Using the KeePassXC password manager you can:
Store many passwords in an encrypted database which is protected by a single passphrase of your choice.
Always use different and stronger passwords, since you only have to remember a single passphrase to unlock the entire database.
Generate very strong random passwords.
Generate one-time verification codes for two-factor authentication.
For more detailed instructions on how to use KeePassXC, refer to the official KeePassXC User Guide.
Creating and saving a password database
Follow these steps to create a new password database and save it in the Persistent Storage for use in future working sessions.
To learn how to create a Persistent Storage, read our documentation on the Persistent Storage.
When starting Tails, unlock the Persistent Storage.
In Tails, choose Apps ▸ Tails ▸ Persistent Storage.
Verify that the Persistent Folder feature is turned on.
To open KeePassXC, choose Apps ▸ Accessories ▸ KeePassXC.
To create a new database, select the Create Database button.
Continue with the defaults settings in the configuration screens General Database Information and Encryption Settings.
The database is encrypted and protected by a passphrase. In the configuration screen Database Credentials:
- Specify a passphrase of your choice in the Enter password text box.
- Type the same passphrase again in the Confirm password text box.
- Click Done.
Save the database as Passwords.kdbx in the Persistent folder.
Restoring and unlocking the password database
Follow these steps to unlock the password database saved in the Persistent Storage from a previous working session.
When starting Tails, unlock the Persistent Storage.
In Tails, choose Apps ▸ Accessories ▸ KeePassXC.
If you have a database named Passwords.kdbx in your Persistent folder, KeePassXC automatically displays a dialog to unlock that database.
Enter the passphrase for this database and click Unlock.
If you enter a wrong passphrase the following error message appears:
Error while reading the database: Invalid credentials were provided, please try again.
Storing your KeePassXC settings in the Persistent Storage
To store your KeePassXC settings in the Persistent Storage, in addition to the password database:
Turn on the Dotfiles feature of the Persistent Storage.
Choose Apps ▸ Accessories ▸ Files.
Select the Dotfiles folder in the sidebar.
Select the
button in the title bar and select the option Show Hidden Files.Create a folder named .config (notice the
.) in this Dotfiles folder.Create a subfolder named keepassxc in this .config folder.
Copy the file .config/keepassxc/keepassxc.ini from your Home folder to this keepassxc subfolder.
Restart Tails before changing more settings in KeePassXC.
Using KeePassXC as an authenticator app for two-factor authentication
Many websites offer two-factor authentication as a safer method than using just a password. For example, you can configure an authentication app, like Google Authenticator, to generate a one-time code of 6 digits when signing in to a website.
You can use KeePassXC to generate such one-time codes in Tails. The technology used to generate these codes is called time-based one-time password (TOTP).
To configure two-factor authentication for an entry in your KeePassXC database:
Click on the entry of your database for which you want to configure two-factor authentication.
Choose Entries ▸ TOTP ▸ Set up TOTP.
For more detailed instructions, see Adding TOTP to an Entry in the official KeePassXC User Guide.
After two-factor authentication is configured for an entry, choose Entries ▸ TOTP ▸ Show TOTP to generate a one-time code for this entry.