Navigation

Follow me:

No-hassle driver updates

www.winhelp.us

A little help for home users
in the fuzzy world of Windows

Recover data from unbootable drives
Free protection from viruses
Free cloud backup

You are here: General Security » Password Safe

Content

Tip: keyboard shortcut Ctrl+F searches in the page contents

Password Safe

In this tutorial: How to use Password Safe for storing and auto-filling user names and passwords securely in Windows XP, Windows Vista or Windows 7

Last modified: 2011-12-22 16:28:31 EET

In current high-speed digital world every person has about gazillion accounts - online banks, personal and work e-mails, work computer, several web site accounts, etc. Add mobile phone and credit/debit card PIN-s, door access codes at workplace, maybe security code for home surveillance system, etc.

Phew! How are people supposed to remember all these passes? Using the same password for each account? Using the same PIN code? No, you should never use such approach!
Suppose your Facebook account gets hacked and you have that same name and password for all other accounts. Cybercriminals would now randomly test your username/password combination in Twitter, LinkedIn, Google, Yahoo, Amazon, iTunes etc and they would break into each account you have. This can easily turn into credit card frauds and identity thefts!

And then think about the safe password policies that suggest changing passwords at least twice a year. Or that using web browsers' features that remember user names and passphrases is a really-really bad idea, because any virus is able to steal the stored credentials within seconds.

The very best strategy would be creating different and strong passwords for each account needed. While this makes breaking in difficult for cybercrooks, it also makes it hard for you to remember all those passwords. See guidelines in this article about creating strong passwords.

This is where you can use a password manager program - Password Safe in this example. When using Password Safe, you basically need to remember only two passwords - your Windows logon password and password for Password Safe database. Never use the same passphrase for both!

Password Safe keeps all your user names and passwords in an encrypted file that can be accessed only by using the correct password. It can even fill in your user name and password in web pages you visit and keep password history.

Downloading and installing Password Safe

Open Password Safe download page and click the Download pwsafe-<version number>.exe link.
Password Safe download page. Click the Download pwsafe link..

Please note that Password Safe setup file does not have a digital signature and this can cause some security warnings in Internet Explorer. In some cases, Internet Explorer 9 SmartScreen Filter might pop up a warning stating that the setup file is not commonly downloaded and could harm your computer. This happens because the setup file has not been digitally signed and the program has been recently updated.

Click Actions.
Internet Explorer 9, Notification Bar warning that the file is not commonly downloaded. Click Actions.

In the SmartScreen Filter dialog stating "This program might harm your computer", click More Options.
Internet Explorer 9, SmartScreen Filter, This program might harm your computer. Click More Options.

Now click Run anyway.
Internet Explorer 9, SmartScreen Filter, This program might harm your computer, More Options. Click Run anyway.

Windows Vista and 7 will pop up a User Account Control Warning about Password Safe being unidentified (again, this is because of the lack of digital signature). Click Allow or Yes.
Windows Vista, User Account Control warning about Password Safe. Click Allow.

Password Safe setup starts. Click OK to accept English for the setup language.
Password Safe setup - Installation Language. Click OK to accept English.

License Agreement page opens, click I Agree here.
Password Safe setup - License Agreement. Click I Agree.

Click Next to accept Regular installation.
Password Safe setup - Choose Installation Type. Click Next to accept Regular installation type.

In Choose Components page, scroll down, deselect Install desktop shortcut and click Next. As Password Safe starts automatically, we do not need to overcrowd our Desktops with unnecessary icons.
Password Safe setup - Choose Components. Deselect Install desktop shortcut. Then click Next.

As default destination folder is fine, click Install.
Password Safe setup - Choose Install Location. Click Install.

Password Safe will then be installed. Click Close after setup is complete ("Completed" is displayed above progress bar).
Password Safe setup - Installation Complete. Click Close.

Starting Password Safe for the first time - creating a new database and setting options

Password Safe does not start automatically after setup is complete - it starts automatically only after you restart your computer.
In Windows XP, open Start menu by pressing Ctrl+Esc keys on your keyboard or by clicking the green Start button. Open All Programs, Password Safe and click Password Safe.
Windows XP, Password Safe. To open Password Safe, open Start menu, open All Programs, Password Safe and click Password Safe.

In Windows Vista or 7, open Start menu by pressing Windows Key and type "password" into Search box. Then click Password Safe.
Windows 7, Start menu. To start Password Safe, type "password" into Search box and click Password Safe.

First you need to create a password database. Click the New Database button to do that.
Password Safe, Safe Combination Entry. To create a new password database, click New Database.

Password Safe creates a folder named My Safes in your My Documents/Documents folder and gives your first database a name - pwsafe. You can still change the folder and file name, if you want to.
As defaults are fine, click Save.
$Windows XP, Password Safe, Please choose a name for the new database. Click Save to create a password database in your My Documents\My Safes folder.$

$Windows Vista, Password Safe, Please choose a name for the new database. Click Save to create a password database in your Documents\My Safes folder.$

Next, you'll need to assign a password for the new password database. Make it strong and remember it well - if you forget the password, you will have no access to the database! Do not use the same password as your Windows logon password here! Read this article to see guidelines for strong, but memorable passwords.

Type the new password in Safe Combination and Verify fields and click OK.
Please note that in the picture below, the password is deliberately too short and will cause a warning!
Password Safe - Safe Combination Setup. Type a password for the password database file in Safe Combination and Verify fields. Then click OK.

In case you typed in a weak password (too short, no mixed-case characters, numbers) or punctuation characters), Password Safe will inform you of this. Click No and type a better password - at least 8 characters long, using numbers, punctuation characters and mixed-case letters.
Password Safe. If you enter a weak password for the new password database, Password Safe will warn you of this. Click No and enter a password at least 8 characters long, using numbers, punctuation marks and mixed-case letters.

A blank password database will be created.

Now it is time to set Password Safe options using keyboard shortcut Ctrl+M or opening Manage menu and clicking Options.
Password Safe. To change options, open Manage menu and click Options.

Click the Misc tab.
First, select Autotype from the Double-click action combo box. The default action for double-clicking an entry is copying password to Windows clipboard, but as clipboard contents are often monitored by password-stealing trojans, there is no sense in using the feature. Besides, Autotype is a very convenient feature in Password Safe.
Password Safe, Options, Misc tab. Select Autotype for Double-click action.

Next, clear the Query user to set default username check box. This will prevent pop-ups asking whether you want to set the entered user name as a default.
Password Safe, Options, Misc tab. Clear the Query user to set default username check box.

Move on to the Password History tab. Click to turn on the Save ... previous passwords per entry feature. The default number, 3, is fine.
In case you have used Password Safe before and opened your previously created file, select the Start saving previous passwords option from the Manage password history of current entries section to enable the feature for older entries, too.
Password Safe, Options, Password History tab. Enable the Save 3 previous passwords per entry feature.

Open Password Policy tab. Click to activate the Generate Pronounceable passwords option. Other settings for random password generation are fine.
Generating random passwords comes handy when your mind is blank and you need to create a strong passphrase. Password Safe can do this for you, and auto-fill your user name and password the next time you need to log on to the account.
Password Safe, Options, Password Policy tab. Activate the Generate Pronouncable passwords check box.

Click to open Security tab. Clear the 'Browse to URL' copies password to clipboard check box. Again, this will protect your credentials from password-stealing malware.
If you need to lock your password databases quickly, activate the Lock password database on minimize option. This also means that the database will be automatically locked after using the Autotype feature.
All other options are fine by default.
Password Safe, Options, Security tab. Clear the Browse to URL copies password to clipboard check box.

That's it for the options part, click OK to accept changes.

Creating groups and entries for user names and passwords

I always recommend having different groups in password database to make finding necessary items easier. For example, create separate groups for bank accounts, mobile phone PIN and PUK-codes, e-mail accounts and other accounts.

To add a group, right-click an empty space and select Add Group from the menu.
Type a name for the group and press Enter key.
Password Safe. To create a group in password database, right-click an empty space and click Add Group.

To add a user name and password in a group, click the group name and use keyboard shortcut Ctrl+A or right-click the group name and click Add Entry...:
Password Safe. To create a user name and password in a group, right-click the group name and click Add Entry.

Type a description in Title field ("Yahoo! mail", for example). Then fill in Username, Password and Confirm Password fields.
Note that the passwords are not displayed for safety reasons - dots or asterisks appear in place of characters. If you want to see the password, click Show button - this will disable Confirm Password field.
While creating a new account, Generate button might be helpful for suggesting a random and secure password. You do not need to remember all the passwords anymore, just use Password Safe's autotype feature from now on!
If you are creating an entry for some online service, type in or paste its address in URL field. This allows using the Browse to URL + Autotype feature (described later). Just remember to type in the address for login page, not just any page.
Click OK to add the entry.
Password Safe - Add Entry. Fill in Title, Username, Password and Confirm Password fields. If you are creating an entry for online account, you can also type in the service's address in URL field. Click OK to add the entry.

Now create other groups and entries. If you accidentally put an entry to a wrong group, you can either drag the entry to the correct group using your mouse, or open the entry and change its group in the Group field.

To change an entry, right-click it and select Edit/View Entry... from the menu.
Password Safe. To change an entry, right-click it and click Edit/View Entry.

To see previously used passwords for an entry, open Additional tab and check the Password History section. Please note that all passwords are displayed as plain text here, so make sure no one is looking over your shoulder!
Password Safe, entry, Additional tab. Previous passwords are shown in Password History section.

All changes are automatically saved after clicking OK.

To close a database, use keyboard shortcut Ctrl+F4 or open File menu and select Close.
Password Safe. To close a database, open File menu and click Close.

Using Password Safe securely

Password Safe automatically locks its open database if it has not been used for 5 minutes or when you lock your computer (using keyboard shortcut Windows Key+L). This keeps people from seeing your credentials and you can safely keep a Password Safe file open and locked.

When Password Safe starts, it will not open any database and its icon will be black in Taskbar Notification area.

To open a database, right-click on the black icon and select Restore.
Password Safe. To open a database, first right-click on the black Password Safe icon in Taskbar Notification area. Then click Restore.

Password Safe window opens, click File menu and select your password file from Recent Safe List.
Password Safe. To open a database, click File menu and select your database file from Recent Safe List.

Type your Safe Combination (password) and click OK.
Password Safe - Enter Safe Combination. To open a database, type in your Safe Combination (password) and click OK.

When you minimize Password Safe window or use Autotype features, Password Safe icon in Taskbar Notification area will turn red - this means that a password safe file is open, but not locked (anyone can access its contents without entering a password first).
Windows 7, Password Safe. When a password safe is open, but not locked, Password Safe icon will turn red in Taskbar Notification Area.

To lock the open database file, right-click on the icon and select Lock Safe.
Password Safe - Lock Safe. To lock an open Password Safe file, right-click on red Password Safe icon in Taskbar Notification area and select Lock Safe.

When Password Safe is minimized and open password database is locked, Password Safe icon will turn green in Taskbar Notification area.
Windows 7, Password Safe. When Password Safe windows is minimized and its open database is locked, Password Safe icon will turn green in Taskbar Notification area.

Using Browse to URL and Autotype features in Password Safe

To use Browse to URL + Autotype for online accounts, you will need to specify an address to a page that asks for login details - user name and password fields. This also includes the pages that open pop-up dialogs for logging in.
Please note that the web page must automatically activate the user name field for this feature to work correctly! If not, you can still open the page using the Browse to URL feature, without automatically filling the login details.

For example, to use Autotype feature for accessing Yahoo! Mail account, copy and paste https://login.yahoo.com/config/login_verify2?&.src=ym in the URL field. This is the page where Yahoo! asks for your login details.

If a page opens a pop-up dialog for user name and password, use the URL that opens that dialog. To do that, right-click on the link and click Copy Shortcut. Then return to Password Safe, click inside the URL field to activate it and then press Ctrl+V on your keyboard to paste the copied link.

The Browse to URL + Autotype feature in Password Safe opens the specified web page (URL) for you, then after a few seconds automatically types in your user name and password and "presses" Enter key to submit the login details.
To do that, right-click on an entry in Password Safe and click Browse to URL + Autotype.
Password Safe - Browse to URL + Autotype. To automatically open a web page and enter login details, right-click on an entry and click Browse to URL + Autotype.

If there is no separate login page available or the page does not activate the user name field automatically, use the Autotype feature.
Open a login page in your web browser and activate user name field (not any other field!). Then return to Password Safe and double-click the entry (in case you selected the Autotype option in the Misc tab of Password Safe options).
Or you can right-click the correct entry and select Perform Auto Type. You can also use keyboard shortcut Ctrl+T for this, just remember to click on the correct entry first.
Password Safe - Perform Auto Type. To automatically enter login details for an active webpage, right-click on an entry and click Perform Auto Type.

This will re-activate your browser window, enter both user name and password and press Enter key for you. That's it - you're in!

Changing password (combination) for the Password Safe file

In case you need to change your Password Safe file password, open that file, click Manage menu and select Change Safe Combination... command.
Password Safe - Change Safe Combination. To change password of your Password Safe file, open Manage menu and click Change Safe Combination.

In Change Safe Combination dialog, enter your current password in Old Safe Combination field and type a new password in New Safe Combination and Confirmation fields. Click OK to change password.
Password Safe - Change Safe Combination. Type your current password in Old Safe Combination field and type a new password in New Safe Combination and Confirmation fields. Click OK to change Password Safe password (combination).