Wednesday, 10 March 2010

Password Safes and Safe Passwords

Passwords. Can't live with them, can't live without them. They seem to multiply like rabbits in spring (or whatever their favourite season might be - I'm not a rabbitologist) and we're only human so we need to manage and remember them one way or another.


There are of course many ways one could handle one's passwords:
  • Only use one, and use it everywhere (better not do that, because if someone finds one, all doors are open)
  • Write them down on a sticky note (better not do that because someone might find your sticky note)
  • Stick the sticky note underneath your desk (ditto)
  • Put them in a text file on your PC (better not do that because another user might be able to read that file - by the way, has your Windows user account been password-protected? Not that that would necessarily help...)
  • Remember them all (yeah right)
What you need is a password vault. Not a massive metal object that weighs tons, but a programme that will store your passwords on your PC in a safe way.

There are many such tools around, but I prefer KeePass and have been using it for years. KeePass is a free and open-source password manager that, like any password manager worth its salt, encrypts the information it stores. 'Encrypted' means that it is not human-readable and even pretty tough or impossible to crack with computers. You need... a password to protect your KeePass data - but you only need to remember one, which will then recall the dozens of others you have to pull up every so often.

The 'open-source' bit means that the authors of the programme have published its source code as well, and that this souce code can be read and downloaded and improved and what have you by anyone. Open-source software (from reliable sources like the incredible SourceForge) also demonstrates that there is no hidden malicious functionality in the programme - at least, it demonstrates this to programmers who can interpret the source code.

Guess what: KeePass, like most if not all open-source software, is free. It even exists for a wide range of platforms like handheld PCs, mobile phones, Linux, Mac OS X, and Windows. Not all these versions are free, mind you, but the Windows one certainly is. Free older versions that run on multiple platforms are still around - Google it.

If you keep your password list on several computers, you can either just copy the file over, or (depending on the file format you choose), export the information from one PC to an encrypted file and import that file on the other computer(s).

Many options and settings are available, but at the very least (which is a good start), you can create a new password database, bundle passwords in groups (e.g. work, private, banks, ...) and burn your sticky notes.

Give it a shot, you'll see it's worth your while.

No comments:

Post a Comment