially important when it comes to adding or editing entries.

The mobile apps basically offer the same capabilities as the KeePass desktop app. For example, on iPhone, iPad, or Android, you can go to the Dropbox app and open the KeePass file. This procedure works with virtually any kind of cloud storage. You can download files in different ways, open them, and then select the KeePass app you want to use to open the database. To keep the data on the mobile device up to date, make sure that the password database on the PC is constantly synchronized to cloud storage to ensure that the database in the cloud is always up to date.

With some work, you can also synchronize the data with a private cloud. However, store the database file on the local network (e.g., Nextcloud, ownCloud, or a similar solution), not in a public cloud. You can also save the data on a Fritz!Box or network-attached storage (NAS) or on a similar device that allows mobile access. The only important feature is that you are able to access the storage on the other devices.

The various apps for iOS and Android also partially support direct access to cloud storage without having the storage client on the terminal device. This scheme can make it easier to work with the database because you don't have to download it and open it in the app first; rather, you access the database in the cloud directly from the app. The KeePassDroid Android variant supports OneDrive and Google Drive, for example (Figure 4). These two services offer a particularly easy option for transferring data to a smartphone or tablet. You need to experiment to find the combination of cloud storage and smartphone app that is the most convenient to help you share KeePass data.

Figure 4: The KeePass OneDriveSync plugin can synchronize databases directly with OneDrive. Several other plugins can do this, as well.

Helpful Plugins

In parallel, you can download special extensions for the application in KeePass on Windows by selecting Tools | Plugins | Get More Plugins . Doing so means that you can upload data directly to your cloud storage. Examples of this can be found in the I/O & Synchronization section on the website [2]. Some experimentation is required at this point. Try out the plugins to see how they work. The extensions are available as PLGX files, which you integrate by copying the file to the plugins directory in KeePass. The program automatically loads the plugins on restart; they usually turn up in the Tools menu, where you can configure how you want KeePass to synchronize the database. Often, the plugins connect directly to your cloud storage; you only need to activate the connection once because KeePass accesses an API belonging to the respective cloud service with its plugin.

However, the easiest approach is to upload the KeePass database to the cloud with the synchronization client for your choice of cloud storage and send it back to your smartphone or tablet from the appropriate cloud storage app. In this way, you can access the data and keep track of synchronization easily. Plugins and apps that connect directly to cloud storage give you even more options. The best thing to do is to test which combination is best for you in the long run.

If you use SharePoint Online in Microsoft 365 and synchronized libraries for data exchange or document storage, you can store the KeePass file directly in the SharePoint library. This method ensures that the latest version of the database file is always available online without additional synchronization because the SharePoint Online library is automatically kept in sync with the local computer by the OneDrive client. The OneDrive app lets you access the libraries and download files in this path, too – and this includes the KeePass file.

For example, in iOS or iPadOS, tap the three dots for the KeePass database in the OneDrive client to access the Open in Another App menu. At this point, you can select the KeePass app you have in place and open the file. However, be aware that access in most cases is not online; instead, the cloud storage – OneDrive in this case – downloads the database to the smartphone or tablet. To have the latest version, you need to repeat the process whenever you want to update the database on your smartphone or tablet; you can work with the local file until then.

Of course, if you want to add entries to the smartphone or tablet or change existing entries, you again need to make sure you sync the database file back to your cloud storage so that your other devices can also access the information.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Password management with FreeIPA
    Passwords should be safe, but easy to remember – a contradiction that can be difficult to resolve. One remedy is a password manager that stores all passwords centrally. The open source tip this month shows a different approach: FreeIPA.
  • Requirements for centralized password management
    Time and again, situations arise in which admins need access to a system they do not otherwise manage. But, do you want to hand over responsibility for password management to a centralized software? What capabilities must that software have?
  • Managing access credentials
    Most Internet services require password-protected individual accounts. A password manager can help you keep track of all your access credentials.
  • Centralized Password Management

    Time and again, situations arise in which admins need access to a system they do not otherwise manage. But, do you want to hand over responsibility for password management to a centralized software? What capabilities must that software have?

  • Efficient password management in distributed teams
    Team members often need certain information to authenticate against servers. You don't want to save this secret data in plain text, but you don't want to retype it every time, either. How can you share these secrets?
comments powered by Disqus