Password manager
This is a short guide for safely storing and (optionally) synchronising your passwords across your devices using KeePassXC (free, open source, cross-platform) and your Polybox account for synchronisation.
Why use a password manager?
- Every service should have a unique, strong password — you cannot remember dozens of them, so let software do it.
- You only have to remember one strong master password.
- Auto-fill in the browser is faster and safer than typing.
- You keep an encrypted backup of all your credentials.
Why KeePassXC?
- Open source and runs natively on Linux, macOS, and Windows.
- Your passwords are stored in a single encrypted file (
.kdbx) that you fully control — no third-party cloud, no subscription. - Compatible clients exist for Android (KeePassDX) and iOS (KeePassium, Strongbox).
Install KeePassXC
On our Linux devices KeePassXC is preinstalled and on our macOS devices it can be installed via the ETH Self Service App if it is not already present.
For self managed systems (BYOD, personal laptops) KeePassXC kann be installed as follows:
| Platform | Install command / source |
|---|---|
| Linux | sudo dnf install keepassxc / sudo apt install keepassxcor see other options here: https://keepassxc.org/download/#linux |
| macOS | Download the installer from https://keepassxc.org/download/#macos |
| Windows | Download the installer from https://keepassxc.org/download/#windows |
Always download from the official site or your distribution’s repository.
Install the Polybox sync client (optional)
If you have not already done so, install the Polybox desktop client and log in with your ETH credentials:
- Download: https://polybox.ethz.ch
- Make sure your local Polybox folder syncs correctly (default path is
~/Polybox).
Create your password database
- Open KeePassXC → Database → New Database…
- Give it a name, e.g.
passwords. - Keep the default encryption settings (AES-256, Argon2id). Increase the Decryption Time slider to ~1 second for better resistance against brute-force attacks.
- Set a strong master password:
- At least 4 random words or 16+ random characters.
- Must be unique — never reuse it anywhere else.
- Write it down once and store the paper somewhere physically safe (e.g. at home). If you lose the master password, the data is gone.
- Save the database file inside your Polybox folder, e.g.
~/Polybox/keepassxc/passwords.kdbx.
Synchronise across devices (optional)
Polybox will sync the .kdbx file automatically. On every other device:
- Install KeePassXC and the Polybox client.
- Wait until
passwords.kdbxis synced. - Open it from your local Polybox folder.
- If you use a key file, copy it manually to each device (e.g. via USB stick) — never via Polybox or email.
⚠️ Avoid sync conflicts
Only have the database open for writing on one device at a time. If you edit the database simultaneously on two machines, Polybox will create a conflict copy. KeePassXC offers a Merge Database function (Database → Merge from database…) if this happens.
Mobile access (optional)
- Android: KeePassDX (F-Droid) or KeePass2Android.
- iOS: Strongbox or KeePassium.
Open the .kdbx file through the Polybox app.
Browser integration (optional)
Install the KeePassXC-Browser extension for Firefox, Chrome, or Edge and enable Browser Integration in KeePassXC’s settings (Tools → Settings → Browser Integration). Auto-fill works only while KeePassXC is unlocked.
Recommended practices
- Use the built-in password generator (
Ctrl+G) for every new account: 20+ characters, mixed types. - Lock the database automatically after inactivity (Settings → Security → Lock databases after inactivity).
- Never share the master password — not even with IT support. Legitimate support staff will never ask for it.
Posted on
in Password
