When it comes to password security, we continue to hear about the importance of choosing passwords;
- that are too complex to be guessed
- that are unique from every other password we use
- that aren't real words or dates or names
And it works great to keep our accounts safe... until WE forget our own password. Then we wish we'd re-used a password, or picked something we could guess. God help us if the account locks itself after 3 wrong tries. I am at the point in my Internet experience where I can't keep track of all the places I have accounts (never mind my passwords). So I needed a tool to help me, because apparently large amounts of fair-trade coffee isn't enough to jog my memory
I needed a place I could keep all my passwords. I needed a password safe. It had to hold; passwords, URLs, usernames, comments, the ability to organize those passwords in a hierarchy that would make sense, and it needed to be secure lest it fell into the wrong hands. For several years I have used PasswordSafe which promises Simple & Secure Password Management. It worked great, but I had one problem using it. I could rarely remember which subfolder in the hierarchy contained my entry... I needed search. Enter Keepass. Keepass offers all the above features including "search" if you type in some text it will match every entry in the encrypted Keepass database that matches this.
[caption id="attachment_260" align="aligncenter" width="300" caption="way better than a post-it note!"]
[/caption]I have been absolutely Loving Keepass, and as long as I'm disciplined to put my passwords in there, they are available to me when I need them. The Keepass website makes this introduction; "KeePass, the free, open source, light-weight and easy-to-use password manager."
So there was one more problem I needed to address and it was the question of how do I synchronize keepass databases across the multiple computers that I use in a week. I don't have a magical 5 minutes every time I'm done using a computer to make sure my database is copied correctly. So the fear would be that an old copy overwrites a new copy, or that a password is in one location and not the other location where I need it. (What computer was I sitting at when I signed up for that account?).
To synchronize files, I turned to Dropbox. The promise of Dropbox is that you can "synchronize files online across computers" . On the downside Dropbox requires you to install some software on your computer which runs at startup (or else there is little point of automatic synchronization). It probably uses more memory than it needs, but hopefully someone on the Dropbox team will be working at reducing that memory footprint further. Essentially you share a folder with yourself via the Dropbox website. Your application checks every so often to see if the file has been updated, and if so, you get the most recent copy. For myself there is no synchronizing via this method at work in order to respect policies around automated Internet traffic and not installing unsanctioned software. So I have ALMOST solved my problem right? The rest of the solution is provided by Keepass itself which has a handy importing feature. You can import from another keepass database into a specified folder, and then the passwords themselves have a unique identifier to help make sure that you are truly synching the same password.
I hope this is helpful, let me know how you make out.
What password strategies work for you?
Greg.
[...] Protect your Passwords with KeePass [...]
ReplyDelete[...] Password safe software can hold all of your passwords. These tools use a master password to encrypt all of your passwords. If it fell into the wrong hands it is useless to the bad guys, but in your hands, it can help you not only remember passwords, but also usernames, URLs for logging in and other details you record with the entry in a searchable “password database”. I recommend KeePass which I’ve discussed previously. [...]
ReplyDelete