Random Post: Cloud File Storage
RSS .92| RSS 2.0| ATOM 0.3
  • Home
  • About Me


    Once upon a time I frequently reused passwords. So if you knew my dogs name, or what kind of car I drove, you could easily have pretended to be me with just a little extra work. This is obviously a very bad idea, but I’m sure many people struggle with managing passwords for web sites and computer systems you access on a regular basis.

    Passwords are keys to your identity.  If a malicious person were to figure out your email password, what harm could they cause?  Could they quickly gather the names and contact information for your friends and family?  Could they figure out where you bank?  Could they reset your bank password by telling your bank that your password was forgotten?

    A researcher who examined 10,000 Hotmail, MSN and Live.com passwords that were recently exposed online has published an analysis of the list and found that “123456″ was the most commonly used password, appearing 64 times.
    Wired Magazine

    Here are my tips for choosing the best passwords:

    • Use different passwords for every site/application.  Do not reuse them.
    • Change passwords frequently.  The more you use a password, the more you should change it.
    • Keep your passwords secret.  Guard them as if they were keys to your identity — they usually are.
    • Consider using a random password generator.
    • Consider using passphrases (e.g. Myhouseismadeofwoodandhasyellowsiding!)
    • Consider using acronyms (e.g. Mhimowahys!)
    • Do not use words, birthdays, family and pet names, addresses, or any other personal information in your passwords.
    • Do not use repeat characters such as 111 or sequences like abc, qwerty, or 123 in any part of your password.

    I strongly recommend using a password managment tool for three important reasons.

    1. Tools remember many passwords so you don’t have to.
    2. Tools can type passwords for you.  This makes strong passwords easy to use.
    3. Tools can create strong passwords which are complex, unique, and random.

    A while back I wrote a post about PasswordSafe, which I used to manage my usernames and passwords.  I later switched to a different tool named KeePassKeePass is also free and open source, but I think it is also easier to use.  I now also use LastPass which is a different on-line based password manager.

    KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.

    The ability to auto-type usernames and passwords is infinately flexible with KeePass.  Auto-type is a very important feature, although I can understand why you may not initially think so.  Think about the strongest types of passwords.  They are long, complex, unique, and full of many different character types.  Do you want to type those in manually each time?  Once I switched to KeePass, my normal password length increased to 20 or more randomized characters wherever possible.  Since I don’t have to remember or type them, I prefer the really long/complex ones.

    To manage my password database across several computers, I use FolderShare to synchronize it between systems.  This keeps my database of (as of writing 317) passwords the same across all my systems.  Occasionally I also copy the password database file to a USB flash drive so I can access accounts when I’m not using one of my own computers.

    KeePass has many other great features.  The listing of features below links to their website.

  • Strong Security
  • Multiple User Keys
  • Portable and No Installation Required
  • Export To TXT, HTML, XML and CSV Files
  • Import From Many File Formats
  • Easy Database Transfer
  • Support of Password Groups
  • Time Fields and Entry Attachments
  • Auto-Type, Global Auto-Type Hot Key and Drag&Drop
  • Intuitive and Secure Windows Clipboard Handling
  • Searching and Sorting
  • Multi-Language Support
  • Strong Random Password Generator
  • Plugin Architecture
  • Open Source!
  • Some websites with more complicated authentication schemes will require customization of the auto-type string.  The software “help” references provides details on how to do this.


    One response to “KeePass”

    1. Mark Christianson says:

      While the foldershare works the thing I do with Keepass is install the ‘portable’ version on a USB flash drive. These days you can pick up a flash drive pretty cheaply and put it on your keyring. You’ll always have it with you and you can backup your db file anytime.

      You can get a flash drive with U3 application and download the keepass U3 version on the keepass.info site or what I do is use http://www.portableapps.com and you can find the keepass portable app available for download.

      Now you can relax knowing your keepass data (while encrypted) isnt in half a dozen locations.