Password manager - practical and secure at the same time - TUXEDO Computers

Every year on the first Thursday in May, we celebrate World Password Day. This year, it falls on May 1st. At TUXEDO, we’re taking this opportunity to encourage you to use an open-source, cross-platform password manager.

Commonly Used Passwords

The most commonly used passwords worldwide last year were, once again, 123456, 123456789, password, and qwerty. If you then reuse these across all websites, you might as well not bother with a password manager. Especially today, using such passwords is grossly negligent. If one of the websites you log into falls victim to a cyberattack, your login data becomes an open book, and your home network is at serious risk of being compromised by hackers.

However, if you use strong passwords and correctly assign a unique, secure password to every website, service, or login, you’ll hardly manage without a password manager — the only truly practical way to handle passwords. In doing so, you’ll join the roughly 30 percent of internet users who already use a password manager.

An ideal password should be at least 14 characters long and consist of letters, numbers, and special characters to effectively fend off dictionary attacks. And how can you generate such secure passwords? Most password managers offer built-in password generators that can create passwords according to your specifications.

Why Use a Password Manager?

Let’s take KeePassXC as an example to highlight the advantages of a password manager. This password manager originated as a community fork of KeePassX, which itself was a native, cross-platform port of the original KeePass. It was initially developed for Windows and often relied on external ports or .NET/Mono for use on other systems.

Third-party apps are available for mobile devices. For Android, the developers recommend KeePassDX or Keepass2Android. For iOS and macOS, KeePassium is the best solution. The previously often recommended app Strongbox was recently sold to a company known for significantly changing software after acquisition.

Alternatives to KeePassXC

Aside from KeePassXC, there are other open-source password managers like Bitwarden, a very popular and user-friendly password manager with cloud synchronization. It runs on Windows, macOS, Linux as well as in browsers. Bitwarden’s server can also be self-hosted under the community project named Vaultwarden, ensuring your data stays entirely within your home network. Vaultwarden can easily be run via Docker and works seamlessly with Bitwarden clients and browser extensions.

KeePassXC can be kept up to date across devices via local synchronization using tools like Syncthing, Nextcloud, or — for TUXEDO customers — the myTUXEDO cloud, which we’ll discuss shortly.

Availability

KeePassXC is available for Linux, BSD, macOS, and Windows. On Linux, it’s found in the repositories of nearly all distributions, although not always in the latest version. Since it’s a security-critical application, in such cases you should consider installing it as a Flatpak or building it yourself from the source code on GitHub if needed. As a TUXEDO OS user, you don’t need to worry: we always provide the latest version, currently v2.7.10.

Browser Integration

KeePassXC and other password managers can autofill login forms in your browser with just a few clicks using the appropriate browser extension.

Browser extensions are available for Firefox, Tor Browser, Google Chrome, Chromium, and their derivatives such as Vivaldi or Opera, as well as for Microsoft Edge. KeePassXC uses the native KeePass 2.x database format (.kdbx) but can also import and convert older KeePass 1 (.kbd) databases. Since version 2.7.7, KeePassXC has full support for Passkeys and also supports YubiKeys for additional security. Since version 2.7.7, KeePassXC has full support for Passkeys, allowing users to store and use this method for authentication on supported websites. KeePassXC also supports YubiKeys for additional security.

Installation

In TUXEDO OS, you can install KeePassXC either via the Discover package manager or the console. Use the command:

sudo apt update && apt install keepassxc

Importing Password Databases

KeePassXC can import databases and password lists from various other password managers. Supported formats and sources include:

• KeePass 1 (.kdb): Older KeePass databases can be imported directly.

• KeePass 2 (.kdbx): These databases do not need to be imported and can be opened and used directly.

• Bitwarden (.json): Exported Bitwarden or Vaultwarden databases can be imported.

• Proton Pass (.json): Imports from Proton Pass are supported with recent versions.

• CSV files: Many password managers allow exports in CSV, which KeePassXC can import. You may need to map the columns during import.

First Steps and Usage

KeePassXC offers a user-friendly setup process that makes it easy for beginners to get started.

If you’re migrating from another password manager, KeePassXC makes the transition smooth. You can import databases from KeePass (.kbd, .kbdx) as well as 1Password, Bitwarden, and Proton Pass. CSV and JSON files exported from other managers or spreadsheets are also supported.

You can configure the database format and encryption strength to your security needs. Stronger encryption may result in slightly longer decryption times. Under the Advanced tab, you can select the encryption algorithm, key derivation function, and number of iterations. These settings can also be adjusted later under Database >> Database Security.

Importing is quick, and your passwords, passkeys, and other entries will be ready for use in no time. Alternatively, you can create an empty database or add entries if you previously used a paper list.

KeePassXC Also Supports Passkeys — What’s the Difference?

Passkeys are a modern, secure alternative to traditional passwords for logging into websites and apps. They allow for passwordless login using asymmetric cryptography, which relies on a key pair consisting of a private and a public key. When setting up a passkey, a private key is created and securely stored on your device. It never leaves the device. A corresponding public key is stored with the online service. When logging in, the service asks your device to create a digital signature using the private key. Access is granted only if the signature matches.

Synchronization

As a TUXEDO customer, you have free access to 10 GB of storage in your personal myTUXEDO Cloud. This gives you the perfect tool to keep your KeePassXC database up to date and accessible across multiple devices. This method works just the same if you use your own Nextcloud instance, which the myTUXEDO Cloud is based on.

Setting Up Synchronization

Create a folder in your myTUXEDO Cloud named something like Passwords and copy your KeePassXC database (.kbdx) from your TUXEDO into it. Then, in your Nextcloud client on your TUXEDO device, add synchronization for the Passwords folder. Any changes to the KeePassXC database will now sync within seconds. For mobile devices, it’s best to use use WebDAV for synchronization.

We hope this article has helped dispel any concerns you may have had about using a password manager, and inspired you to manage your passwords in an open-source, practical, and secure way. If you’d like to learn more about passwords and user management, we recommend reading our knowledge base article Users, Administrators, and Passwords – Here’s the Difference!.