Hello there fellow photographer (and everyone who’s interested in their online safety),
there’s a new data leak out there. It hit with EyeEm this time, an online photography platform. 20M addresses, names, usernames, bios and well, passwords. Yay 🤬
When I first started to enter the online world a bunch of years ago I was smart enough to create a somewhat save password. It contained letters, numbers, special characters, 14 letters long. Things worked out pretty well until Adobe got hacked back in 2013, with a leak of some impressive 153M accounts and their passwords. I decided to just change some parts of my old password, but sticked with the same method of using the same password for pretty much any platform.
Things back in the days were pretty easy, I used Facebook, Instagram and some email software. But all of that has changed with the rise of new apps, softwares, social medias, websites and such. Doing a short calculation I’m at about 38 unique services including Spotify, Adobe, Backblaze and such.
The recent data leak though EyeEm made me rethink my password management. Changing passwords on 38 services isn’t fun, believe me. Therefore I went onto some research on how to avoid that problem in the future. The key specifications I wanted to match were the following ones:
- It should not cost any money
- Each password should be unique, 25 characters long
- Sync passwords between a computer and a smartphone without using a third party online service
- The file that stores the passwords locally must be encrypted too
There are plenty of services out there that offer some good and probably reliable password management tools. But – most of them do have their own algorithms, their own code. What happens if they’re getting hacked?
The solution that appealed to me was a combination of KeePassX (for the computer version) and MiniKeePass for the smartphone version. KeePass is a free and open source password management tool. Yes, it’s open source. Everyone can check out their coding. That way their code is ‘controlled’ by thousands of people, any mistake or wrong coding, even attacks are pretty much reported right away. The local database is encrypted through AES and Twofish, two of the most secure encryption algorithms out there. And the best thing, it’s free, yay. Check out their feature page for more information about their encryption features.
How to set up KeePassX for Mac
The official KeePass app is designed for Windows, Mac and Linux. There is a local app that can be installed on your computer, they also offer a free portable version that can run from any USB-device.
For myself I opted for the Mac version called KeePassX. The app itself actually looks pretty old, but we’re not here to complain about the design. It’s about the functionality.
Once installed you’re about to setup a new database, the place where your passwords are going to be saved:
Your database is protected by a password. That way your passwords are still save, for example in case your computer get’s hacked. Once you’ve created your database hit the “Save Database as” option and store it somewhere on your computer.
Congrats, you’ve made the first step into protecting your passwords. Now, let’s start with storing your passwords. Press the Command + Y combination (or click on entries – Add New Entry in the menu). It kinda looks like this:
For myself, a typical entry would be titled “Instagram Login” with my handle as username. Type in your current password into the password field. KeePassX is rating the quality of your password too:
That way KeePassX is a fantastic way of storing your current passwords. It will take some time to manually enter them into the app, but once you’re done with that it will make your workflow way easier.
Let’s check out the power of KeePassX, the little “Gen.” button next to the password field, let’s create a new password (for example in case on or 38 of your services got hacked) 🤦♂️
The Password Generator service will create you a password that, at least though my eyes, seems impossible to hack. It’s in fact even impossible to remember. I’m still having problems with that as I’d like to remember my passwords. On the other side, if you’re able to remember them they’re too weak and can probably be hacked.
Once you hit the OK button your new password will be stored on the password field. Click the “eye” button to copy & paste it into your browser and you’re good to go.
That’s it for your computer, you got the tools now to create yourself some pretty strong passwords. Better do it now before the next data leak hits. By the way, are you curios if you’ve got hacked/leaked already? Check out this site, that’s where I found out about my leaked EyeEm password: https://haveibeenpwned.com/
How to set up KeePassX and MiniKeePass for Mac and iPhone
Now, as KeePass (or KeePassX) is running on your local machine – how to get these passwords onto your phone. Like myself I’m using pretty much all of these services on my smartphone, that’s the place where I need these passwords.
Unfortunately KeePass is not synchronizing passwords in realtime. Some apps do, but they cost money (and are not open source).
The solution I found is though a pretty simple one. Your local database file (remember, the .kdb file?) is encrypted and password protected (in case you opted for a strong password😜). You can technically store the database file for example in your Dropbox, Google Drive or any other cloud service. These cloud services are not able to get to your personal passwords as they can’t encrypt the .kdb file.
Let’s check out MiniKeePass now, an app designed to run with KeePass.
In order to get all your passwords from KeePass onto your phone we need two ingredients. Your database file accessible through a cloud service, and MiniKeePass installed on your phone. Now:
- Open Dropbox/Google Drive/iCloud/Your cloud service on your phone
- Navigate to your KeePass database file
- Tap the .kdb file and press “Copy to MiniKeePass”
Your passwords should appear in MiniKeePass now, ready to be used on your smartphone. Remember that MiniKeePass does not auto sync. Once you’ve added a bunch of new passwords let’s say into your KeePassX app on your computer you have to repeat these steps again.
For myself, I’m directly storing the local computer database file directly into my own cloud system. That way I’m able to access the updated .kdb file right away though the MiniKeePass app.
Conclusion
It’s probably not the easiest way to sync passwords between a computer and a smartphone. But it’s, in my opinion, the cheapest, safest and best way to handle your passwords. The Password Generator is designed to help you create strong and unique passwords that are really hard to hack, almost impossible. The local database .kdb file is encrypted with AES and Twofish, two of the best encryption algorithms out there. Therefore, big high five for KeePassX and MiniKeePass! 👋
Let me know your questions and thoughts down in the comments! Thanks for reading ❤️
I’ve been using Keepass and minikeepass for years. I keep the database file in the cloud. the problem is that when I enter new passwords in minikeepass, this doesn’t update the database cloud file. I end up having to manually export it. You don’t mention this and so I’m wondering if I’m doing something wrong or if there is a better way.
Hey keeman, thank you so much for your comment. I just figured the same the other day, minikeepass and Keepass do not sync the database automatically. That would be an awesome feature for the future, but so far one does need to manually export and import the database 😬
As of 11/12/2019, it seems MiniKeePass is dead. At least it is no longer available on the Apple App store. I guess it’s possible it might come back. But their Twitter hasn’t been updated since 2015…
https://twitter.com/MiniKeePass
See the discussion about it being pulled from the app store here…
https://github.com/MiniKeePass/MiniKeePass/issues/678
Hey subsDude,
thanks for your comment! Sad to hear that they have banned MiniKeePass from the app store…
I’ve recently went from using KeePassX to KeePassXC (kinda the never version of it), but also changed to Android. There’s an app for Android that’s called “Keepass2 Android Offline” that does the job.
The official recommendation from KeePassXC for iOs devices is an app called Strongbox (https://apps.apple.com/us/app/strongbox-password-safe/id897283731), that one might be worth a try! 🙂
Best,
Ingmar