= Keepass =

<<TableOfContents>>

 * Background information: https://www.heise.de/news/Open-Source-Adventskalender-Der-Passwort-Manager-KeePass-6288780.html

== Description ==

!KeePass(X) is a tool to store and manage passwords. It is freely available for 

 * MacOS/Windows/Linux - !KeePass: https://keepassxc.org/. 
 * Android: https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free
 * iOS - https://keepassium.com/

== How KeePassXC works ==

 * KeePassXC create/open/edit/save password-databases in a single file.
 * A password-database is basically an encrypted file, where you can store your various usernames/passwords/URLs and also attachments like pictures or other important / private documents.
 * A password-database can only be opened if you know the Master-Password. The Master Password is the key to all your stored passwords.
 * If you forgot your Master-Password, you cannot access your stored passwords anymore.
 * Encryption -- either the Advanced Encryption Standard (AES) or the Twofish algorithm are used for encryption of the database in 256 bit sized increments
 * All features:  http://www.keepassx.org/features/

== Using KeePassXC on the Thinlinc terminals ==

 * Start KeePassXC:
  * Ubuntu / Thinlinc: Applications > Accessoires > KeePassXC
  * command line: keepassxc
 * You can use the same password database on different computers if they have KeePassXC installed.
 * When opening KeePassXC with a database, you will be asked for the master password of the file.
 * When a password database is open, KeePassXC "locks itself" after a certain amount of time. After that you have to unlock the file again with your master password.
 * You can hide/view usernames and passwords by clicking on "View" --> "Hide Usernames" and "View" --> "Hide Passwords"
 * You can right-click on an entry and choose "Copy Username to Clipboard" or "Copy Password to Clipboard". You can then paste the password. After a few seconds, the password is no longer stored in the Clipboard.

== Creating a Password Database ==

 * Click on "File" --> "New Database..."
 * you will be prompted to set a master key. Input your master password (the master password for all your other stored passwords). Then click "OK"
 * repeat your master password. click "OK".
 * chose a group. (Standard choices are Internet of eMail. You can also create your own groups).
 * click on "Entries" --> "Add New Entry..."
 * Input the information you need
  * Title: a short description of the entry
  * Username: your username
  * URL: on what homepage do you need the password
  * Password: your password
  * Repeat: repeat your password
  * Comment: a longer description of the entry
 * click on "File" --> "Save Database"
 * chose a location and a name for your password database. click "OK"

== Best practice: Sync Database via cloud ==

 * Only use a cloud service if you need to sync your passwords over several devices.
 * Decide on your own: 

   * Pro 'cloud':
     * all of your confidental data on all devices.
     * creates automatically backups.

   * Contra 'cloud':
     * If your cloud access is compromised or the cloud service provider is compromised: the thief owns the treasure.

 * US based cloud provider like Google Drive, Dropbox, Apple iDrive, Microsoft !OneDrive:

   * Those services are very attractive to hackers.
   * The NSA has the right to get all data from US companies. After Snowden it's for sure, the NSA is not friendly. 
   * Rule of thumb: '''Don't use US hosted / company based services''' for confidential data.

 * Local cloud storage provider: 

   * https://drive.switch.ch - Switch Eduction cloud service - '''switchdrive'''
   * [[drive.math.uzh.ch]] - I-MATH

 * How to:

   * On all devices where you like to sync your !KeePass database file, install and configure [[drive.math.uzh.ch]]
   * Open the !KeePass database file on all of your devices directly from the cloud folder.

= Browser integration / MFA Setup / Passkeys =

 * KeepassXC can be used from within a browser (Chrome, Chromium, Firefox, Vivaldi, Brave, ...)
 * Browser connection to  KeepassXC is nice: different browsers offer the same accounts/credentials - if synced via cloud than also on different computers.
 * TOTP service (one time token).
 * Passkeys support.

Finally: no more MS-Authenticator app needed, no more single device dependency, login to any MFA protected website without a mobile phone.

== KP: Settings ==

{{attachment:kp-browserintegration.png}}

 * Settings > Browser Integration > Enable integration ...: Chrome, Firefox, ...

== Browser Plugin ==

 * Install the corresponding browser plugin (links: Check settings dialog '5' )
 * Passkeys