Password Management Done Right
Everybody has passwords they need to keep secret, but that also need to be remembered. Managing these passwords can be a pain and time consuming. For these reasons, a lot of people just decide to have one password for everything, which can be disastrous if your info falls into the wrong hands. I was one of those people who had mainly one password for everything. I knew that what I was doing was insecure, so I decided to look for a password manager.
My needs in a password manager were:
- Something that can securely store my passwords and other private data (WiFi keys, product licenses, PINs, etc).
- Easy to sync between computers so I always have the latest copy for whichever computer I am currently on.
- Automatically fill out login fields on websites.
- Control of the password database.
There are many password managers out there. A lot of the newer web browsers have some sort of password management built in, there are online password management sites, and there are desktop clients for all the different operating systems.
I used the password manager in Firefox for a while, but it didn’t fulfill my needs. I could only store passwords and nothing else and you couldn’t use it anywhere else except for Firefox. Also, some sites, mainly banking sites, wouldn’t allow Firefox to save passwords.
I looked into online password management sites, specifically Clipperz, but I just decided it wasn’t right for me. It had a lot of the features I was looking for, but I didn’t have control of my own password database. If the site ever shuts down, then I’ll lose all my passwords and would have to find something else.
After looking into desktop clients, I found KeePass, which had everything I was looking for and what I ended up using.
I used the newer 2.x beta version of KeePass as it had more features that I wanted. KeePass is natively a Windows program, but with the Mono project, can be run on OS X, Linux, etc.
KeePass works by creating a password database for all your passwords and data. This password database is encrypted by a master password that you choose. All you have to remember after that is your master password, and you have access to all your secure data.
KeePass is primarily a password manager, but it also has custom fields where you can store any data you would like. You can also attach files to an entry, which is really useful for attaching product keys and licenses. You can sort your entries into different groups, making it really easy to organize your different types of data.
KeePass stores all your passwords and data in one file, which makes it really easy to synchronize. While there is synchronization built in to KeePass, I already use the awesome file synchronizer Dropbox on all of my computers. I store the password database in Dropbox, and it will automatically get synchronized to all of my computers when I make any changes to it. If you are on a computer where you don’t have Dropbox installed, you can use Dropbox’s web interface and download the file directly from there.
One of the most useful features in web browser password managers is that it fills in your username and password automatically on websites where you have your login information stored. KeePass has a very similar feature called “Global Auto-Type”. In the options, you can set a custom key command for Global Auto-Type or you can use the default Ctrl+Alt+A. On a webpage you want to login to, click on the username field and then press the key command for Global Auto-Type. If KeePass can match the website to an entry you have saved in your database, it will automatically fill out the username and password fields and submit the form. If there is a webpage that doesn’t follow the username-tab-password-enter flow, you can set up a custom Auto-Type sequence on a per entry basis.
I described some of the basic core featured of KeePass above, but there are a lot more options available to you if you are a power user and really want to customize your experience.
This system made password management quick and painless for me, but it might not fit everybody’s needs. If you use something else that works well for you, leave a comment and let me know about it.
Comments
I've been using KeePass for a couple of years and really appreciate it. Your post reminds me I ought to move up to version 2.
Recommend changing the title to "And One Word to Rule Them"
Hey Dan, great post. I've been using a VeriSign secured toolbar called Billeo to manage my passwords. Its an awesome tool that manages my passwords well and saves them all in one place.Very handy!
Update: I've been trying out 1Password 3.0 lately. Integrates with nearly every Mac browser (if there is no extension architecture, it just plain hacks its way in ... creepy yet effective). Has a companion iPhone application and syncs data.
What I love is that they explicitly support using Dropbox to sync among multiple computers, so any changes I make on my desktop Mac show up on my laptop and home Mac within seconds.
Overall, 1Password is a really nice product and I think I'm being won over to your "and one to rule them" method.
Leave a Comment
Statements and opinions expressed in this blog and any comments made are the private opinions of the respective poster, and, as such, iMarc LLC is neither responsible nor liable for such content.
Visitors
I long ago developed several algorithms (for lack of a better term) which I use to create passwords for each site I visit. The least secure sites get the simplest algorithm someAlphanumericTranslation(site name + secret word or phrase)... This made it easy for me to have a different password for each site, yet always know what the matching password is.
Still though, the keychain on Mac OS X is too easy not to use ;-)
(It's nice to see an app that actually runs in Mono, I have never found anything that I wanted to use that would work on it.)