{"id":1957,"date":"2026-05-13T08:36:54","date_gmt":"2026-05-13T06:36:54","guid":{"rendered":"https:\/\/blogs.ethz.ch\/isgdmath\/?p=1957"},"modified":"2026-05-13T14:53:36","modified_gmt":"2026-05-13T12:53:36","slug":"password-manager","status":"publish","type":"post","link":"https:\/\/blogs.ethz.ch\/isgdmath\/password-manager\/","title":{"rendered":"Password manager"},"content":{"rendered":"\n<p>This is a short guide for safely storing and (optionally) synchronising your passwords across your devices using <strong>KeePassXC<\/strong> (free, open source, cross-platform) and your <strong>Polybox<\/strong> account for synchronisation.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why use a password manager?<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Every service should have a <strong>unique, strong password<\/strong> \u2014 you cannot remember dozens of them, so let software do it.<\/li>\n\n\n\n<li>You only have to remember <strong>one strong master password<\/strong>.<\/li>\n\n\n\n<li>Auto-fill in the browser is faster <em>and<\/em> safer than typing.<\/li>\n\n\n\n<li>You keep an encrypted backup of all your credentials.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Why KeePassXC?<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Open source and runs natively on Linux, macOS, and Windows.<\/li>\n\n\n\n<li>Your passwords are stored in a <strong>single encrypted file<\/strong> (<code>.kdbx<\/code>) that you fully control \u2014 no third-party cloud, no subscription.<\/li>\n\n\n\n<li>Compatible clients exist for <strong>Android<\/strong> (KeePassDX) and <strong>iOS<\/strong> (KeePassium, Strongbox).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Install KeePassXC<\/h2>\n\n\n\n<p>On our <strong>Linux<\/strong> devices KeePassXC is preinstalled and on our <strong>macOS<\/strong> devices it can be installed via the ETH Self Service App if it is not already present.<\/p>\n\n\n\n<p>For <strong>self managed systems<\/strong> (BYOD, personal laptops) KeePassXC kann be installed as follows:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Platform<\/th><th>Install command \/ source<\/th><\/tr><\/thead><tbody><tr><td>Linux<\/td><td><code>sudo dnf install keepassxc<\/code> \/ <code>sudo apt install keepassxc<\/code><br>or see other options here: <a href=\"https:\/\/keepassxc.org\/download\/#linux\">https:\/\/keepassxc.org\/download\/#linux<\/a><\/td><\/tr><tr><td>macOS<\/td><td>Download the installer from <a href=\"https:\/\/keepassxc.org\/download\/#macos\">https:\/\/keepassxc.org\/download\/#macos<\/a><\/td><\/tr><tr><td>Windows<\/td><td>Download the installer from <a href=\"https:\/\/keepassxc.org\/download\/#windows\">https:\/\/keepassxc.org\/download\/#windows<\/a><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Always download from the official site or your distribution&#8217;s repository.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Install the Polybox sync client (optional)<\/h2>\n\n\n\n<p>If you have not already done so, install the Polybox desktop client and log in with your ETH credentials:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Download: <a href=\"https:\/\/polybox.ethz.ch\/\">https:\/\/polybox.ethz.ch<\/a><\/li>\n\n\n\n<li>Make sure your local Polybox folder syncs correctly (default path is <code>~\/Polybox<\/code>).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Create your password database<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Open <strong>KeePassXC<\/strong> \u2192 <em>Database<\/em> \u2192 <em>New Database\u2026<\/em><\/li>\n\n\n\n<li>Give it a name, e.g. <code>passwords<\/code>.<\/li>\n\n\n\n<li>Keep the <strong>default encryption settings<\/strong> (AES-256, Argon2id). Increase the <em>Decryption Time<\/em> slider to ~1 second for better resistance against brute-force attacks.<\/li>\n\n\n\n<li>Set a <strong>strong master password<\/strong>:\n<ul class=\"wp-block-list\">\n<li>At least 4 random words <em>or<\/em> 16+ random characters.<\/li>\n\n\n\n<li>Must be unique \u2014 never reuse it anywhere else.<\/li>\n\n\n\n<li>Write it down once and store the paper somewhere physically safe (e.g. at home). If you lose the master password, <strong>the data is gone.<\/strong><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Save the database file inside your Polybox folder, e.g. <code>~\/Polybox\/keepassxc\/passwords.kdbx<\/code>.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Synchronise across devices (optional)<\/h2>\n\n\n\n<p>Polybox will sync the <code>.kdbx<\/code> file automatically. On every other device:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Install KeePassXC and the Polybox client.<\/li>\n\n\n\n<li>Wait until <code>passwords.kdbx<\/code> is synced.<\/li>\n\n\n\n<li>Open it from your local Polybox folder.<\/li>\n\n\n\n<li>If you use a key file, copy it manually to each device (e.g. via USB stick) \u2014 never via Polybox or email.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">&#x26a0;&#xfe0f; Avoid sync conflicts<\/h3>\n\n\n\n<p>Only have the database <strong>open for writing on one device at a time<\/strong>. If you edit the database simultaneously on two machines, Polybox will create a conflict copy. KeePassXC offers a <em>Merge Database<\/em> function (<em>Database \u2192 Merge from database\u2026<\/em>) if this happens.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Mobile access (optional)<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Android:<\/strong> <a href=\"https:\/\/f-droid.org\/packages\/com.kunzisoft.keepass.libre\/\">KeePassDX<\/a> (F-Droid) or KeePass2Android.<\/li>\n\n\n\n<li><strong>iOS:<\/strong> <a href=\"https:\/\/strongboxsafe.com\/\">Strongbox<\/a> or <a href=\"https:\/\/keepassium.com\/\">KeePassium<\/a>.<\/li>\n<\/ul>\n\n\n\n<p>Open the <code>.kdbx<\/code> file through the Polybox app.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Browser integration (optional)<\/h2>\n\n\n\n<p>Install the <strong>KeePassXC-Browser<\/strong> extension for Firefox, Chrome, or Edge and enable <em>Browser Integration<\/em> in KeePassXC&#8217;s settings (<em>Tools \u2192 Settings \u2192 Browser Integration<\/em>). Auto-fill works only while KeePassXC is unlocked.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Recommended practices<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Use the built-in password generator<\/strong> (<code>Ctrl+G<\/code>) for every new account: 20+ characters, mixed types.<\/li>\n\n\n\n<li><strong>Lock the database automatically<\/strong> after inactivity (<em>Settings \u2192 Security \u2192 Lock databases after inactivity<\/em>).<\/li>\n\n\n\n<li>Never share the master password \u2014 not even with IT support. Legitimate support staff will never ask for it.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>This is a short guide for safely storing and (optionally) synchronising your passwords across your devices using KeePassXC (free, open source, cross-platform) and your Polybox account for synchronisation. Why use a password manager? Why KeePassXC? Install KeePassXC On our Linux devices KeePassXC is preinstalled and on our macOS devices it can be installed via the [&hellip;]<\/p>\n","protected":false},"author":43853,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1365],"tags":[],"class_list":["post-1957","post","type-post","status-publish","format-standard","hentry","category-password"],"_links":{"self":[{"href":"https:\/\/blogs.ethz.ch\/isgdmath\/wp-json\/wp\/v2\/posts\/1957","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.ethz.ch\/isgdmath\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.ethz.ch\/isgdmath\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.ethz.ch\/isgdmath\/wp-json\/wp\/v2\/users\/43853"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.ethz.ch\/isgdmath\/wp-json\/wp\/v2\/comments?post=1957"}],"version-history":[{"count":4,"href":"https:\/\/blogs.ethz.ch\/isgdmath\/wp-json\/wp\/v2\/posts\/1957\/revisions"}],"predecessor-version":[{"id":1981,"href":"https:\/\/blogs.ethz.ch\/isgdmath\/wp-json\/wp\/v2\/posts\/1957\/revisions\/1981"}],"wp:attachment":[{"href":"https:\/\/blogs.ethz.ch\/isgdmath\/wp-json\/wp\/v2\/media?parent=1957"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.ethz.ch\/isgdmath\/wp-json\/wp\/v2\/categories?post=1957"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.ethz.ch\/isgdmath\/wp-json\/wp\/v2\/tags?post=1957"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}