KeePassXC Advanced Usage // 8 features you might have not heard about

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

keepassxc can do more than you thought i'm aaron from security guide me and i will show you eight features that you might have not heard about i've been using a password manager for 10 years now and i have more than 700 unique passwords in my password manager now it would be interesting if any of them have leaked and there's quite a nice feature in keepassxc when you go to your password manager go to database database reports and here it says have i been phoned and this is a feature where you can check if your passwords have leaked and entered to the database of have i been pulling so i go there to have a component and say perform online analysis and i see that my linkedin password was leaked in up to 10 data leaks we can also have a look at the section health check where it says that i have one very weak password this should not happen if you randomly generate your passwords using the password generator two-factor authentication provides additional security for your web accounts in most cases as a second factor there is a short message sent to your phone but for example i would not like to disclose my phone number to facebook so there is an alternative which is called totp which is a time-based one-time password and let's go to facebook and set this up we can go to security and login and say use two-factor authentication i click on edit here i have three methods uh to choose from one of those is short messages i would not like to use that second is a security key and this authentication app is a time-based one-time password so let's use this one we for security reasons need to enter our password we ought to fill this from keepass and submit and here we have a qr code to scan which we can scan with our mobile phone for example and an authenticator app and here we have a secret that we can copy go to our password manager right click uh the entry go to totp which is our time-based one-time password and set up totp enter the security key leave the defaults and say ok now we have this small clock here at this entry and just double click it say continue and here we enter the code that was put into the clipboard by double clicking that clock say done if we log out now we can use keepass to autofill our email address and password say sign in and now it says two-factor authentication required and here we see this bubble which comes from keepass2 and now the totp code the time-based one-time password is entered automatically say continue and we're successfully logged on two-factor authentication is always something you know which is your password and something that you have which is for example your mobile phone with the app that generates that one-time password now i know it's not the perfect solution to store your one-time password secret into your password manager where also your password is stored but i think it still makes sense to use totp with keepassxc because for example if you get phished and you lose your credentials to an attacker the attacker will not be able to re-authenticate because the attacker still won't have your one-time password and if you say it's a no-go to store your totp information your password manager you must not store your backup codes for example there either i personally stick to my ub key which is a hardware token which i prefer sometimes you need to use the same set of credential for multiple services especially if you're in a company and have for example citrix login and vpn login which both authenticate against the company's active directory here you can go to an entry let's take linkedin here right click and clone the entry and now say replace username and password with with reference now we have a clone here which is our second linkedin entry let's say this is linkedin linkedin backend and the username is a reference to the original linkedin entry and the password either and now you can even change the username to add domain. locally for example if the application have different uh username conventions and save it and now if you update your linkedin username the linkedin backend username will also be updated automatically if you use the same set of credentials like username and password for multiple applications you can go to the entry go to the browser integration and specify an additional url now let's say add and we use for the facebook entry also work dot workplace.com which is also a facebook application say ok and now going to the browser the keepassxc extension allows me to fill in my facebook credentials at work.workplace.com if you liked my video so far you might want to give me a thumbs up and if you're interested in security topics you might want to subscribe to my channel one of my next videos will be about how i clicked on a ransomware and how i want to recover from it imagine you have a netflix account and you want to share your netflix credentials with your mom keepassxc has a feature to share your credentials to do this we go here and create a new group see share with mommy okay go to our original group take our netflix entry move it to the new group here we go right click edit group go to keyshare and we say synchronize for example here it says keyshare is currently disabled you can enable input export in the application settings so let's do this go to settings key share and allow import and export for example as you need it we say we want to synchronize we can either export our entry or import it or it allows us to synchronize it and take changes from both sides let's specify a path and we go to our onedrive share to upload it automatically to the cloud and say file name is keepass share mummy specify a password apply it and ok we can now go to onedrive right click our share file and click share to be able to share it with our mummy say mommy at example.com and send her the link and now she can synchronize the file to her computer and in her keepers she just needs to create a new group shared by greggy go to keyshare say we want to import the file find the share file enter the password and say okay and here we see that we got access to greg's netflix account if we want to synchronize in both directions we still go to edit group and choose synchronize and we can now change the netflix password and it will be automatically shared back to our own keypass file it always makes me feel kind of bad if i have to store files with sensitive contents in my documents and keepassxc has a solution for that too let's go and create a new entry where we say for example server data go to advanced and here we have a section with attachments and here we can say add and add our secret ssh files or kubernetes config files to an entry in our password manager it's simple as that if you need to open the file you can just double click it it will be opened by the default application on your computer and if you close it you can select if you want to discard changes or save them to your keepass file and the files will automatically be wiped from the computer and stored back to your keepers file if we save our ssh key as an attachment to an entry we can use another useful feature from keeper 6c which is the ssh agent this integrates with open ssh or putty and allows us to authenticate using this private key we need to go to settings ssh agent and enable ssh agent integration first say ok then we go to our entry go to ssh agent and say add key to agent when database is opened or unlocked and remove the key from the agent when the database is closed or locked here we need to specify our private key which is an attachment in that case we choose idrsa we see our public key here say okay now for the first time because we didn't open our keepassxc file in the meantime we right click say add key to the ssh agent and then we can have a look at put this page in and see that our key was added to the pageant daemon now we can go to putty choose the server we want to connect to say login as aaron and now it's automatically authenticating using my certificate if you want to further restrict access to your password manager file you can use for example a hardware token like a ubi key let's set it up together i insert my ubiq to my laptop go to the ub key manager applications and here's choose one-time passwords configure my second slot which is empty choose challenge response generate a secret key and if you want you can also require a touch say finished our ub key was successfully configured now we go to database database security and add additional protection you can also use a key file here but here you make sure you do not lose your key file and same is valid for your ubikey you must not reconfigure slot 2 on your ruby key now and best is if you back up your secret from your ubikey for example write it down on a piece of paper and store it in a save for example now we add ubiquity challenge response the ubiq you can choose the ub key save okay and now we touch the ub key challenge response is done in the background and our keepass file has now additional protection now we can close the database reopen it enter our password choose the right hardware key say ok touch the ub key and it's opened again for techies keepassxc also provides a replacement for gnome keyring fdo secrets where you can store your passwords not in the gnome key ring but in your keepass file and if you want to do some scripting there is also a great keepassxc cli with many features i hope you liked my video about keepassxc my favorite password manager and if you don't want to miss my video about recovering from ransomware click to subscribe cheers and bye bye

Info

Channel: securityguideme

Views: 815

Rating: undefined out of 5

Keywords:

Id: o6Bk0HLPLzo

Channel Id: undefined

Length: 14min 3sec (843 seconds)

Published: Thu Nov 25 2021