How to use long and secure passwords without typing a single character

If you are not a big fan of long, unique passwords or perhaps are reluctant ever type passwords again, this is for you. I will show you a method that lets you do exactly what the cybersecurity experts have been instructing us to do for years: use long non-dictionary passwords that include letters, numbers and other characters. And every single password must be unique. Surely everyone has followed this advice? Yes, this is possible with the right tool. And it is easy. Here is how to set it up.

Once your new password management tool is correctly set up, only these steps are required to sign in, for instance, to a messaging app, social media site, or cloud service:

1. When a log in window asks you to sign in, push three predefined keys down on the keyboard at the same time. On a tablet, you can do it with the on-screen keyboard. On a mobile phone, a prompt from a password manager app asks you to tap the screen for confirming the login.
2. Hit Enter key to accept that you really want to log in.

That’s it. After a couple of seconds, the magic has happened and you are in.

Install the password manager tool

For the password magic to happen I have been using a password manager application called Keepass. It is such a popular open source app that multiple variants have been created for PC operating systems and mobile devices. For quite some time, and in this article, I have used KeePassXC for Windows, KeePassDX for an Android phone, and KeePassXC for Linux. Apple products have their KeePasses as well, you can view the full list here.

Keepass and each of its variant is an open source app that runs locally on your PC or mobile device. This means that if you login to services and applications from multiple devices, each one of them should run the Keepass app, and have a fresh copy of the password database. If this is the case for you, you may want to plan how you copy the encrypted password file to each device where you run the app. Another strategy is to install the app on a USB memory stick for running it directly from the stick (without installing anything on a PC or phone).

Apps like Keepass are considered to be better protected from hacking attempts than password managers that run on the cloud. For instance, LastPass has been hacked twice, but to break into a local password database normally requires hands-on access to the device.

The installation steps for KeepassXC and KeepassDX:

1. Download and install the KeePassXC or KeePassDX app on your PC (see the links above) or mobile device (search your app store).
2. When you start the app for the first time, it will ask if you already have a password database. A simple migration function can import passwords from an old KeePass app or from a text file. If you don’t have a password database, create one.
3. Once you create a password database, it will be encrypted. You have to set a password so that you can open the database, and access your passwords. Without this master password to the database, no one, not even you, can see what is inside. Set a strong password, and if you write it down, save it in another place away from devices you use with KeePass. Later in this article I will show another method to do this, but let’s start with a strong password.

Create your automated log in system

To create the magic sign in system for the apps and services you want to access, reserve a little time for the job. The important thing is to tell to KeePass which password it must auto-type into which log in window.

For PCs and tablets (KeePassXC):

1. Start KeePass. Select Tools – Settings in the main menu.
2. Click Auto-Type tab at the top.
3. Select all three options: Use entry title, Use entry URL, and Always ask.
4. Select a key combination that is comfortable for your fingers in the Global Auto-Type shortcut. Whenever you hold these three keys down, KeePass wakes up, and searches for a match for the login window you have active on the screen.
5. Hit OK to save.

Next, you need to tell KeePassXC which username-password combination goes into which log in window.

1. Open your password database, and find an entry that you want to automate with Auto-Type.
2. Open the entry, and select Auto-Type in the left hand side column.
3. Make sure Enable Auto-Type is selected at the top.
4. Hit the Plus sign button at the bottom of the window.
5. Under the heading Window title type the first letters of the window that displays the log in for an app or service you want to open. You have to look at the top title bar of the browser.
6. After entering a few letters, KeePass should recognize the window (assuming it is open and waiting for input), and fill in the rest of the title.
7. Below the window title, check that the log in sequence matches the log in window. For instance, if the log in window expects the usual sequence of user name, password and Enter, you are done and can save the setting by clicking OK. You can modify the log in sequence by removing or moving items marked by { and } characters.

Try out how the automated login works:

1. Go to the log in window you want to access, and make sure the cursor, or input indicator, is in the first field that is expecting your input.
2. Hold down the three keys (first, hold down Shift, then Alt, then the 3rd key) you specified as your Global Auto-Type keys.
3. A confirmation window should appear. If it shows the correct login, hit Enter.

A detailed user guide for KeePassXC is available here.

For phones (KeePassDX):

1. Start KeePassDX app, and tap the cogwheel icon at the top.
2. Select Form Filling.
3. Select Device keyboard settings. Turn Magikeyboard (KeePassDX) on. Return to the previous screen (Form filling).
4. Select Magikeyboard settings. Ensure that Entry selection is turned on. Return to the previous screen.
5. Check that Set default autofill service is on.
6. Select Autofill settings. Turn on Manual selection.

Let’s try if it works.

1. Using a web browser on the phone, go to a page that requires login. Tap the empty field that asks for your username or email address.
2. KeePassDX displays a tiny prompt on the login window for you to confirm that you want to login. If this happens to be the first time for this particular service, you may have to select the correct entry from the list KeePassDX displays to you. Next time, the program knows which entry matches with this web page, and logs you in automatically.

For help on KeePassDX installation and configuration, this Wiki has more details.

One more thing: Make the Keepass master password easier to use, and more secure

Now, assuming that everything is correctly set up, your login passwords magically appear into the correct places on the screen and let you access services and apps without having to type a single password anymore. Excellent. In the beginning you set a strong password for the KeePass database, and it is the only password you have to type. If typing this password feels bothersome, there is one trick that makes it even more secure while allowing you to get away with a not so strong password (surely, a security expert will calculate the odds for relaxing from a strong password to a not so strong, but since this method requires two factors that are both correct, as a whole it is secure).

This method requires a file that you create (Key File), and a password you set. In practice, here is how to open your KeePass database once the Key File method is ready:

• Insert a USB memory stick into a USB port of your PC, tablet or phone. The stick includes the Key File.
• Type the master password for the KeePass database. Hit Enter. Your password vault opens. You may remove the USB stick.

Because the Key File must be accessible and the typed password has to be correct before KeePass opens the database, this is a secure method for accessing passwords. In other words, if you remove the USB stick from your device, no one can open your secret password database – not even if they would manage to get the password right. Simple and clever.

You can have as many USB memory sticks as you need for accessing KeePass on multiple devices. Copy the same Key File to each stick. For instance, I have two USB sticks, one for my PCs, and another (that I carry with me) for mobile devices.

How to set up the Key File access method on a PC:

1. Open the KeePassXC database with your password.
2. In the main menu at the top of the window, select Database – Database Security.
3. Push the large button that reads Add additional protection.
4. New section titled Key File opens up. Push Add Key File . Hit Generate button.
5. Now, you have to select a file that is used as a source for the encrypted Key File. Choose, for instance, an image file. If KeePass warns that thr file will be replaced, change the file extension to .key. Hit Save, and KeePass creates your secure Key File. Note where the Key File was saved.
6. You can and should copy the Key File to another location. It is a bad idea to store the Key File in the same place where the KeePass password database is. So, copy the Key File to a USB memory stick. Just in case, copy the Key File to another safe storage as well where you can always find it if something goes wrong.
7. This is optional, but if you want to change your password for KeePass now that you have extra security in Key File: select Database – Database security in the main menu. Push Change password button. Enter your new password.

From now on, insert the USB stick with Key File into your device and type your new KeePass password when you want your new automated system to fill in all login windows for you on your PC or mobile device.