Tuesday, February 21, 2012

Keepass Setup Guide 4 Auto Hot Key Login - # BEWARE READ V #

BEWARE - The Malware spreaders who want to get your passwords so they can steal from you, don't like this thread because it's bad for their business. People keep posting links to sites of a risky nature. Therefore, I suggest that you avoid visiting any links that get posted later in this thread to avoid getting caught out by them. Links keep being posted by accounts, some of which are new, which could affect your security. You can see that some of the users near the end of this thread have been banned for doing so. So stay safe and stay away from the links. Wink 
======================================================= 

For the safest Keepass download (No Malware added) , get it directly from the homesite. Installers and Portable versions are available. File hashes are also available to check the File Integrity to insure no Malware is included.....If you download(ed) from a file host. The last thing you need is someone adding a password file stealer and keylogger for the password files password. 

Code:
http://keepass.info/download.html

File Hashes for V2 and V1 
Code:
http://keepass.info/integrity.html#v2
http://keepass.info/integrity.html#v1


I recommend that you use Keyscrambler Pro as a minimum with Keepass to protect your Master Password. The Keyscrambler installer should have a digital signature so verify that the one you download includes a digital signature before running it. Check it's file properties and ensure it is valid! I do have a working version 2.7.0.1 Premium which I use, it's not the latest but it does not require cracks or keygens which could be infected. 

Code:
http://www.megaupload.com/?d=X8HK5D3B

or

https://rapidshare.com/files/1647856711/KeyScrambler.Premium_2.7.1.0.rar


KeeFox 


    A new Firefox extension has been developed which allows automatic password saving and form filling when Keepass is used with Firefox. The extension is called KeeFox and is not/was not available on the Mozilla website when this guide was prepared. It does make saving and entering passwords a lot quicker and easier when used with Firefox. This guide can still be useful if other browsers or applications require passwords.

    Code:
    http://keefox.org/

It works with Keepass via a TCP localhost connection on port 12535 by default, this can be changed if necessary so make sure that your firewall allows connections on this port by Keepass. If it does not login and says that you need to start Keepass even when it is already running and logged in then there could be a connection problem. 

=========================================================== 

KeePass Password Safe 

NOTE: This forum does have a problem with passwords which are too long or use uncommon none alphanumeric characters. If you change your password to a very complex and long password you could find that you cannot login. I did experience this myself so I suggest that you be careful when changing your password on this forum, limit the password length to 20 characters to be safe and be careful when using special characters as they can prevent logins. In particular avoid High Ansi characters and be careful if using what Keepass calls "Special" Characters !, $, %, & or Brackets etc. 


Not all websites use unique browser window titles unfortunately which can be a problem as Keepass uses the window title to identify the correct window to send login information to. This can be overcome by using a Firefox extension called Hostname in Titlebar! 

You should use the Database backup plugin to make regular password database backups to other media (Flash) or hard drives. Hard drives can and do fail fairly regularly and sometimes with no warning so do not rely on a single Hard drive to store your password database! 

    Password and cookie theft is the major form of attack on Warez-bb and many other forums. So it is very important not to store your passwords in your browser and leave them unprotected! If password theft happens to you, you are likely to loose your Warez-bb account, Rapidshare/Megaupload accounts, files and points and you will have to spend a great deal of time changing passwords and recovering all your accounts, files and points. Also your Paypal account could have money charged to it, email accounts stolen, online game accounts stolen, personal information stolen which could have serious effects on your future and any other valuable accounts stored in your browser could also be stolen.


Note: Regularly changing your Warez-bb password is important as it will prevent your account from becoming used by hackers to spread infect files. Regularly searching for your posts will also indicate if your account has been used without your permission. If so please contact a Moderator and check your PC for infection! 

Using a secure password manager is advisable, the most secure of which is Keepass. Other password managers such as Roboform and Lastpass are also more secure than browser password storage but have lesser security than Keepass. Even setting a Browser master password offers some protection but is not as strong as a good Password manager. Lastpass stores the passwords on a webserver so is inherently less secure. Roboform is a commercial program and finding an uninfected program is risky when your passwords are concerned. Keepass is freeware and available from the Keepass website so there is no risk involved. There are two versions of Keepass, version 1.x and version 2.x. Version 2.x requires dotNet and has more features but is less portable than version 1.x. 

Keepass Security quoted from the Keepass website: 

  • Even if you would use all computers in the world to attack one database, decrypting it would take longer than the age of the universe. 
  • Even quantum computers won't help that much. The algorithms are symmetric so its complexity would be reduced a bit, anyway, the sun will go nova before you have decrypted the database.

Code:
http://keepass.info/features.html
http://keepass.info/help/base/security.html


A benefit to using Keepass is that it can store passwords and login information for more than just browsers, it can send passwords to just about any window that you set up such as Download managers, FTP clients and any other program or even as a secure reminder/note storage for important things such as your girlfriends/wives body measurements. Wink Laughing I am sure you can come up with things that you don't want anyone to know but need a record of Wink 

    What follows is a guide to setting up Keepass for automatic hotkey login to Warez-bb and customization with Warez-bb Logos. At first it may look complicated as this guide covers many things and aims to be a complete guide to setting up Keepass, if you Start to setup an entry yourself and refer to this guide when necessary you will find that setting up a new Password entry can be done very quickly once you know how to do it.

keepass search 
Image 

Setting up Keepass for automatic Login using Hotkey (Ctrl+Alt+A by default) 

To make a new Login entry follow these instructions and modify for any specific login requirements. These instructions are specific for warez-bb but with small modifications can be used for other websites. 

Add a new Entry and fill in your log in information. It is recommended that you include the sign up email address in the notes field and any other useful information such as when the password was last changed as in [1] You can have Keepass generate a strong password for you by clicking the button to the right of the repeat field marked [2]. You may also have Keepass automatically cause the password to expire by ticking the box marked [3] and select a predefined expiry date using the clock button marked [3]. When the password expires it will be moved to the recycle bin and the hot key login will no longer function which will indicate to you that the password needs changing. When this occurs move the entry back to it's original location from the recycle bin and change the password and enter a new expiry date. Keep a copy of the older password in the notes field before generating a new password and immediately change your password on Warez-bb so the two sets of passwords match! 

1_3 
Image 
The Button marked [4] allows the password entry icon to be changed and even a custom icon added. So how about using a Warez-bb Logo for your Username entry? If you save the image below you can use it for your Warez-bb Username as shown in the Window above. Wink 
Ware-bb shield 
[ Image] <--Warez-bb Shield, save the png image and use it in your Keepass Database. 


Next on the window shown below, select the Auto Type tab and ensure that [1] & [3] are selected and please note that [3] is VERY IMPORTANT as it attempts to combat clipboard logging by not copying the username and password as whole strings, for a complex password like ones generated by Keepass this will make it practically impossible to re-construct the password. In the line beside the Edit button copy and paste the line from the code box below. Clicking the Edit button [4] will allow editing the custom keystroke sequence and will show all possible entries. Those will not be covered here. 
Code:
^a{USERNAME}{TAB}^a{PASSWORD}{TAB 2} {TAB}{ENTER}


A new key sequence that has been introduced is {CLEARFIELD} but unfortunately it doesn't work well for some sites. Try it and if it doesn't work use ^a instead. 

Here is an alternative to the above which does a similar thing: 

Code:
{HOME}+{END}{UserName}{TAB}{DELAY 100}{HOME}+{END}{Password}{TAB 2} {TAB}{ENTER}

Note: The above contains a space after the {TAB 2} entry. Copy it rather than type it to make sure it is correct. Wink 

This will enter the username, deleting any text that is already there and it will then move on to the password field and do the same with the password. It will then move on to the hide my online presence and select that. If you want to change the check boxes then you should alter the space after the {TAB} entry which is what toggles the state of the check box. You would need to add another {TAB} and change the double tab {TAB 2} into a single tab {TAB} if you wanted to change either checkbox separately. Use the Space after the required {TAB} to toggle the desired checkbox. 

Note: If the default auto type sequence is altered by clicking on the database name in the left part of the window and then "edit group" is selected on the Edit menu, clicking the auto-type tab and finally entering ^a{Username}{Tab}^a{Password}{Enter}, then it will not be necessary to enter the sequence for sites which use only two fields which are fairly common. Instead "Inherit default auto-type sequence from group" can be selected which is the default setting for new entries. See the Edit Group window below. 
2_2 
Image 
5 
Image 

Keepass recognises the required window such as a browser window to send login details to by the Window title in the Window titlebar. So click the Add button [2] in the above window to set a window title where the login details will be sent to. 

On the window, as shown belowm that appears after clicking the Add button [2] as above, ensure that the radio button [1] is selected and then the drop menu [2] can be selected to see what windows you have open so that the browser which has the Warez-bb Login screen showing can be selected. It pays to make this entry as browser unspecific as possible so that you can use multiple browsers if required. This is just in case you ever need to use Internet Explorer, Opera or Chrome etc. So remove any browser names from the line and replace with an asterisk (wildcard). This field can also use regular expressions if you really want more advanced usage (see instructions on how to do this as it will not be covered here). 

Copying the line below into this field will do it providing the Login browser title has not changed since this guide was prepared. So using the drop down menu and editing it is the better option. The line below provides a reference on how it should look. 

The second line below is an example for people who are real dedicated Warez-bb users and Moderators who like using a separate browser for Warez-bb, see notes at the bottom of this post for details on how to do this. Note the Firefox #2 which is being added using Mr Techs Toolkit or can be done with smaller/lighter Firefox extensions such as Titlebar tweaks/Titlebar tweaker. 
Code:
*Log in :: Warez-BB.org*

Code:
*Log in :: Warez-BB.org*Firefox #2*

3 
Image 
Please note: If you find that it will not log in after setting up a new entry, it could be due to setting [1] used in the edit entry and edit auto-type item windows shown above. If these are not set correctly it can fail to login, typing the wrong text, in the wrong boxes. Just something to remember should it ever happen. Wink 

How to Log in: 

    When you are presented with a Login screen, click in the first Username field and then press the Keepass hotkey which by default is Ctrl+Alt+A (this can be changed in the options), then Keepass will enter the login details automatically.

There can be a small problem if the window/field is not selected before pressing the hotkey in Keepass where it appears that Windows has locked up. If this occurs, pressing Ctrl+Alt+Del will unlock Windows and allow the window to be selected before redoing the hotkey autotype. This is worth being aware of in case it occurs. A system reset is not necessary! 

The following window shows an entry on the Advanced tab which allows custom fields to be entered which can be used for more advanced logins. If you need such a login, then investigate the advanced tab and the Keepass documentation as it is beyond the scope of this article. 
4 
Image 

Remember to get the Database backup plugin as it will protect your Password database should a hard drive failure or system crash which could lose or corrupt your Password Database. Make Password Database backups to either other hard drives if you have them or flash media to ensure that your Password Database is safe. 

Please Note: More advanced options are available for protecting your password database such as linking it to your Windows user account or using a keyfile or combination of keyfile and password to improve the Database security if required. 

Code:
http://keepass.info/
http://keepass.info/download.html
http://keepass.info/plugins.html

Hostname in Titlebar, Mr Techs Toolkit & Titlebar Tweaks 
Code:
https://addons.mozilla.org/en-US/firefox/addon/9231
https://addons.mozilla.org/en-US/firefox/addon/421
https://addons.mozilla.org/en-US/firefox/addon/13373

Notes on using multiple Firefox profiles and having one profile for a specific purpose in Firefox, such as having a profile for Warez-bb usage/Moderation/other: 

To do this you should add a new desktop shortcut pointing to the Firefox browser named as you wish. It is possible to have different Firefox installations/versions such as Firefox v2.0.x/v3.0.x/v3.5/vx.x providing they use separate profiles and the profiles are named clearly so they do not get used with the wrong Firefox version. 

Select file properties of the shortcut and in the first box called Target move to the far right and after the quote (") add a space and then add the following text and click Apply and Ok. Then when you double click the icon you will be presented with the profile selection screen where you can Create/Rename/Delete or select profiles. If using more than one Firefox version you should name them so that you know which profile goes with which Firefox version as they will not be compatible! 

After creating a profile, Select it and click the Start Firefox button. You know have a separate profile to do with as you wish. You may make separate shortcuts and specify which profile each will load as in the last example below. 
Code: