KisKis™ provides some basic account types for different purposes, such as “Network Accounts”, “Bank Accounts”, “Secured Files” and “Credit Cards”. However, if the attributes of them doesn't meet your needs, you can define your own account types in an easy way.
All accounts can be archived. Select the In archive? -checkbox if the account will not be used in the near future. Checked accounts will normally not be visible in the tree view. You can make them visible again with the View/Show archived items menu item.
The Apply -action will be enabled when the account was changed. Click on this button if you want to "commit" your changes.
All account types define the following properties in common. That means they have a name, password, can expire on a specific date and collect some statistics.
A simple name for the account which is used in the tree view.
The password used for this account. Normally it will be hidden, but you can display it if necessary.
You can create new passwords automatically if the password field is empty with the Create -action. Click on Create and a menu with three generators is displayed.
If a password exists you can display the password using the Show -button.
You can copy the password to the clipboard even when it is hidden with the Copy to clipboard -action from the context menu.
The Test -action checks if the password can be found in a dictionary. You can define your own dictionary to use as described in the Cracklib Options Tab .
This progress bar shows the password quality on the fly.
The tooltip shows you some more detailed information about the quality.
A password might expire on a specific date. You can enter this date here or mark the Never -checkbox if it never will expire.
Expired passwords can be found with the "Reports/Expired Accounts ..."-action from the menu bar.
Displays a dialog with all recent used passwords for this account.
Attachments are arbitrary files which will be encrypted and stored next to the account.
Shows a file selection dialog. Select a file and it will be shown in the list afterwards.
Decrypt the attachment and save it on the disc.
Delete the attachment from the account. The encrypted file will be removed as well.
All physical operations will be done when the document is saved. An Apply alone will not change any data on the disc. The source files will not be touched at all. That means you have to remove them from disc manually if necessary.
Normally you should not be bothered with the manual decryption of attachments, but here is how it works.
File attachments are stored as separate files which are
associated with the password-file (e. g.
c:\foo\bar\kiskis.xml.gpg
) by name for efficiency reasons. All attachments of
c:\foo\bar\kiskis.xml.gpg
can be found as
c:\foo\bar\kiskis.xml.gpg.attachment.<i>
encrypted as separate PGP-Messages. Each attachment is encrypted
with a new random key which you can find within the
c:\foo\bar\kiskis.xml.gpg
-file in the
<Attachment>-element.
So, a typical
KisKis™
-directory
c:\foo\bar
with a passwordfile
kiskis.xml.gpg
will look like:
gandalf@valinor-LINUX:/foo/bar/$ dir
insgesamt 192
-rw------- 1 gandalf gandalf 6419 2010-11-15 14:17 kiskis.xml.gpg
-rw-r--r-- 1 gandalf gandalf 159 2010-11-10 18:00 kiskis.xml.gpg.attachment.1
-rw-r--r-- 1 gandalf gandalf 543 2010-11-10 15:55 kiskis.xml.gpg.attachment.2
-rw-r--r-- 1 gandalf gandalf 231 2010-11-10 15:55 kiskis.xml.gpg.attachment.5
-rw-r--r-- 1 gandalf gandalf 1223 2010-11-10 15:55 kiskis.xml.gpg.attachment.6
-rw-r--r-- 1 gandalf gandalf 326 2010-11-10 15:55 kiskis.xml.gpg.attachment.7
-rw-r--r-- 1 gandalf gandalf 492 2010-11-10 18:00 kiskis.xml.gpg.attachment.8
-rw-r--r-- 1 gandalf gandalf 159 2010-11-10 18:00 kiskis.xml.gpg.attachment.9
Each account collects some statistics. So you can see when it was used the last time and how often it has been viewed.
Plain text can be added to each account using the Comment -tab.
This is the most often used account type. It can be used for computer logins, mailserver authentications, internet services and so on.
The network account provides additional attributes for:
Typical use is the login name of an internet service or computer account. This might be an e-mail address as well.
The location where the service or computer can be found. This URL can be delivered to the Build-in Application Starter , so that you can associate your preferred application to it. Therefore, you would have to click on the button Open URL .
If a service wants to know an email address you can type it in here. This is very useful if you have multiple email accounts and if you want to keep track which account knows which email address, especially if you use such services like spamgourmet.com.
This account type models a typical money account on a bank. It provides some additional attributes needed for financial transactions such as “telephone pin”, “account number”, “TAN lists” and more.
The bank account provides additional attributes for:
The name of the bank, e. g. "Deutsche Bank".
The identifier of the bank. This may be a IBAN, BLZ or something else.
This is a password or PIN which is used for telephone banking.
This is the number that identifies the account.
Notice the TAN list field for transaction numbers (TAN). It is used to define sets of TANs. Each TAN list is identified by an ID and a creation date. Within the following dialog the TANs can be added, removed or marked as used.
TAN lists:
Creates a new empty TAN list.
Open the selected TAN list in a TAN list editor dialog.
Deletes the selected TAN list.
TAN list dialog options:
An identifier which is usually written on the TAN list by the bank.
The date when the bank created the list.
A consecutive number which identifies a TAN.
The value of the TAN, usually a 6-digit random number.
Checked if used. When checked is clicked, the field "Used On"" will be updated as well.
The date when the TAN was used.
A “Credit Card” is usually associated with a bank and has a tiny pin used for ATMs. Though, the most interesting part is its number which can be entered as well.
The credit card account provides additional attributes for:
The name of the bank, e. g. "Deutsche Bank".
The number written on the card.
The PIN needed for ATMs.
The card security code (CSC) provides increased protection against credit card fraud Wikipedia .
Sometimes files can be opened with a passphrase only. So you can define an account which is linked to the file. This files can be opened with your preferred filemanager. You can encrypt or decrypt them with OpenPGP if you want to.
The secured file account provides additional attributes for:
A relative or absolute path to an arbitrary file. This could be "project plan", "word document", "keystore" or something else.
Shows if the file could be found or if it is a directory or if it is missing.
Decrypts the file using the password given above. It is activated only if the file is a PGP file. This is checked automatically.
Encrypts the file using the password given above. It is activated only if the file is not a PGP file. This is checked automatically.
If you need some extra attributes or even simpler accounts you can define your own account templates. In the standard KisKis™ document you can find two examples. The first example is the "Password only" type, the second example is the "Complex type example" type. You can change these examples if you want to. Think about an account type as a blueprint for multiple occurences which all need some specific properties.
As you can see this account type does not define any additional
attributes. So, the detail area is not visible anymore. You can
use
this account if you need a "label/password" pair only.
This account type is just an example. You can see all field types
available. Look at
Managing your own account templates
for further information.
Open the menu item “Edit/Manage account templates” to open the template overview dialog.
Be careful when modifying a template you have already instantiated and filled with important data. New properties aren't a problem at all. But keep in mind, that deleting a property will delete ALL associated values from the instances as well. You should also note that deleting a template will delete all instances.
Here you can see all your defined account templates. In this case, two types were already defined. Note that an item is uniquely identified by its name (case-sensitive). So you cannot have a second item called “Password only” . All the templates are stored within your current datafile.
Click New and a newly created template will appear in the list. It will be initially called "new template".
Select an existing template and click Edit to manipulate the template. A new "template editor dialog" will appear. You can do a double-click in the list as well.
Select an existing template and click Delete to remove the template. If the item is currently instanciated a warning will be shown.
You can import existing templates from other KisKis™ files with the Import -button. Select a KisKis™ file, enter the password and all the templates will be copied to the current file. In case of naming collisions you can change the template names before OK is pressed.
Name your template and add some tiny properties with New . You can order the properties using the arrow buttons on the right panel.
Enter a unique name for the template. There is no other constraint for the name.
Opens the property editor dialog .
Select an existing property and click Edit . The property editor dialog will be shown.
Select an existing property and click Delete . The currently selected item will be removed from the list. If the property is still used by an instance a warning will be shown.
Give each property a unqiue name within the template and choose a type out of the combo-box. As you can see, the following types are supported:
Will be rendered as a date field
Will be rendered as a password field.
Will be rendered as a simple text field.
Will be rendered as a URL-input field which allows you to start an associated application.
Will be rendered as a text area.
Take a look at the Complex template example .
Secure passwords should be only known by you and the service you are using. It is not recommended to reuse passwords for multiple services. That means you need one unique password for each account which cannot be derived from another password of a different account. Therefor, KisKis™ provides multiple password generators which make it easy for you to follow these rules.
Three different generators are available when you want to create a new password
Human readable passwords do not use sophisticated special
characters. Furthermore the generator mixes
consonants
and vocals in
a friendly manner. The passwords created should always be
readable, e. g.
NuHuxo770165
Secure passwords use all displayable characters in a complete
random order. These passwords may be hard to read
and
comprehend
but are secure, e. g.
du"|]Z0ku&"E
.
This option opens a new password generator dialog.
Enter a string, defining your template, here.
A template consists of a user-defined password pattern string with a length greater than zero. Each pattern character represents a set of characters which can be placed on this position randomly.
c,C - a consonant (b, c, d, ...)
v,V - a vocal (a, e, i, o, u)
a,A - an alphabetic character
9 - a digit (0-9)
n,N - a combination of 'a' and '9'
# - a special character (+, $, %, ...)
? - any character
Example:
cVCvaA99#?
can generate
kIFaaT40[F
,
wUJan042:%
and so on.
The number of passwords to generate. You can pick one of them out of the list.
If upper case and lower case should be chosen randomly you can activate this box.
When you need to choose a password you may ask yourself "What is a good password and how do I know it is well chosen?". However, at first you need to know the how an intruder would try to get your password.
The easiest way to get a password is guessing or social engineering . Many people are using passwords of things or family members they can remember easily. "The name of the pet", "the childs birthday", "an anniversary" or such things are often used and can be guessed by an intruder easily. Think about all the information the web knows abaout you. Google, Facebook and Xing are a very useful source for such information. Even if you did not publish such sensitive information, the intruder might know you better than you think.
You can protect yourself from those attacks easily. Do not use any information of your social environment as passwords!
An automated way to hack an account is to use a dictionary attack . Therefor a computer will try each entry of a dictionary to access your account. Those dictionaries contain millions of entries with the most common passwords used all over the world. Our fast computers do not need much time to find the right solution if the password can be found in the dictionary. Did you know that "qwertz" or "{[]}\" are often used passwords? That is the case because these character sequences constist of characters which are close to each other on the keyboard.
You can protect yourself from those attacks easily. Do not use simple words or character sequences, consisting of characters which are close to each other on the keyboard, as passwords! Passwords should never be found in a dictionary!
Another way to get your password is to use a brute force attack . The algorithms are very simple. "Try each possible variation of characters and numbers up to a defined length." The longer your password and the more different characters your password contains the more variations need to be tried.
You can protect yourself from those attacks easily. Use long passwords with at least 10 characters mixed with numbers, special characters, upper case and lower case!
You can check your password quality with two internal tools.
The first is a simple password analyzer which tests the strength of your password depending on the character set used. A character set describes numbers, lower-case letters, upper-case letters, punctuation, ... The more different character sets a password uses and the longer it is, the more secure the password is because a brute force attack needs to take more possible variations into account.
As you type the password in the
password element
it will be checked automatically. Depending on the characters you
typed the number of possible variations is
computed. It is assumed,
that an intruder might get the information about the character set used,
i. e. if you use numbers only as a password the intruder
would try numbers only in a brute force attack to reduce the number of
possible variations.
The tooltip shows you more information
about the password quality. So you can see the number of possible
variations.
The second way is a dictionary-based check using cracklib. The password is validated against a dictionary. If cracklib is able to find parts of the word in its dictionary you should use another password because a dictionary-based attack on your account could succeed with a high probability.
This dialog gives you some information about the password, e. g. if
it was found in the dictionary or if it violates some other
password rules.
KisKis™ provides a basic feature to import existent data via "comma-separated-value”-files (CSV). You can create CSV files easily with Microsoft Excel or OpenOffice Calc .
Open the KisKis™ file you want to add the imported accounts to and activate the menu item “File/Import” to start the procedure. A file selection dialog opens. Select the CSV file you want to import and click OK . The accounts will be added.
A CSV file must start with a header line and may contain multiple data lines. Each data line represents one account and must contain as much as fields as defined in the header.
The header with pre-defined values must be included:
The name of the group. An empty group name means that the account should be append to the root. A group path can be defined using the character sequence " ## " as a path separator. A group name " Shopping##Books#My Favorite Bookstores " would result in the following tree path:
If no group path separator can be found the group will be appended to the root node.
The name of the account.
The password as plain text.
The user name for the account.
The e-mail address used for the account.
The URL used for the account.
The creation date used for the account. The format is
YYYY-MM-DD
, e. g. 2010-12-01.
The expiration date used for the account. The format is
YYYY-MM-DD
, e. g. 2010-12-01.
The comment used for the account. May contain linebreaks.
Example 2. CSV Example File
"Group","Label","Password","User Name","Email","URL","Created On","Expires On","Comment"
,"Account placed to the root","hhsgww2l","foo",,,,,
"Shopping","Amazon",32362187361,"amazon.foo","mail@bar.de","http://www.amazon.de",,,"amazon account"
"Newly created group","Blahblah",1234,"user@foo.bar","user@foo.bar",,,,
"Lifestyle##Shopping","eBay","hgfhda4342","buyer","foo@bar.com","http://www.ebay.de",,,
"Work##Job 1","Computer Job 1","secret","john.doe","john.doe@company.com","http://portal.company.com","2010-10-21",,"Another comment"
"Work##Job 2","Enterprise Password","foobar","karl.mustermann","karl@mustermann.de","Http://portal.foo.com","2009-12-24","2010-11-23","That is just a comment.
With
Multiple lines"
"##","Account placed to the root 2","ÄÖÜölöö","another@user.de","another@user.de","http://foo.bar",,,"Another comment
With multiple lines"
"##Shopping","Bücher.de","3211fssaDD","mybuecher","foo@bar.com","http://www.buecher.de","2008-01-27",,"No comment"
"Others##Invalid Accounts","Wrong Expiration date","rhiurhewf","foo","foo@bar.com",,,01.01.10,"Wrong expiration date"
"Others##Invalid Accounts","Wrong creation date","rhiurhewf","foo","foo@bar.com",,01.01.10,,"Wrong creation date"
"Others##Invalid Accounts",,,,,,,,
Notice the header in the first line and 11 different data rows. The
order in the column header is not important.
You don't have to
provide values for each possible column. You could use the header
Label, Password
as well and omit the other column values ( the rest will be filled
with predefined standard values). But
if you have defined two
columns in the header, each data row MUST provide two columns as well (but
a column may be empty).
In this example the field-delimiter is ','. You can chose any
other character if you want to. Put the field values in
""
if the field-delimiter may be found inside the value, e. g.
comments and text fields.
Get the example OpenOffice.org Calc spreadsheet and try out.
An import-action cannot be made undone. Please save your KisKis™ file before you start the import.
Note that the imported accounts will be typed as “Network Accounts” and will be added to the opened file.
Open the menu item Edit/Options... to edit your personal preferences. A new dialog will appear.
In the general tab you can find options for appearance and some automatisms making your life easier.
General options
Choose a classname of an
javax.swing.LookAndFeel
-implementation.
The default value is the great
com.incors.plaf.kunststoff.KunststoffLookAndFeel
.
You can choose a font of all available fonts which is used for the password fields.
The default is
Monospaced
and should be sufficient for most platforms.
Enter the number of minutes of inactivity here that should pass before KisKis™ will be locked. Inactivity means that KisKis™ did not receive any mouse event or key stroke, e. g. because the window is in the background. When KisKis™ is locked you need the password of the currently opened file to unlock it again. So you might leave your computer alone for a moment.
A value of
0
will disable this option.
The default is
5
minutes.
Enter the number of seconds here that should pass before
KisKis™
will mark the currently opened account as viewed. This
means, when you opened the
GMail
account its
last viewed date
and
view counter
will be updated after N seconds. This is useful if you want to
keep track of your favorite accounts. If you switch to
another
account before N seconds passed these values will remain the
same as before.
A value of
0
will disable this option.
The default is
10
seconds.
Should the password stay in memory as long as the password file is opened? On a single user machine this is no problem. On a multiuser server, e. g. Citrix, it would be safer to disable this option.
The default is
checked
.
If buffer password is enabled the buffered password can be disposed from memory automatically after N minutes. This is useful if you run KisKis™ on a multiuser platform without losing much convenience.
A value of
0
will disable this option. The password will never disposed.
The default is
0
.
This value is used when a new account is created for computation
of the expiration date. The default expiration date will be
today
+
N
days.
The default is
365
days.
If you want to run
KisKis™
from a USB-stick on multiple computers it is useful to share the
preferences. Check this box and
the preferences will be
saved
in a file
$KISKIS_HOME/kiskis.preferences
. If you start
KisKis™
the next time it will restore the preferences from this file.
The default is
not checked
.
If you want to get a short message when a new version of
KisKis™
is available you need to check this box.
KisKis™
will ask the
server
http://kiskis.sourceforge.net/download
if a new version is available. No information from you will be
sent to the server for this operation. This is just a simple
HTTP-GET
. These requests will not be saved to any logfile from the
KisKis™
-authors.
The default is
checked
.
In this tab you can find options for the load and save operation.
Load & Save options
Select your favorite encryption algorithm. OpenPGP - AES (256) is the strongest algorithm available. You can use other algorithms if you want to, even 3DES which does not use PGP at all.
The default value is
OpenPGP - AES (256)
. If the
JCE
is not installed on your machine
OpenPGP - AES (128)
will be the default.
Enable this option if KisKis™ should save your changed password file automatically.
The default value is
checked
.
Tell KisKis™ how many minutes it should wait to save the document automatically after the password file has been modified.
The default value is
5
minutes.
KisKis™
can make backups when saving the document automatically. All
attachments will be backed up as well. You can find
the
backup
files in the directory where your password file is saved. The
filenames follow the simple rule
<password file>.backup.<timestamp>
.
The default value is
5
backups.
You can define your own applications that shoul be used for opening URLs here. In the list you can find prefixes and regular expressions for URLs associated with commands for external applications. The list has to be read from top to bottom. The first matching prefix/regular expression for a given URL will be used to start an external application.
As you can see in the picture above three different entries exist.
URLs starting with
https://www.myjob.de/
will be started with
firefox
and all other
http
-URLs will be passed to the machines
default browser
. It is important that the more specific prefixes will be placed on
top of the more general ones.
Applications options
Creates a new empty entry in the list. Make a double click on it to define its values.
Edit the selected entry.
This pattern or prefix is used to match a given URL. It answers the question: Should this entry be used to open the URL X? .
Define a prefix, e .g http . You can define Java-like regular expressions [6] as well if you need more complicated patterns and logic.
Define your command, which starts the application here. You
may use placeholders as
%url
,
%pwd
and
%username
. These placeholders will be filled with the values of the
specific account when you click
Open URL
.
The command <default browser> %url will use the Java-standard mechanism to detect the default browser on your machine.
Remove the selected entry.
Here you can define your own dictionary that is used to check passwords if you want to. The standard dictionary contains more than 1.6 million words and typical passwords. Most of the words are in German and English.
Define the relative or absolute path to a cracklib directory
here. This directory contains the dictionary which consists
of
three cracklib files (
cracklib.hwd
,
cracklib.pwd
and
cracklib.pwi
).
Use this action to select an existing directory containing the three cracklib files . A directory selection dialog will appear. The selected directory will be validated and the absolute directory pathname is shown in the textbox afterwards. Otherwise an error message will appear.
You can define your own textfiles with your own words as a
dictionary. That is quite simple. Create a file
wordlist.txt
with a text editor (e. g.
notepad
on Windows). This file should look like as follows:
Empty lines and case will be ignored.
A file selection dialog will appear if you click this action. Select the file you created first and Select . A progress indicator will appear as long as this action has not been finished.
The dictionary files will be created on the file system in the directory specified in the textbox. So, you should define the target directory in the textbox first. The import of the file cannot be cancelled and may take a while. Please be patient.
You can find the standard wordlist in the Version Control System .