This email was translated using machine translation. Please forgive us for any inaccuracies.
 

KeePass Password Vault 

Frequently Asked Questions

 

How do I use KeePass?

Please refer to the document KeePass Initialization and Use Instructions.pdf for information on basic KeePass operations.

 

How do I create and share a KeePass database credential file with a team or group?

 

1. Where should I store my Emergency Sheet that was printed when I created my password database?

Please fill out the KeePass Emergency Sheet and store it off-site in a secure location. Storing it with the other sensitive personal documents at your home is the recommended solution.

 

2. Can I update the KeePass database on one device and then expect the changes to sync to another device?

Yes, the official KeePass applications are aware of changes made to the database file, even if those changes are not made on the same device. 

 

If the password database is updated and saved on one device while it’s open on another device, the application will ask if you would like to synchronize the changes. Answer yes to this question; it is important to select the “Synchronize” option to keep the newest additions accurate in the database.

 

3. Are new entries or changes to existing entries automatically saved when I create them in the database?

No, new entries or changes to existing entries are not committed to the database until you select the save option from the file menu or click on the save icon on the toolbar.

 

4. I would like to create new folders to store credentials of a similar grouping. Can I create new group folders, or change existing pre-built group folders?

Yes, the folder structure displayed in the left-hand pane of the user interface is completely customizable. You may remove any pre-existing folders and can create as many new folder layers as you would like to organize and store your credentials.

 

5. I have other information that I need to keep along with my username and password for a specific service. Is there a way to store additional information in the KeePass database?

Yes, KeePass supports a notes field which can store any amount of text data that you might need to keep with your credential entry. The database also supports storing small documents and other files inside the entries. You can add file attachments by editing an entry and opening the “Advanced” tab at the top of the Edit Entry dialogue. This is useful for storing file attachments such as instructions or documentation on how to use the service related to the credentials you’ve saved. 

 

6. I have a lot of entries in my database file, and some of my folders have a lot of entries. Is there a quick method to find existing entries in my password database?

There is a fully indexed search function available in the toolbar at the top of the user interface. You can search for any text associated with the entry including usernames, URLs, and any data kept in the notes field. The search is very robust.

 

7. Can anyone open, recover, or otherwise get access to my password database?

No, once your password database is encrypted with your personal passphrase, the only way to access the data file is by entering that exact passphrase again. Capitalization, spaces, and other special characters all count, so be sure to carefully record your passphrase on your emergency recovery sheet.

 

8. What should I use for a passphrase? Is there a suggestion or a starting point?

The best passphrases are those that you have never used anywhere else. For instance, don’t use your existing 16-character computer sign-in as your passphrase. A short sentence comprised of several words, with any spacing and capitalizations that seem easy for you to remember, is a good place to start. Include a mix of upper- and lower-case characters, numbers, and special characters, but length is the real key to a good passphrase. If you can remember an unusual single sentence and enter it consistently, that makes a good passphrase.

 

9. If I have a long and complex passphrase, will I need to enter that passphrase over and over again throughout the day?

Once the database is unlocked, it will remain unlocked and accessible to you until you log out of your PC (locking your PC will not lock the KeePass database) or until you shut down or reboot your PC. Typically, you will open the database once after logging in for the day and then keep it open until you log off at the end of your session.

 

10. We have multiple approved credential management systems. How do I know when I should use Okta, CyberArk, or KeePass?

BW has several credential management systems that have been made available to BW team members. 

  • The OKTA MFA platform includes capabilities for managing credentials for websites and web-based applications. If your credential is related to logging in to a website, then Okta (in combination with the Okta browser plug-in) is the first choice for storing any credential of that type. Click here for instructions.
  • If you are an IT team member and there is a standard for entering a specific type of credential into the CyberArk credential management system, then those credentials should be stored there in accordance with current practice. This primarily applies to domain-connected Azure, Ashburn, and similar servers, on-premises servers, devices, and PCs connected to the BW network.
  • For any credentials outside of those areas, KeePass is the credential management platform of choice. Please remember that passwords are not to be stored in word documents, spreadsheets or other standard file types, even if password protection has been applied to that document.

 

11. Can I use KeePass on my own home personal computer or mobile device?

Yes, KeePass is freely available to everyone to use on their own home PCs and mobile devices.

  • Download the free, open-source version of KeePass from keepass.info (this program is provided by the authors free of charge). It's fully functional for individual needs and can sync across your personal devices if used in combination with a personal file syncing service, such as a personal OneDrive or Google Drive account.

 

12. Can I use KeePass on multiple personally owned devices?

Yes, by syncing the .kdbx file across devices using cloud storage (Personal OneDrive, Google Drive, DropBox, etc.). For security, enable two-factor authentication on your synchronization tool account. You may want to use apps like KeePass2Android/KeePassium for mobile password access.

 

13. How do I generate a strong password in KeePass?

Go to Tools > Password Generator. Customize options like length (recommend 16+ characters), including uppercase/lowercase letters, numbers, and symbols. Check "Avoid ambiguous characters" if needed. Copy the generated password directly into an applications password setting dialogue. A default password is generated automatically when new entries are created in KeePass; these generated passwords are both complex and highly randomized, so they are safe to use.

 

14. What are the best practices for storing personal and work credentials in KeePass?
To maintain security and privacy, it's recommended to keep personal and work passwords in separate databases. As a reminder you will no longer have access to password vaults stored in OneDrive after you no longer work for BW.

  1. Create dedicated databases: Use one password database (.kdbx) file for work credentials (e.g., "WorkPasswords.kdbx" stored on your company device and synced to OneDrive) and another for personal ones (e.g., "PersonalPasswords.kdbx" on your personal devices and private file synchronization service). 
  2. Organize within databases: Use groups/folders (e.g., "Vendors" vs. "Banking") and tag entries for easy access.
  3. Storage and access: Store work databases only on company-managed PCs which are backed up by OneDrive. Use strong, unique master passwords/passphrases. For personal databases, enable two-factor authentication on sync services (e.g., iCloud or Google Drive).
  4. Company policy note: Follow BW's guidelines in question 10 above—for example, some work-related credentials must be stored in our CyberArk central credential management system. If in doubt, consult IT to avoid policy violations.


15. What if I forget my master password?
Remember, there is no capacity in KeePass to recover master passwords—it's designed that way for security. Use a memorable but strong passphrase (e.g., a sentence with substitutions). Store recovery hints in a separate secure location at home, with your other important personal documents.

 

16. What happens to my KeePass database if I leave the company?
For work-related passwords, follow BW’s offboarding procedures— for some accounts you may be required to share or reset some credentials in the database to protect sensitive company data. Before leaving:

  • Do not export or take any passwords without explicit approval, as this may violate policies or legal agreements.
  • Contact the People Team or IT for guidance on transitioning work credentials. A KeePass database should not mix personal and work entries; ensure you have created a separate personal database on your personally owned computer to avoid complications.

 

17. Do the BW service desks support KeePass apps on mobile devices?

The BW Service Desks support KeePass on BW-managed PCs but do not support KeePass on mobile devices.

View Archive
Copyright © Barry-Wehmiller Companies