Creating and Opening a Safe

Password Safe allows users to store all passwords in a single "safe" (password database), or to create multiple databases for different purposes (e.g., one for work, one for personal use). Each database is independent and can be moved and used on different systems, as long as the same version of Password Safe is installed. Databases are encrypted with an encryption key derived from the master password (the master password, however, is not kept in the database in any form).

If you are using Password Safe for the first time, press the "New..." button. You will be asked to choose the name and location of your password database (the default, "pwsafe.psafe3", is fine). Afterwards, you will be prompted to enter a master password that is used to encrypt and lock the contents of your new safe.

Before You Begin

Password Safe works very hard to make sure you password information is saved properly. However, Password Safe cannot protect against physical damage or loss to your hard disk, laptop or PC. Therefore, we strongly recommend that you make regular copies of your password database 'off-line', that is, to another PC or disk. This can be done manually, or by using a cloud storage service such as DropBox, SugarSync or JungleDisk, to name a few.

Another thing you might want to consider is arranging for access to your password database by relatives or co-workers if you are no longer able to do so. Password Safe has no 'back door' or 'recovery password' mechanism by design. This means that you are responsible for making the master key available to others under the appropriate circumstances. This can be as simple as a sealed envelope in a drawer or safe-deposit box, or a more elaborate mechanism such as splitting the master password and giving different parts to different parties.

Create a New Database

There are two ways that a new database can be created. By clicking New... from the Master Password Entry dialog when the program is started, or from the "File ? New..." menu once Password Safe has been opened. Using either method causes the Master Password Set Up dialog to appear.

Note: By default, Password Safe will show the database last used, and displays a master password prompt for it. If you use several databases, drop-down list. Alternately, you can type in the path to the database to open, or select it from a File dialog box by pressing on the ellipsis ("...") button. Once a database is open, you can change to another via the Open... command from the File Menu.

Initial window

new master password prompt

On checking the "Show Master Password" box, the contents of old and new master passwords will be visible in clear and the confirmation edit box is disabled as no longer necessary.

Using YubiKey with PasswordSafe

Password Safe can work with a YubiKey device to provide "two factor authentication", that is, protecting your database by both something you know (your master passphrase), and something you have (the YubiKey device). If you do not have a YubiKey device, then the YubiKey-specific buttons and texts will not be displayed by Password Safe, and the YubiKey-specific instructions below do not apply.

If your YubiKey is connected to your PC, then a "Yubikey" button and text area will appear in the Master Password Entry and Setup windows, as show above. This allows you to use your YubiKey to access your Password Safe database, either in addition to, or instead of a master password. For maximum security, we recommend that your database be protected both by your YubiKey and a master password (this is known as two-factor authentication).

Setting up a Master Password with YubiKey

To use your configured YubiKey to protect your database:

  1. If you haven't already done so, insert your YubiKey into a USB slot on your PC. The Yubikey button on the Master Password window will now become active, and the text to the right of will change to "Click, then activate your YubiKey"
  2. Set up the Master Password as follows:
    1. If you wish to protect your database using both your YubiKey and a master password ("two factor authentication"), then first enter the master password in the "Master Password" and "Verify" fields, then click on the Yubikey button.
    2. If you wish to protect your database using your YubiKey only, then leave the "Master Password" and "Verify" fields empty, and click on the Yubikey button.
    3. Of course, you can also choose to protect the database by a master password alone, just enter the master password in the "Master Password" and "Verify" fields and then click on OK.
  3. Click on the Yubikey button. The "Click, then activate your YubiKey" will be replaced by a progress bar indicating the remaining time you have to activate your YubiKey (by touching the flashing green light on the device). If you do not activate your YubiKey in the allotted time (about 15 seconds), then an error message will be displayed, and you can try again or cancel.
  4. Once the YubiKey has been activated, your Password Safe database will be created.

Opening a database with YubiKey

To open a Password Safe database protected with your Yubikey:

  1. Make sure the desired database is selected in the "Open Password Safe" field. If it's not there, click on the ellipsis (...) and choose it.
  2. If you've chosen to protect your database using both your YubiKey and a master password, first enter the master password in the "Open Password Safe" field, then click on the Yubikey button. If you've chosen to protect your database using your YubiKey only, then leave the "Open Password Safe" field empty, and click on the Yubikey button.
  3. When you click on the Yubikey button, the "Click, then activate your YubiKey" will be replaced by a progress bar indicating the remaining time you have to activate your YubiKey (by touching the flashing green light on the device). If you do not activate your YubiKey in the allotted time (about 15 seconds), then an error message will be displayed, and you can try again or cancel.
  4. Once the YubiKey has been activated, your Password Safe database will be opened.

Screen Capture Protection

The small green icon in the lower right corner of the opening window indicates that this window will not appear in screen captures. This is a security measure, added in version 3.64. For more information about this, see the security tab page.

Virtual keyboard

To setup a master password in a secure way, you could use accented characters (e.g. on a German keyboard) such as ü, ß or similar. To realize the input of such characters, you would need a foreign keyboard. Such a keyboard is available as a virtual keyboard. This keyboard is then used to simulate all available foreign characters. The virtual keyboard can be shown by clicking on the Symbol virtual keyboard symbol. Foreign characters, that are not available at the physical keyboard, can be put in in this way. So you can build your desired master password. Even pieces of the master password can be built this way.


Input a password with a virtual keyboard