KeePass Password Safe

This page describes BCRA's password safe, where all our passwords are stored. (Date as footer. Previous file date 09-Apr-2020)

Click/Tap a link or scroll on down.

Overview

This facility is provided by KeePass. KeePass is a free open-source password manager, which helps you to manage your passwords in a secure way. You can store all your passwords in one database on your personal computer, which is locked with a master key. So you only have to remember one single master key to unlock the whole database. Database files are encrypted using the best and most secure encryption algorithms available.

As well as providing you with a secure database, KeePass allows you to synchronise your database with other users. So, for BCRA's use, we have a master database on our web server, which synchronises with everyone's local databases on their PC. If I wanted to change a password – say the password for BCRA's bank account – I would alter it in my local KeePass database and then I would synchronise that database with the master copy on the web site. Other users can then see the new password as soon as they have synchronised their own local database.

Use by BCRA and BCA

At the moment, the BCRA database is just a trial. It was created in 2020 as a test, but is not in use by BCRA officers. Instead, BCRA is still sharing BCA's KeepPass database, which is accessible by the BCA IT team comprising Simon Mullens and Angus Sawyer, and the BCRA team of Dave Cooke and David Gibson. There are both pros and cons to having a database solely for BCRA officers. At the time of writing, we have not separated the two databases, although (January 2025) there is a separate BCRA database for the new server.

There is no reason why individual BCRA officers should not use KeePass for their own personal passwords, in order to get a feel for how it works. You would just create your own private 'safe' in a *.kdbx file and store it on your PC or a memory stick. You could consider it to be an independent version of something like Google's password storage facility.

Installation and Initialisation

1. Go to https://keepass.info/, download the software, and install it on your computer.
2. Run the software.
3. Click on File / Open / Open URL
4. Enter the FTP access info you have been given, so that the application connects to the BCRA server and downloads the database.
5. You will be prompted for a password to open the database. Note that this is not the same as the password to access the server via FTP.
6. Click on File / Save As / Save to File to save a local copy of the database on your personal computer.
7. You can now run the KeePass application by double-clicking on the *.kdbx file on your computer.
8. You can also create a shortcut on your desktop (or wherever) to the *.kdbx file so that in the future you can open it quickly.

Using the Password Safe

1. Open the local *.kdbx file on your PC.
2. Browse the data to find what you are looking for. you can also add new entries.
3. If you want to make sure you have got the latest passwords you can select the option to synchronise your local copy with the master copy on the BCRA web server. ( File / Synchronise / Synchronise with URL).
4. If you change or add a password you must synchonise your local copy with the master copy on the BCRA web server. ( File / Synchronise / Synchronise with URL).

Advanced use: creating a new master password file

You can create your own personal database file and you can store a backup copy on a web server or cloud drive (e.g. Google Drive, One Drive), which you can share with others if you wish. Please do not store your personal data on the BCRA web server. You could accidentally over-write the wrong file.

1. Use the menu in the application to create a new database file (File / New) and store this on your PC
2. Optionally, you can now use File / Save As / Save to URLto upload a copy of the database to the BCRA server.
3. You can treat the server copy just as a back-up or, if you want to share the passwords, you need to share the database name and its password with your colleagues.
4. Once the file exists on the server of your choice you can use the application to synchronise to it, so that it tracks the changes you make to your local database.
5. Extreme Caution: do not accidentally overwrite the wrong data file on the server! This could occur if you get muddled over the database names or you are not familiar with the operations. It is a serious and potentially fatal mistake to make!

Accessing the Database

This is the list of information that you need to work with the BCRA password safe. For security this information is not on the BCRA web server. It is currently in the BCA password safe. (That is, you need to ask a member of the BCA IT team for this information).

1. URL of the instructions (this page): https://bcra.org.uk/keysafe_trial/
2. URL for FTP access: ********
3. FTP username: ********
4. FTP password: ********
5. Database password: ********
6. FTP user's root directory (FYI): ********

1-Feb-2025 There are currently three databases, each with a different block of info, set out like the above template. The databases are

1. The BCRA trial database, as described above. This does not contain up-to-date data.
2. A small database containing information relating to BCRA's new web server.
3. The original BCA database which, at the moment, contains BCRA's current data as well. At some point this info will be split off into (1) above.

Points to Remember

The BCRA Password Safe is currently a trial. The data it contains is out-of-date so do not use it. Current information about BCRA passwords in in the BCA [sic] password safe.

If a BCRA officer finds themselves in a position where day-to-day access to BCRA password data would be useful, it would be the time to split off our own active password safe – so please ask the IT team to do this.

Error Messages

KeePass produces some arcane error messages.

• Messages referring to the state of the object often mean that there are spaces at the beginning or end of the login data you have entered. This can happen if you mis-paste a password or URL.
• Messages referring to a disposed object might mean that there is a data corruption in the online master file. It will need to be restored using File / Save As / Save to URL or else 'manually' via FTP. After that, you must inform all the other users that they need to re-synchronise.