University of Southampton

iSolutions

How to protect and manage your passwords using a web browser or KeePassXC

This article explains what a password manager is and how it works. It suggests how to manage your password on a web browser and how to manage the password shared with your team using KeePassXC password manager.

iSolutions does not support this software, though we recommend teams to use KeePassXC to manage shared passwords in a secure and easy way. 

3 reasons why you should manage your passwords using a password manager

Complex passwords are hard to remember

Every password has certain character requirements that can be difficult to remember. Most of the times they are a mix of numbers, symbols, and lengths.

A password manager application can:

  1. Suggest strong passwords
  2. Store them in a safe place
  3. Autofill your login information when necessary

Data breaches and protection

Using the same password for many accounts can be very dangerous. A single data breach can happen anytime and can affect any of your accounts. 
Password managers can store and organize your passwords with:

  • Secure digital encryption 
    and
  • Multi-factor authentication.

They can also let you know about phishing sites because each username and password are tied to a specific URL. Even if you visit a phishing site, your login information will not filled automatically because the URL does not match the one saved in the password manager. 

Save time using the autofill feature

Password managers can connect your login information across many devices, websites, and apps. They can also autofill sensitive data.

---

Back to the top

 

Password Manager: what is and how it works

Overview

A password manager is a program or application that allows you to store passwords and other login information in a safe location.

Many software managers work as password generators. You can use them to create new, stronger, and unique passwords.

Through a password manager, you can store:

  • Login information
  • Credit card numbers
  • Addresses
  • Phone numbers
  • Secure notes

You can access your login information using a master password or other security steps based on biometric data. Password manager applications can also autofill your login information on websites they recognize. 

How it works

Using a password manager, you can create and store unique passwords. The password manager application stores your login information in a secure virtual vault. When you visit a site or open an app where you need to log in, the password manager automatically fills in your login name and password for you.

All you need to access your stored passwords is a master password. This password lets you get into the manager and allows you to access your saved login information.  Please note: the master password, as its name implies, is very important and should be the most highly protected password.

Password managers can work in different ways. They can be:

  • Installed locally
  • Accessed online via the web
  • Used as a single sign-on.

Locally Installed Password Managers

Locally installed password managers are also known as desktop-based password managers.

They store and encrypt passwords on a specific device, such as your computer or smartphone. Your data is stored in an encrypted file which can be locked with the master password.

Browsers with built-in password management (such as Microsoft Edge, Google Chrome, Mozilla Firefox, or Safari), will show you a pop-up message when you log into a website. This message will ask you whether you want to store your information or not. Locally installed password managers allow you to sync passwords across devices.

Please note: using a locally installed password manager, you will lose all your password manager data if you lose or break your device.

Web-Based Password Managers

Web-based (or “cloud-based”) password managers store your passwords on a server. You can access and sync your data from different devices if you have an internet connection.

Your data is encrypted on your device before it hits the servers, so you know it's safe and secure. Like locally installed password managers, web-based ones are also accessed using a master password.

Single Sign-On (SSO) Password Managers

Single sign-on password managers allow you to use a single password for all web services and applications.

This type of password manager is often used in workplace settings, so employees can:

  • Easily access the sites and apps they need  
  • Avoid managing and sharing multiple passwords.

SSO relies on passing tokens to the site or app to request authentication.

---

Back to the top

 

Keep your browser safe using a Two-Step Authentication

You can keep your browser safe using Two-Step Authentication. This kind of verification is a process that helps protect your account and includes any combination of 2 factors such as:

  • a password
  • a contact method (such as your phone number, your email), or
  • an authenticator app

Even if someone else finds your password, they will not be able to access your data if they do not know the other factor.

Please note: if you lose your contact method, your password alone will not get you back into your account. 

What happens when you turn on two-step verification

After turning on two-step verification, you will get a security code to your email, phone, or authenticator app. You will need it every time you sign in on a new device / browser or on a device / browser that has not been marked as “trusted” yet.

When you sign in on a new device or from a new location, you will need to confirm your identity by entering a security code on the sign-in page.

---

Back to the top

 

Personal passwords – How to manage them from a web browser

You can get all these benefits by using the browsers’ built in password manager. This section lists useful resources about the following browsers:

  • Apple Safari
  • Google Chrome
  • Mozilla Firefox
  • Microsoft Edge

Apple Safari

Google Chrome

Mozilla Firefox

Microsoft Edge

---

Back to the top

 

Team’s passwords – How to manage them using KeePassXC

Overview on KeePassXC

KeePassXC is a free and open-source password manager for Windows, Apple macOS, or Linux. It helps you manage your team’s passwords (and your password as well, if you want) in a secure way.

KeePassXC and other password managers work as a database where you can store all your passwords safely, locking them with a master key. This master key is the only password you need to remember to unlock the whole database.

Database files are encrypted using secure encryption.

Please be aware that sharing passwords can be risky if done without care. To avoid any risk please read carefully the section "Recommendations about sharing passwords with team members".

 

Step 1 - Downloading and installing KeePassXC

Downloading KeePassXC is quite easy. You just need to:
1. Open the KeePassXC Password Manager website

2. Select the button “Download

""
 
3. KeePass will automatically recognise your Operating System (OS). It will provide the downloadable version of the software for your OS or the source code.

Screen showing KeePassXC for Windows 10. On the top, you can see 4 tabs saying MacOS, Windows, Linux, and Source code. In the middle of the screen, you can find the button "Download for Windows". On the bottom there are 3 links: PGP Signature, #SHA-256Digest, and Verifying signatures.

 

Step 2 – Installing KeePassXC on your computer

Once you have downloaded the file, launch the installer, and follow the instructions. The process will last just a couple of minutes.

 

Step 3 – Getting started

Once you have installed KeePassXC, you can start creating your password databases. By creating password databases and master keys, you can:

  • Upload the KeePassXC files to SharePoint and share them with the rest of your team
  • Reduce the risk of losing your passwords
  • Reduce the risk of sharing your passwords with the wrong people by accident.

We recommend creating small databases storing a maximum of 5 accounts. By doing this you will contain the dangers and issues related to breached accounts and to the University network.

 

Creating your passwords databases and using your master keys

To start creating a password database and now more about using the master keys, please one of the following guidelines:

 

Step 4 - Sharing your KeePassXC files with your team

Uploading and storing your files to OneDrive

After creating your databases and master keys, we suggest uploading them to your OneDrive in a dedicated folder. By doing this you will be sure that your files will be always accessible and stored in a safe place.

If you need guidance on uploading the files from your local storage to OneDrive, please read the article “Uploading files or folders from your local storage to OneDrive”.

 

Sharing your KeePassXC files

Now that you have uploaded your files in OneDrive, you can give your team access to your folder.

If you need help, please read the SharePoint page OneDrive - How do I ...?  (section "How do I share files from my OneDrive?").

 

Keep your OneDrive sharing setting up-to-date

Remember to review and manage the users who have access to the file periodically

If you need further information, please read the article "How do I know which of my OneDrive files I have shared and with whom?".

 

Recommendations about sharing passwords with team members

One of the down-sides with KeePass is that anyone can take their own copy of the password database, so you should only share passwords in this way with team members you trust.

You should be prepared to change the passwords you are sharing when:

  • you no-longer need to share them with a team member, or 
  • a team member leaves.

---

Back to the top

 

Related content

OneDrive - How do I ...?

Cyber Security - Home

Was this article helpful?

If you have any further comments, please put them below.

Please note that feedback is anonymous - if you require a reply or assistance, please raise a ticket via ServiceLine.


Thank you for your feedback, it is much appreciated.

Back to List

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×