Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Home
- Windows
- Windows security
- Create a Secure Offline Password Management System for Windows / WSA / WSL2
Create a Secure Offline Password Management System for Windows / WSA / WSL2
Discussion Options
- Subscribe to RSS Feed
- Mark Discussion as New
- Mark Discussion as Read
- Pin this Discussion for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mar 28 2022 03:38 AM
Keepass Portable version (KeePass-2.xx.zip file) | KeePassDX (Android)
Guidelines for Creating Passwords:
NOTE: *MOST* newer and legacy systems do not support passwords longer than 64 characters as a rule of thumb (or the full range of printable ASCII Characters)
NOTE: The maximum range for all printable characters within the Latin ASCII Character set (Unicode,) is 1-93 Characters in BASE10 / Decimal (0-92 in BASE64 / HEX)
NOTE: No whitespaces, and No Control Characters are allowed -> https://www.unicode.org/charts/PDF/U0000.pdf
NOTE: Password Generators Should AVOID Introducing Bias Towards one Range of Characters or an Individual Character at ALL COSTS
NOTE: They MUST also Utilize a Cryptographically Secure Pseudorandom Number Generation Scheme
NOTE: NIST Random Bit Generation Overview -> https://csrc.nist.gov/Projects/Random-Bit-Generation
Useful Links for Password Management on Older Versions of Windows, MS-DOS, PC-DOS, FreeDOS, CP/M, OS/2, some Unix / Linux variants:
NOTE: Windows Wordpad/Microsoft Word/Office Standards -> https://docs.microsoft.com/en-us/openspecs/standards_support
NOTE: Windows Code Page 1252 / IBM 437 (Informal standard found in most early x86 PCs and IBM AT/XT clones)
NOTE: ISO 8859-1 (Standardized version of IBM437) -> https://docs.microsoft.com/en-us/windows/win32/intl/code-pages
NOTE: Code Page Identifiers -> https://docs.microsoft.com/en-us/windows/win32/intl/code-page-identifiers
NOTE: ISO/IEC 8859-1:1998 -> https://webstore.iec.ch/publication/11730
NOTE: Unicode 14.0 Character Code Charts -> https://www.unicode.org/charts/
Guidelines for Creating a Manual Password List Printout / Sheet / Card:
1.) Always use a monospaced font with a slashed zero
2.) Choose Size 9-10 in Regular or Bold
3.) Examples: Consolas, Cascadia Code, Monaco, Menlo, Roboto Mono, PT Mono, etc -> https://en.wikipedia.org/wiki/List_of_monospaced_typefaces
Post-Installation Guide for KeePass / KeePassDX ->
Enable: Options -> Security -> Clipboard auto-clear time (seconds; main entry list): 5
Enable: Options -> Security -> General -> Lock workspace when locking the computer or switching the user
Enable: Options -> Security -> General -> Lock workspace when the computer is about to be suspended
Enable: Options -> Security -> General -> Lock workspace when the remote control mode changes
Enable: Options -> Security -> Clipboard (Main Entry List) -> Clear clipboard when closing KeePass
Enable: Options -> Security -> Clipboard (Main Entry List) -> Do not store data in the Windows clipboard history and the cloud clipboard
Enable: Options -> Security -> Clipboard (Main Entry List) -> use 'Clipboard Viewer Ignore' clipboard format
Enable: Options -> Security -> Advanced -> Use native library for faster key transformations
Enable: Options -> Security -> Advanced -> Enter master key on secure desktop
Enable: Options -> Security -> Advanced -> Clear master key command line parameters after using them once
Enable: Options -> Security -> Advanced -> Remember master password (in encrypted form) of a database while it is open
Enable: Options -> Policy -> Plugins
Enable: Options -> Policy -> Auto-Type
Enable: Options -> Policy -> Auto-Type - Without Context
Enable: Options -> Interface -> Main Window -> Minimize to tray instead of taskbar
Enable: Options -> Interface -> Main Window -> Minimize main window after performing auto-type
Enable: Options -> Interface -> Main Window -> Minimize main window after locking the workspace
Enable: Options -> Interface -> Main Window -> Hide 'Close Database' toolbar button when at most one database is open
Enable: Options -> Interface -> Entry List -> Use alternating item background colors
Enable: Options -> Interface -> Entry List -> When selecting an entry, automatically select its parent group, too
Enable: Options -> Interface -> Entry List -> When showing dereferenced data, additionally show references
Enable: Options -> Interface -> Dialogs -> Show confirmation dialog when moving entries/groups to the recycle bin
Enable: Options -> Interface -> Dialogs -> Show results of database maintenance in a dialog
Enable: Options -> Interface -> Dialogs -> Show confirmation dialog when opening a database file whose minor format version is unknown
Enable: Options -> Interface -> Advanced -> Require password repetition only when hiding using asterisks is enabled
Enable: Options -> Interface -> Remember recently used files: 1
Enable: Options -> Integration -> System-wide hot keys -> Global auto-type: None
Enable: Options -> Integration -> System-wide hot keys -> Global auto-type - password only: None
Enable: Options -> Integration -> System-wide hot keys -> Auto-type selected entry: None
Enable: Options -> Integration -> System-wide hot keys -> Show KeePass window: None
Enable: Options -> Advanced -> Start and Exit -> Remember and automatically open last used database on startup
Enable: Options -> Advanced -> Start and Exit -> Limit to single instance
Enable: Options -> Advanced -> Start and Exit -> Start minimized and locked
Enable: Options -> Advanced -> Auto-Type -> Always show global auto-type entry selection dialog
Enable: Options -> Advanced -> Auto-Type - Sending -> Prepend special initialization sequence for Internet Explorer windows
Enable: Options -> Advanced -> Auto-Type - Sending -> Send Alt keypress when only the Alt modifier is active
Enable: Options -> Advanced -> Auto-Type - Sending -> Ensure same keyboard layouts during auto-type
Enable: Options -> Advanced -> Auto-Type - Sending -> Allow interleaved sending of keys
Enable: Options -> Advanced -> Auto-Type - Sending -> Cancel auto-type when the target window changes
Enable: Options -> Advanced -> Auto-Type - Sending -> Cancel auto-type when the target window title changes
Enable: Options -> Advanced -> File Input/Output Connections -> Verify written file after saving a database
Enable: Options -> Advanced -> File Input/Output Connections -> Use file transactions for writing databases
Enable: Options -> Advanced -> File Input/Output Connections -> Use file transactions for writing configuration settings
Enable: Options -> Advanced -> File Input/Output Connections -> Extra-safe file transactions (slow)
Enable: Options -> Advanced -> Automatically search key files
Enable: Options -> Advanced -> Remember key sources (key file paths, provider names, ...)
Enable: Options -> Advanced -> Remember working directories
Enable: Options -> Advanced -> Remember password hiding setting in the main window
Enable: Options -> Advanced -> Remember password hiding setting in the entry editing dialog
Enable: Options -> Advanced -> Mark TAN entries as expired when using them
NOTE: The following 4 settings must be Enabled to modify or create a new Database, though after any changes are saved, they must be disabled before exiting the program
NOTE: New changes require you to selectively enable these settings, without entering in the master key, and then restart the program
1.) Enable: Options -> Policy -> New Database
2.) Enable: Options -> Policy -> Save Database
3.) Enable: Options -> Policy -> Change Master Key
4.) Enable: Options -> Policy -> Change Master Key - No Key Repeat
File -> New...
Database Settings -> General -> Database name
Database Settings -> Security -> Database file encryption algorithm: AES/Rijndael (256-bit key, FIPS 197)
Database Settings -> Security -> Key derivation function: AES-KDF
Database Settings -> Security -> Iterations:
Example Iterations:
Start Menu -> Run -> Calc
Calc -> Menu -> Scientific
Calc -> 2 -> xY (exponent) -> 20 -> = -> 1048576 -> M+ (Memory add)
1.) Calc -> MR (Memory recall) -> x or * (multiply) -> 64 -> = -> 67108864 ( Average Delay Time -> Multicore PC: 1-2 Seconds )
1A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear)
2.) Calc -> MR (Memory recall) -> x or * (multiply) -> 128 -> = -> 134217728 ( Average Delay Time -> Multicore PC: 2-2.5 Seconds )
2A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear)
3.) Calc -> MR (Memory recall) -> x or * (multiply) -> 256 -> = -> 268435456 ( Average Delay Time -> Multicore PC: 4-4.5 Seconds )
3A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear)
4.) Calc -> MR (Memory recall) -> x or * (multiply) -> 384 -> = -> 402653184 ( Average Delay Time -> Multicore PC: 7-7.5 Seconds )
4A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear)
5.) Calc -> MR (Memory recall) -> x or * (multiply) -> 512 -> = -> 536870912 ( Average Delay Time -> Multicore PC: 9-9.5 Seconds )
5A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear)
6.) Calc -> MR (Memory recall) -> x or * (multiply) -> 768 -> = -> 805306368 ( Average Delay Time -> Multicore PC: 14-14.5 Seconds )
6A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear)
7.) Calc -> MR (Memory recall) -> x or * (multiply) -> 1024 -> = -> 1073741824 ( Average Delay Time -> Multicore PC: 18-19.5 Seconds )
7A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear)
8.) Calc -> MR (Memory recall) -> x or * (multiply) -> 1536 -> = -> 1610612736 ( Average Delay Time -> Multicore PC: 28-28.5 Seconds )
8A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear)
9.) Calc -> MR (Memory recall) -> x or * (multiply) -> 2048 -> = -> 2147483648 ( Average Delay Time -> Multicore PC: 37-38.5 Seconds )
9A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear)
10.) Calc -> MR (Memory recall) -> x or * (multiply) -> 4096 -> = -> 4294967296 ( Average Delay Time -> Multicore PC: 75-76 Seconds )
10A.) Calc -> MC (Memory Clear)
10B.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear)
11.) Calc -> Edit -> History -> Clear
11A.) Alternate: Calc -> Right Panel (History Tab) -> Trash Can icon in the bottom right corner (Clear)
NOTE: On most mid-range smartphones, ranges 3-7 can often take anywhere between 2-10 minutes to decrypt
Database Settings -> Compression: Gzip
Database Settings -> Advanced -> Limit number of history items per entry: 0
Database Settings -> Advanced -> Limit history size per entry (MB): 0
Database -> Right Click -> Add Group...
NOTE: More sensitive passwords typically only work with Option #2, and require Two-channel auto-type obfuscation to be disabled
NOTE: Most things work with Option #2 and Two-channel auto-type obfuscation enabled in a browser
NOTE: Option #1 works with the majority of logins for game launchers and other similar software
NOTE: In most situations, Option #2 with Two-channel auto-type obfuscation enabled will be the default choice
Option #1 -> Add Group -> Auto-Type -> Override default sequence -> {USERNAME}{TAB}{PASSWORD}{ENTER}
Option #2 -> Add Group -> Auto-Type -> Override default sequence -> {PASSWORD}
Database -> <Entry Name> -> Edit Entry...
Edit Entry -> Username
Edit Entry -> Password
Edit Entry -> Repeat
NOTE: The easiest way to set it up is assign groups with a special ruleset so post-setup configuration is easier later on
Edit Entry -> Auto-Type -> Enable auto-type for this entry
Edit Entry -> Auto-Type -> Inherit default auto-type sequence from group
NOTE: In some cases you might have to bypass the rules for individual entries to maintain a cohesive layout within the group
NOTE: This is if the software does not allow you to tab between fields, or copy paste (security software is like this.)
Option #1 -> Edit Entry -> Auto-Type -> Override default sequence -> {USERNAME}{TAB}{PASSWORD}{ENTER}
Option #2 -> Auto-Type -> Override default sequence -> {PASSWORD}
NOTE: You have to manually enable or disable this for each entry within each group:
Edit Entry -> Auto-Type -> Two-channel auto-type obfuscation
Practical Considerations / Choices for the Most Frequently Used KeePass Group Settings Templates / Layouts:
1.) Most common for computer software on a desktop / laptop (2.) Common for browser logins, and some computer software
3.) Most common for security software / programs / poorly-designed web page logins (4.) The least common type of group layout
NOTE: If you are using KeePass to create a database to export to KeePassDX, layout #2 or #3 save the most time when manually editing entries.
1.) ENABLE: Add Group -> Auto-Type -> Override default sequence -> {USERNAME}{TAB}{PASSWORD}{ENTER}
1.) ENABLE: Edit Entry -> Auto-Type -> Enable auto-type for this entry
1.) ENABLE: Edit Entry -> Auto-Type -> Inherit default auto-type sequence from group
1.) ENABLE: Edit Entry -> Auto-Type -> Two-channel auto-type obfuscation
2.) ENABLE: Add Group -> Auto-Type -> Override default sequence -> {PASSWORD}
2.) ENABLE: Edit Entry -> Auto-Type -> Enable auto-type for this entry
2.) ENABLE: Edit Entry -> Auto-Type -> Inherit default auto-type sequence from group
2.) ENABLE: Edit Entry -> Auto-Type -> Two-channel auto-type obfuscation
3.) ENABLE: Add Group -> Auto-Type -> Override default sequence -> {PASSWORD}
3.) ENABLE: Edit Entry -> Auto-Type -> Enable auto-type for this entry
3.) ENABLE: Edit Entry -> Auto-Type -> Inherit default auto-type sequence from group
3.) DISABLE: Edit Entry -> Auto-Type -> Two-channel auto-type obfuscation
4.) ENABLE: Add Group -> Auto-Type -> Override default sequence -> {USERNAME}{TAB}{PASSWORD}{ENTER}
4.) ENABLE: Edit Entry -> Auto-Type -> Enable auto-type for this entry
4.) ENABLE: Edit Entry -> Auto-Type -> Inherit default auto-type sequence from group
4.) DISABLE: Edit Entry -> Auto-Type -> Two-channel auto-type obfuscation
File -> Save
Disable: Options -> Policy -> New Database
Disable: Options -> Policy -> Save Database
Disable: Options -> Policy -> Change Master Key
Disable: Options -> Policy -> Change Master Key - No Key Repeat
Right-Click System Tray Icon -> Lock Workspace
File -> Exit
KeePassDX -> Gear Icon (Top Right Corner) -> App settings
Enable: Delete password
Disable: Write-protected
Enable: Keep screen on
Enable: Show lock button
Generated Password size: 64
Enable: Hide passwords
Enable: Remember databases locations
Enable: Remember keyfile locations
Enable: Show recent files
Enable: Hide broken database links
KeePassDX -> Gear Icon (Top Right Corner) -> Form filling
Device keyboard settings -> Manage Keyboards -> ENABLE: Magikeyboard (KeePassDX)
Enable: Magikeyboard settings -> Entry: Entry selection
Enable: Magikeyboard settings -> Keys: Auto key action
Enable: Magikeyboard settings -> Switch Keyboard: Auto key action
Enable: Autofill settings -> Manual selection
KeePassDX -> Gear Icon (Top Right Corner) -> Advanced unlocking
Enable: Device credential unlocking
Enable: Auto-open prompt
Delete encryption keys (useful only if you have to generate / import a new database layout)
NOTE: After you reboot the device / smartphone, you have to log into the database, making sure to tap the orange circle emblazoned with a lightning bolt afterwards
NOTE: Save your database ( 3 vertical dots in the top-right corner -> Save data )
KeePassDX -> Gear Icon (Top Right Corner) -> App settings
Enable: Write-protected (Only Enable after saving a working configuration)
NOTE: The Following List Describes a Process for Inputting Database Entries into the Password Field on a Login Screen / Prompt / Form:
1.) Enter in the username for the login credentials if necessary / based on entry / group layout
3.) Enable the keyboard using the following line below
3A.) Settings (Android UI) -> Language & input -> Current keyboard -> Switch from Gboard to Magikeyboard (KeePassDX)
2.) Switch to KeePassDX and select the entry from the database
4.) Switch back to the login screen on the app and click the button with 3 stars / asterisks on it ( *** )
0 Replies