How to Securely Store Passwords in Windows

by Ross McKillop on May 5, 2014

Security Windows

This is part 1 of a “3 part series” on how to easily manage and access all of your passwords across all your computers, phones and tablets.

In light of the recent Heartbleed Bug and several other major website hacks (one of which involved 40 million credit cards being stolen) – it’s time to take your passwords seriously. Long gone are the days of thinking that a word with the vowels replaced by numbers (l1k3 th1s) can be considered ‘secure’. If you use the same password on more than one site or service, you’re asking for trouble. To keep yourself safe, you have to use a different password for every single service or site that you use, and those passwords have to be impossible to guess. Trying to commit dozens of secure passwords, like “#dOzu3!pDD”, to memory – not likely. So what’s the solution? To use a password manager.

A password manager allows you to store all of your passwords in one place, and use one “Master Password” to access all of them. That way, you only have to memorize one complicated password in order to access all of your complicated passwords. The password manager stores all of your information in an encrypted file, so even if someone steals that file, they won’t be able to open it without knowing the password. There are quite a few password managers to choose from, and each has their own merits. Our favorite is KeePass – for three pretty good reasons:

  1. It’s Open Source (free)
  2. You can synchronize your passwords across all your PCs, Macs, iPhones, iPads and Android devices
  3. You can install a Browser Extension or Add-On to “one click” access your passwords right from within your browser

In this guide we’ll show you how to set up KeePass in Windows and add your first few entries. The next tutorial (to be published shortly) will take you through the steps required to sync your passwords across all of your computers, phones and tablets – so that you don’t have to update each one every time you change a password or join a new service. Another benefit is that if your main computer were to crash – all of your complicated and difficult to remember passwords will be backed up to your phone/tablet/other computer(s). Or if your phone gets stolen, your passwords will be stored inside of your secure password manager. In the last of the three part series, we’ll show you how to connect KeePass with your web browser, so you can “one click” a button to have your username and password automatically populated when you visit a site.

So let’s jump in!

  1. Start out by downloading and installing KeePass 2.x (the Professional Edition, not the “Classic” edition). The installation is very straight forward, you’ll mostly just click “Next” a bunch of times. There are a couple of things to note during the installation – the first is to create a Desktop icon. Make sure there’s a check in the box Create a desktop icon. This isn’t mandatory, but it helps to easily access the program until you’re completely used to using it.
  2. At the end of the installation, make sure Launch KeePass is checked, and click Finish.
  3. When prompted, select Enable (recommended) on the Enable automatic update check? window.
  4. Now you’ll be presented with the main KeePass screen.

  5. click to enlarge

  6. Let’s jump right in. Click the New button from the upper-right corner of the window.
  7. This will create a new and secure database to store all of your information in. Give the file (database) a name – ideally something fairly descriptive. Save the file somewhere on your computer that you’ll remember, but “out of the way” (you won’t need to access it directly very often, if ever).

  8. click to enlarge

  9. Now you’re going to create the “Master Password”. This is the password that will open KeePass, which is where all of your passwords will be stored. You have to create a password that’s impossible to guess. Use a combination of upper and lower case letters, at least one number, and at least one symbol (eg. the pound/number sign “#” or an exclamation (!). DO NOT use any words found in the dictionary, your name, your pets name or a city name. Since this is the only password you’re ever going to have to memorize again (because every other password will be securely stored within KeePass) – make it very complicated. You can write it down on a piece of paper and reference that paper until you have the password memorized, but use a little “trick”. Add your name or a city and your birth year to the password you write down, and remember not to include the city/name and your birth year when you actually enter your password. As soon as you’re confident you have the password memorized, destroy the piece of paper that has your “fake” password on it. Also, don’t store that piece of paper right next to your keyboard (or under it) :) – put a bit of effort into hiding it.

    Enter this password in both the Master password and Repeat password fields. Under no circumstance should you make this password one that you’ve ever used before. Make sure the only box that has a check in it is Master password:, and then click OK.


  10. click to enlarge

  11. Give your database a name (doesn’t matter what, but descriptive is good). If you’d like to give it a description, feel free (not mandatory). Click OK when you’re done.

  12. click to enlarge

  13. The main KeePass window will appear again, but this time with the columns filled out and several “example” entries.

  14. click to enlarge

  15. The first thing we’re going to do is delete the example entries. Highlight the first one by clicking on it once, and then select Edit from the main menu, and then Delete Entry from the pull-down menu.
  16. Repeat the above step to delete the other example entry. You should now have an empty ‘main’ window, as illustrated in the screenshot below.

  17. click to enlarge

  18. Now let’s create your first real entry. Select eMail from the KeyPassDatabase column.
  19. Click the Add Entry button from the Toolbar (it’s the 4th one from the left – hover your cursor over each button and its name/function will appear).
  20. As your first entry, let’s enter and store your email information. In the Title: field, give your entry a very descriptive name. In my example I used “Gmail” – which is my email service. If you have more than one Gmail address, you may want to title the first one “Gmail – address1@gmail.com” so you can easily differenciate between the two. Then enter the username associated with your email account. Sometimes this is your full email address, sometimes it’s the part before the @ symbol. It will vary based on the email service you use. Refer to your email provider if you’re unsure. Then enter the Password for your email account in both of the provided fields. If your email is “web based” – you can even enter the address in the URL: field. If you’d like to add notes, do so in the provided Notes: field. Click OK when you’re done.

  21. click to enlarge

  22. Now in the main KeePass window, you’ll see your email address entry.

  23. click to enlarge

  24. Let’s add another entry – this time select Internet from the KeyPassDatabase column, and then click the Add Entry button.
  25. Now fill in the information for a website that you use that requires a username and password. I created one for Facebook. Again, if you have more than one account on this website/service, you may want to give it a title along the lines of Service – Name. Then fill in the other fields – and don’t forget the URL:. Click OK when you’re finished.

  26. click to enlarge

  27. Now in the Internet section, you’ll have your first “website” entry.

  28. click to enlarge

  29. Exit the program by clicking the X in the upper-right corner, and you’ll be forced to either save or discard your changes. Of course you want to save them, so click the Save button
  30. Now that KeePass has closed – re-open it by double-clicking its desktop icon. You’ll be forced to enter your Master Password before the program will open and display all of your saved passwords and sites.
  31. That’s it! You now have a safe and secure place to store your passwords.

  32. click to enlarge

Remember to check back soon for parts 2 and 3! :)

  • Pingback: Securely Store Passwords | ^v

  • http://www.indusface.com/ indusface

    Hello Ross,

    Really nice information. At the same time, is there any way to retrieve master password if we forget it ?

    Thanks in advance.

  • http://www.simplehelp.net/ Ross McKillop

    @wwwindusfacecom:disqus – no, there’s no way to retrieve it, which is part of the reason for this method being so secure… :)

  • Jonny

    Well here we need to remember 2 critical password – 1. for the computer to logon ( keepass storage is still useless as we have not got to the keepass) and 2. the keepass password. so still wacking the brain has to be done. :-)

  • Jonny

    Well written article esp with screen shots. Awesome Ross. Keep up

  • alifakbar

    thank u very much for password securing