TESTING: Running at mail.bcra.org.uk. Display_errors set to ON. Body width reported as 000. Switch to: bcra.org.uk | localhost . View Error logs | Site Info

KeePass Password Safe

This page describes BCRA's password safe, where all our passwords are stored. (Date as footer. Previous file date 09-Apr-2020)

Click/Tap a link or scroll on down.

Overview

This facility is provided by KeePass. KeePass is a free open-source password manager, which helps you to manage your passwords in a secure way. You can store all your passwords in one database on your personal computer, which is locked with a master key. So you only have to remember one single master key to unlock the whole database. Database files are encrypted using the best and most secure encryption algorithms available.

As well as providing you with a secure database, KeePass allows you to synchronise your database with other users. So, for BCRA's use, we have a master database on our web server, which synchronises with everyone's local databases on their PC. If I wanted to change a password – say the password for BCRA's bank account – I would alter it in my local KeePass database and then I would synchronise that database with the master copy on the web site. Other users can then see the new password as soon as they have synchronised their own local database.

Use by BCRA and BCA

At the moment, the BCRA database is just a trial. It was created in 2020 as a test, but is not in use by BCRA officers. Instead, BCRA is still sharing BCA's KeepPass database, which is accessible by the BCA IT team comprising Simon Mullens and Angus Sawyer, and the BCRA team of Dave Cooke and David Gibson. There are both pros and cons to having a database solely for BCRA officers and, at the time of writing, a purely BCRA-orientated database is not in use.

There is nothing to prevent individual BCRA officers from using KeePass for their own personal passwords, in order to get a feel for how it works. You could consider it to be an independent version of something like Google's password storage facility, and something easily sharable with a group of people.

Installation and Initialisation

  1. Go to https://keepass.info/, download the software, and install it on your computer.
  2. Run the software.
  3. Click on File / Open / Open URL
  4. Enter the FTP access info you have been given, so that the application connects to the BCRA server and downloads the database.
  5. You will be prompted for a password to open the database. Note that this is not the same as the password to access the server via FTP.
  6. Click on File / Save As / Save to File to save a local copy of the database on your personal computer.
  7. You can now run the KeePass application by double-clicking on the *.kdbx file on your computer.
  8. You can also create a shortcut on your desktop (or wherever) to the *.kdbx file so that in the future you can open it quickly.

Using the Password Safe

  1. Open the local *.kdbx file on your PC.
  2. Browse the passwords
  3. If you want to make sure you have got the latest passwords you can select the option to synchronise your local copy with the master copy on the BCRA web server. ( File / Synchronise / Synchronise with URL).
  4. If you change or add a password you must synchonise your local copy with the master copy on the BCRA web server. ( File / Synchronise / Synchronise with URL).

Advanced use: creating a new master password file

You can create your own personal database file and you can store a backup copy on a web server or cloud drive (e.g. Google Drive, One Drive), which you can share with others if you wish. Please do not store your personal data on the BCRA web server. You could accidentally over-write the wrong file.

  1. Use the menu in the application to create a new database file (File / New) and store this on your PC
  2. Optionally, you can now use File / Save As / Save to URLto upload a copy of the database to the BCRA server.
  3. You can treat the server copy just as a back-up or, if you want to share the passwords, you need to share the database name and its password with your colleagues.
  4. Once the file exists on the server of your choice you can use the application to synchronise to it, so that it tracks the changes you make to your local database.
  5. Extreme Caution: do not accidentally overwrite the wrong data file on the server! This could occur if you get muddled over the database names or you are not familiar with the operations. It is a serious and potentially fatal mistake to make!

Accessing the Database

This is the list of information that you need to work with the BCRA password safe. For security this information is not on the BCRA web server. It is currently in the BCA password safe. (That is, you need to ask a member of the BCA IT team for this information).

  1. URL of the instructions (this page): https://bcra.org.uk/keysafe_trial/
  2. URL for FTP access: ********
  3. FTP username: ********
  4. FTP password: ********
  5. Database password: ********
  6. (For info only) FTP user's root directory: ********

Points to Remember

The BCRA Password Safe is currently a trial. The data it contains is out-of-date so do not use it. Current information about BCRA passwords in in the BCA [sic] password safe.

If a BCRA officer finds themselves in a position where day-to-day access to BCRA password data would be useful, it would be the time to split off our own active password safe – so please ask the IT team to do this.

Error Messages

KeePass produces some arcane error messages.


British Cave Research Association (UK registered charity 267828). Registered Office: Old Methodist Chapel, Great Hucklow, BUXTON, SK17 8RG
Access keys: ALT + 0 Top   1 Home Page   2 Summary Information   3 Publications,   4 Contact Us   7 Accessibility, Copyright & Policy Info

This page, http://mail.bcra.org.uk/keysafe_trial/index.html was last modified on Sun, 19 May 2024 14:21:53 +0100