OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category

powered by pmc2m


How I setup Keepass 

Article for: All Keepass users
Difficulty: Moderate
Importance: Useful as a reference for Keepass users

Here are some settings I change from the default to make Keepass easier to use and safer than the default settings. If I set you up with Keepass, then I did most of these. But, even if I set you up, if I didn't do it recently, then some of these are probably missing and could be added.

Database Settings:

Here are some ways to make Keepass even safer!

These are under File/Database settings. Then the Security tab.

I add more iterations. The default is 60,000, but I add another digit making it over 600,000. It makes it 10 times as hard to crack if you use a good passphrase. They have a one second delay so you can test it and see how many iterations would make 1 second. Don't add too many iterations particularly if you are going to use the database on a less powerful phone or tablet. You do not want a long delay there either.

I do not switch to ChaCha20 from AES, but probably should. I understand it is better. I also don't bother switching the Key derivation function to Argon2. Again, that could be a good idea, but I keep as much compatibility as possible. There are a lot of other Keepass compatible programs out there. Will my Android app work with those newer settings? I haven't checked.

I recommend a very strong master passphrase.


I remove the notes column because I show the notes below the column list. There is no need to show it twice.

This is under View/Configure Columns


This is under Tools/Options

Security Tab

It is important to determine how long to leave passwords in the clipboard and how quickly to lock the database.

I change the time to lock the workspace from Global inactivity. The idea is, how long after you quit using your computer, do you want Keepass to lock? This is different for different people in different settings. Someone in a home office would probably be safe with a longer one than someone in an office cubicle. Laptops are particularly vulnerable.

I suggest increasing the Clear the Clipboard time to 30 or 40 seconds. 12 seconds is too quick for older clients and unnecessary.

Interface tab: Main Window section

These options merely make Keepass easier to see. I select fonts that are bigger and easier to read, and a few other tweaks to make it easier to use.

  • I check the minimize when performing autotype box because after doing an autotype, I seldom need Keepass taking up desktop space.
  • At the bottom of the main window: Check Show full path and Disable save command (instead of graying it out) if the database isn't modified.

Interface Tab: Fonts

  • I increase the list font to 12 pt. Calibri Bold.
  • I use Liberation Sans Regular 14 font for passwords. It is easier to distinguish numerals from characters and read the characters on those rare occasions when that in necessary.

Integration Tab
I often find the record in Keepass first, then click the URL field to launch my browser to log in. Setting this Autotype selected entry up lets me use it to login with that username and password automatically.

I add: ctrl-Alt-Q for Autotype selected entry. This allows a direct autotype when launching a website from Keepass. Instead of Keepass trying to find the matching username and password, it simply uses the last one selected.

Advanced Tab
In the Start and Exit tab, I check the bottom two: Saving when closing and saving after modifying. These automate saving changes and also saving before exiting. This decreases the chance of losing something important. Keepass is saving history, so if you save something mistakenly, you can go back.

I prefer showing all the autotype menu commands. Why not?

Creating Auto-Password generation.
These make it quicker to have Keepass generate your random passwords.

I create two auto-password profiles. A 23 character letters only which I save as "23 chars no symbols" and a 32 character with symbols called "32 chars with symbols". Once each is set, I save with the appropriate name. Then I save the 32 characters with symbols again and pull down the list and choose "Automatically generated password for new entries."

I can go back and select the symbol-less one if the site refuses symbols.

I recommend three plugins.
1. Quick Unlock: I wrote an article on it here.

2. Enhanced Entry View: Apparently I haven't written an article on this! But it allows you to write notes in the note field without opening the record. It also shows the information in the note field in a larger font so it is easier to read. https://sourceforge.net/projects/kpenhentryview/

3. Autotype Search: by the same author as Enhanced Entry View. If a global auto-type is requested, but no matching entry for the active window is found, this plugin will show a quick as-you-type search window which lets you easily pick the entry to auto-type.
I Wrote an article here.

Date: May 2019

Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  Please direct questions/suggestions about website to the webmaster