Where are all your Passwords???

So the World Wide Web eh? It’s great. You’ve got a Gmail account, a Facebook account, a flicker account, a Cheap-airline account, a “sign up for this it’s free!” account. Lots of people wanting you to give them email addresses and passwords. Now as someone who knows both sides of the industry (both developer and consumer) I know why they all want you to create an account but you have to admit we’ve all got rather a lot of things to remember now...

There are two options - either use the same easy to remember details for everything or keep a note of them all. The first option is unsafe and frankly no longer very easy as a lot of sites require a password complexity that is only satisfied by “Dkojefj%lkwdko23245@”. Very safe from brute force password attempts but hardly memorable.

So the other option is having different details for different accounts. Now in another guide I’m going to discuss the use of multiple email addresses but first lets look at the best way to keep a note of all your passwords safely, and at the same time be able to generate more quickly.

Let me introduce you to Keepass. Not only that let me introduce you to Portable KeePass. I’ll also be covering the wonderfulness of Portable apps in another guide but for now I’d recommend you get the portable version (i.e. doesn’t need installed on a specific PC) of KeePass and stick it on a USB stick. You know that little mini flash drive you keep on your key ring. Or laptop case or wherever. I suggest you keep a safe copy somewhere else too. Maybe online, tucked away on someone else’s laptop, that sort of thing.

Go get it from “http://downloads.sourceforge.net/keepass/KeePass-1.20.zip”.

Now fire up the actual program. Create a new Database (File -> New Database) and pick a good password. This is the only one you’ll need to remember so make it good.

Note if you want some extra protection you can chose a “Key File”. Basically this is a file that has to exist on the computer you are using to get access to the information. What you can do is pick something like a photo off the internet (it has to be something that doesn’t change and has to be globally available!), download it to your desktop and select that as the key file. Anyone stealing you  USB flash drive has to know which file to use AS WELL as your password.

Now first things first. Save the database straight away. Save it to your USB flash drive (the same place you but the actual program hopefully!)

Lets say your sitting at your computer about to sign up for ACME web services. First create a new entry in keepass - go to the menu, select “Entries -> Add new entry”. In the title put “ACME Web Services”, put in your username you want to use - (most sites simply use email addresses as a username but not always!), the URL if you wish (e.g. www.acme.co.uk) and a password. Now to be safe you can get the program to generate a new password for you. Hit the “Gen.” button. This brings a new screen to the front which gives you options on how complicated you want it. Usually you can just use the defaults but if you want to make it a certain length you can do that too. Hit the “generate” button on that screen. You’ll see a set of stars appear next to “New Password”. Click “OK” which takes you back to the main entry screen. The password will still be hidden until you hit the little button to the right of password that has a eye on it. Clicking that will reveal a nice complicated password to use. You can copy and paste this into the web form. Maybe put something in the comments field to describe the entry. In six months time it might be handy as a memory cue! Remember to click “OK” in KeePass. Now SAVE THE DATABASE!!! Go to File and select “Save Database” that will save the new entry for posterity.

As you add more entries you can create Groups to store different passwords into - e.g. Social Sites, Work, Bank etc. You can also give them different icons. The point is that they are saved somewhere safe. Make multiple copies of the KeePass database (it’s the file ending “.kdb”) - it’s securely encrypted so unless the CIA are on your back you should be safe!

You’ll also find it useful for other secure information that is not necessarily a password but needs to be confidential. I’d recommend that if you are in the habit of keeping a note of your credit card details in a little text file (don’t scoff - lots of people do it!) then you stop that and put them in here instead. If you use a “key file” as well as a password the data is as about as safe as you can get. Other uses might be your N.I. number or security questions for telephone banking. All the data is encrypted - not just the password so you  an use the Description field for sensitive information too!

Even better you can get versions for most phones and mobile devices, meaning you can keep a copy on there instead. Check out the Android market or Apple store for KeePass, or download the java version directly from the KeePass website -

http://keepass.info/download.html

By Primitive Designs Last updated: 2 September 2011, 12:51