topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 3:35 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Keepass Password Safe mini-review  (Read 63129 times)

Josh

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Points: 45
  • Posts: 3,411
    • View Profile
    • Donate to Member
Keepass Password Safe mini-review
« on: June 17, 2006, 09:09 PM »
APP NAME:                    KeePass Password Safe
APP URL:                       http://keepass.sourceforge.net
APP Version Reviewed:     1.05



Intro:

I have, just recently and thanks to dc.com, come across this fine app. This app is an open source password manager that is freely available from the URL above. It has many advantages over other password managers, which will be discussed later on (the advantages), and it appears to have a terrific rating wherever you look. Now, onto the review.


Who is this app designed for:

This app is designed for the user who has lots of passwords, pin numbers, login information, or security codes to manage. If you visit lots of forums, or software repositories (which most require registration to download now), you will benefit greatly from this application.



What does it cost

Freeware, Open Source



The Good

Let me first start by saying that I love the encryption method chosen by default by this application. On a new database, you are given a database which is encrypted using AES with a 256bit cipher. Of course, you can change this to twofish encryption, but this reviewer prefers the AES method.



OK, now onto the main application. With this application, you can create as many categories or subcategories as you desire. So you can be as anal as you want about how detailed you are when organizing your passwords.



You can assign various icons to your categories or passwords so you can remember that "This icon is for credit cards, this for banking, etc".



The program also offers a password generator and password strength rating system so that when typing a new password for a site, you can rate its bit strength. The more green, the better. This author recommends 128bit or higher (and with a program like this, its easier than ever, since you dont have to REMEMBER these passwords and can make them very complex).

Screencast of the password generator screen follows

http://crosscut.whaddu.com/DC/Keepass/PasswordGen.html <--- See here for a sample of the power of the password generator and bit strength indicator. This link contains a screencast of the password generator screen in action.

The program also offers a very powerful auto-type feature which allows you to send keystrokes to any application to automatically fill in username/password combinations to various things such as webpages, login boxes, etc. Just look at the help file of this app to see the power of this app.

See here for the help section of auto-type

http://crosscut.whaddu.com/DC/Keepass/AutoType.pdf

The needs improvement section

There are a few things this app does need improvement on. One of those is a proper auto-sort feature. You can auto-sort entries added to a category, but you cannot sort the categories themselves automatically. This is a small annoyance.

You have no ability to use the windows context menu key (WINDOWS APP KEY) to bring up the right click context menu on various entries. I realize this is cross platform, but I think the windows version could use this so that the keyboard oriented user could use the program without a mouse.

There is no way to drag/drop categories that have subcategories in them (I.E., you make a category (Finances) with a subcategory of (Credit Cards) that has entries in it, you cant drag/drop the whole MAIN category to another folder, you have to move the subcategories by themselves AFTER you create the new main category again.

There is no way to assign a DEFAULT ICON for new entries in a specific group. I.E., all credit card passwords have this icon, etc.


Conclusions

This is a very fine application which shows lots of promise. The functionality it has right now is very powerful and makes it very suitable for every day use. The improvements I listed above are not show stoppers, and only are a matter of prefernce for this reviewer. If you are in the market for a password manager, I highly recommend this application for managing your passwords.

This is Josh (The Shamurai), saying "Unix is user friendly, its just very picky who it's friends are".
« Last Edit: June 18, 2006, 02:50 PM by Josh »

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #1 on: June 17, 2006, 09:57 PM »
fantastic mini review!
program looks beautiful too.

Rover

  • Master of Smilies
  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 632
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #2 on: June 17, 2006, 10:03 PM »
Oh dopey me... I use keypass at work to keep track of the many server passwords, windows license keys, etc.  Never thought to do a cool mini-review like this.  :-[

Keepass is da bomb.
Insert Brilliant Sig line here

jdd

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 214
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #3 on: June 17, 2006, 10:12 PM »
Nice review, Josh.  I finally buckled down about two months ago and started tracking my passwords in a more organized fashion.  KPS is what I have been using and it works great for me.

jgpaiva

  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 4,727
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #4 on: June 18, 2006, 04:43 AM »
Fantastic, Josh!
This is the way to create great reviews! Congrats, you even made me feel willing to try the app out.

I only have 2 suggestions: The main url, http://keepass.sourceforge.net should be clickable (i don't know why it didn't happen), and the video url should mention it's a video.
Other than that, i love the review, and KeePass looks really interesting.

Thanks!  :Thmbsup:

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #5 on: June 18, 2006, 06:41 AM »
i agree with jgpaiva's suggestions.  also the first pic is broken for me.

Josh

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Points: 45
  • Posts: 3,411
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #6 on: June 18, 2006, 09:11 AM »
Fixed :)

jgpaiva

  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 4,727
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #7 on: June 18, 2006, 09:40 AM »
Fixed :)
LOL!  ;D ;D
I meant having something like "(video)" next to the link, but oh well... That'll do too!  :P

wr975

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 369
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #8 on: June 18, 2006, 02:28 PM »
Nice review.  :Thmbsup:

But I think you missed two options:

There is no way to cache a password/keyfile for X Number of minutes after entering your password. You are required to enter it everytime you restore the app from tray. This again, is a small annoyance and nowhere near a show stopper

You're not required to enter the password each time you restore the app. Only if you tell the application to do so ("lock workspace when minimizing").

If you want to cache the password for a certain amount of time use the option "Automatically lock workspace after... seconds". In the advanced parameters the program can be configured to terminate the app instead of locking.

There is no way to have it CLOSE TO TRAY, I.E. you press the X to close it, and have it min to tray instead. This is a feature I've grown acustom to with various apps that remain in my tray.
There is clearly the option "Close button [X] minimizes .. instead of terminating app"

Josh

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Points: 45
  • Posts: 3,411
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #9 on: June 18, 2006, 02:50 PM »
Doh, I guess attention to detail has escaped me. My apologies. I will remove those from my review!

Fixed!
« Last Edit: June 18, 2006, 02:53 PM by Josh »

rjbull

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 3,199
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #10 on: June 18, 2006, 03:25 PM »
Nice review, which, especially with WR975's comments, told me useful things I didn't know about KeePass.

Two things not mentioned:
1) anyone grimly hanging onto Win98 (e.g. me) should use an older version of KeePass, 1.03.  Later versions don't Auto-Type.  I don't see a huge amount of difference between versions and they're file-compatible anyway.
2) One of the nicest things about KeePass' Auto-Type is its cooperation, or should that be non-cooperation, with the clipboard.  That is, when you Auto-Type something (Ctrl-V or Alt-E, T), KeePass sends the information in a way that circumvents common clipboard enhancers.  I don't know how broad the spectrum this covers, but data sent this way by KeePass doesn't show up in the free version of ClipCache that I run.  Clipboard caching software would be a potential security hazard otherwise.  Also, if you use Ctrl-B = Copy User Name to Clipboard or Ctrl-C = Copy Password to Clipboard, KeePass clears the clipboard after 10 seconds.  This will be caught by a clipboard enhancer, but it's a useful help where a computer isn't running one.



jgpaiva

  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 4,727
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #11 on: June 18, 2006, 06:28 PM »
Ok... You got me convinced!
I have just changed all my important passwords to secure passwords, generated by KeePass.
I'm very happy with KeePass. When i use it, i get that good vibe, as when i can notice that things were thought through and nothing as left at chance.

I specially like the fact that it has clickable fields for each entry. In the main view, where you can see the several entries, the fields "username", "password" and "notes" can be clicked and will copy their contents to the clipboard, cleaning the clipboard 10 seconds after. The "URL" field is also clickable, and will open the specified url.

Another important feature: when you change the password for something, that entry is copied, and stored under "backup", so that you won't loose the previous password.

I also like how it has extensive options on security behaviour, so that you can be as paranoid as you like! :P (i mean, having it lock itself on each 5 seconds of use looks like a bit of overkill to me, but.. oh, well...)


Now, for the missing features:
Passwords on the move! This method allows you to have secure passwords for everything, and stil be able to access them really fast. BUT, this way you won't have access to them when you aren't on your computer.

So, i think it misses a fSekrit + uploader kind of thing. There should be a way to upload all your passwords (or only some selected ones) to an internet server, in an encrypted way, but such that won't need any special program to access it, which means... fSekrit!!

Still, 9.9 out of 10 ;) (it'd get 11 out of 10 if it had that last mentioned feature :Thmbsup:)

Thanks josh, for this great finding!

Rover

  • Master of Smilies
  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 632
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #12 on: June 18, 2006, 07:59 PM »
jgpaiva - nice comments.  re: passwords on the move:  one thing you can do with keepass is copy the database & keepass to a USB Drive.   That sort of solves that issue. 

I don't recall if this was mentioned in the review, but you can actually use a USB drive (or floppy) as a key disk.  Have the key, open the database;  don't have the key, no luck.  Kinda cool, but not for me.

Insert Brilliant Sig line here

Josh

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Points: 45
  • Posts: 3,411
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #13 on: June 18, 2006, 08:22 PM »
Yes, the keydisk feature is a very nice one. I sorta whipped this review together last night just to get it to the masses so I didnt touch on everything, or be as thorough as I should have.

The key disk feature basically stores a key file on a removable drive so that you can use it as well as a password to authenticate into the DB. Very nice security.

jgpaiva

  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 4,727
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #14 on: June 19, 2006, 03:13 AM »
That's true, Rover, the key can be a usb flash disk. I even use it like that. ;)
But, there's 2 issues with what you mentioned: i can't just carry around the database in the same place i carry my key, that wouldn't be safe. But, more importantly, how would i open the database on a computer without keepass instaled?

That's why i mentioned fSekrit, because it's an executable, which can be used in any windows computer.

Josh

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Points: 45
  • Posts: 3,411
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #15 on: June 19, 2006, 03:15 AM »
jgpaiva, they have a keepass distro in a zip file that DOES NOT REQUIRE installation. Just unzip, and run.

jgpaiva

  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 4,727
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #16 on: June 19, 2006, 03:18 AM »
Ok, i didn't read your post correctly, Rover. I had no knowledge that keepass didn't need instalation.
Than yes, copying the keepass folder and the full database to the pen drive looks like a great idea. Not as confortable as i mentioned, but sure is a good solution.

Redhat

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 254
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #17 on: June 20, 2006, 04:13 PM »
Nice review and comments, I'll be grabbing it now  :Thmbsup:

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #18 on: June 20, 2006, 04:20 PM »
don't forget to toss josh a couple donationcredits to encourage future posts like this!

Redhat

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 254
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #19 on: June 20, 2006, 04:25 PM »
don't forget to toss josh a couple donationcredits to encourage future posts like this!

I already did  8)

Josh

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Points: 45
  • Posts: 3,411
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #20 on: June 20, 2006, 04:38 PM »
And I thank you all for your donations :) Expect a mini-review of roboform coming soon, possibly tonight, and a new screencast of roboform, keepass, and findandrunrobot coming soon. FARR Will probably be my next, then keepass, then roboform. I figure farr will come since there is an entire forum to it and a mini-review isnt really needed. Keepass is next since I just did the MR, and then roboform will have both done.

If you all have apps you want screencasted, let me know. I am more than happy to help. If you are writing a review, or a mini-review, let me know and I will work it out to get you a screencast to go along with it.

Josh

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Points: 45
  • Posts: 3,411
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #21 on: June 30, 2006, 05:16 PM »
Just wanted to get this out to the masses.

Soon, I will have a screencast of KeePass up. I am just waiting on a certain someone to help me finish this up :) So, stay tuned!

jdd

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 214
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #22 on: June 30, 2006, 06:53 PM »
Another Backup Plugin (ABP) is a plugin for the KeePass password manager. ABP automatically copies the initially-opened password database to one or more backup files, so that the passwords can be recovered in case of loss.

I was wondering if anyone uses this or knows how to write an AKH to start the program using the command line arguments as described at http://home.hvc.rr.com/billrubin/HelpABP/.

I'd like to have it automatically backup to this location C:\Documents and Settings\jdd\My Documents\My KeePass Database Backup  but I can't seem to get the script right.
 

Josh

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Points: 45
  • Posts: 3,411
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #23 on: June 30, 2006, 07:04 PM »
shoot, you dont need AHK for that, just run a dos batch file that does

copy "MyKeePassDB.kdb" "c:\documents and settings\jdd\my documents\My Keepass Database Backup\MyKeePassDB.kdb"

jdd

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 214
    • View Profile
    • Donate to Member
Re: Keepass Password Safe mini-review
« Reply #24 on: June 30, 2006, 07:35 PM »
I appreciate the suggestion but this is not what I had in mind and does not take advantage of the plug in which is designed is to open the backed up database on startup and save it on close.  I was hoping to conjure an AHK script that would run the exectubale utilizing the plugin dll.