KeePass…
Long ago, in a galaxy far, far away, I wrote a post about Passwords. Since I wrote the post a lot of things have changed.
First, I’ll admit that even after I wrote that post, I continued for months to use my same old password that I had used for everything. I lollygagged about changing it. I didn’t know what to change the passwords to. I didn’t know how to keep track of them. I was just plain unmotivated to do something about my password situation.
I’ve developed a solid system for managing my passwords since that time and I will share my system tomorrow, but first I wanted to show you the primary tool I’ve been using: KeePass.
The basics
After you’ve downloaded and installed KeePass (which is super easy – just click through), you need to create a database to hold your passwords.
You will then be prompted to create a new database. You can save it wherever you like, but I’ll have some more pointers on a great place to put it in my later post about the system I’ve developed.
Once you’ve saved your new database, you’ll be prompted to create a Master Key. That is just a fancy phrase for master password. For this password, I would recommend choosing something that fits the following criteria:
- Memorable – Make it something that you can memorize and be able to reproduce at any moment. If you forget the password that holds all your passwords, then you’ve just basically locked yourself out of all your accounts. Not good.
- Not guessable – Don’t make it your street and your birthday. You really don’t want to make it that easy for someone. See my password post for tips on this.
- Mix it up – Instead of typing your password as BrownBear71, try mixing up the capitalization or use slangy misspellings like this: bRowNbarezZz71
To judge the strength of your chosen password, KeePass has an indicator bar showing the relative strength. The first is for BrownBear71. It has a strength of 60.
Changing the password to bRowNbarezZz71 increases the strength to 78.
The next step should require you to simply press ‘ok’ since all the default options should be fine.
An example
This will be a walk through of the process of adding a password to the database and then using the password.
First, navigate to the category group that you want to use. I will be using the eMail group. Along the top of the window, you will see a little gold key. You can click that to add an entry or you may also right click in the main window and select the gold key there.
The two tabs of interest in the New Entry box are Entry and Advanced. Entry allows you to fill in the title of the site, username, URL (link to the site), and any notes you might want to keep. The password should be filled in for you automatically as a 20 character string of random letter (caps and lowercase) and numbers.
Hint: From the main screen, if you click on the ‘Tools’ menu and choose ‘Generate Password…’ you can navigate to the ‘Advanced’ tab. Here it might be wise to check the second box so you can eliminate things like the letter O and the number 0 or the number 1 and the lowercase letter l. Your passwords will still be plenty strong.
Once you’ve chosen a password, you can head over to the site, head to your profile and update your password. Just copy/paste your password in and change it.
Additionally, you might want to change the answers to your password recovery since a 20 digit random password does no good if they only need your dad’s middle name to get it reset. On the Advanced tab of the New Entry box, you can add String Fields. For me, the field name was the question asked for password reset and field value was a randomly generated password that will be used as the answer to the question.
Now you have strong passwords, password reset answers, and a secure database to hold it all.
What if I’m not at MY computer
That is a good question: What if you are out wandering around and you need access to your email?
This is going to be the second part of the system. We are going to attempt to make the database accessible anywhere and even make some contingency plans, just in case.
Does anyone use a different password manager or have a better way to store and organize passwords? Anybody have their password stolen?
Email Subscription
Visit Amazon
Blogged.com
1password is supposedly top dog for this on a Mac. I have not used it though. I try to use complicated passwords and change them on a regular basis. I’ve never found a storage tool that I totally trusted. KeePass looks interesting.
I guess for me, total trust wasn’t necessarily what I look for. This has been the trade-off for me forever: do I use a password or two that I can remember for all my sites and not have the laying around in a program like KeePass or do I have extremely complex passwords and have them readily available and easy to copy over to the password entry forms.
My logic goes like this: what is the probability that someone could 1) get my KeePass and break into it or 2) guess a 20-character string of digits and upper and lowercase letters? Is that probability greater than or less than the probability of someone randomly guessing a 8 digit password that has one uppercase and 4 digits? I’ve decided the second has a greater probability of happening, so I’ve gone with KeePass.
As far as KeePass’s security, it is open source so I would hope that enough eyes of enough geeks would have fix any major security faults in it. Furthermore, I feel like I could put less trust in a paid, proprietary application since the code is less scrutinized by outside sources.
I agree with you that the probability of breaking a strong password on your Dropbox and your KeePass is low.
I’m probably going to look into something like KeePass or 1password soon. The downside to both of those options (for me personally) is that one is Windows-only, and the other is Mac-only. I routinely work on Macs, PCs, and even Linux machines. I wonder if there is a good choice that is supported across multiple OSes? That would be ideal since Dropbox is already supported on every major OS.
KeePass has an option to run it under Mono. Since I don’t have a Mac, I’ve never had to use this so I don’t know how difficult it is or anything. Let me know if you experiment with it at all.
My time is pretty short, but perhaps I’ll try to get KeePass working on Linux with Mono and see how tough it is.
Link to the KeePass Mono help.
This is a great idea! Nice post!
Are you going to use this for Facebook? Did you ever figure out what happened there?
Follow-up. . .
About a week ago, I decided to try 1Password 3 for my Mac. I absolutely love it. The concept is similar to KeePass. 1P is a highly rated program by most Mac gurus. Things that really make 1P great are. . .
* Extensive browser support. There are plugins for just about any browser you could have. The plugins allow you to quickly fill, generate, and manage passwords right in your browser. It is so handy.
* Very easy-to-use password generator. You can specify the length, number of numeric characters, symbols, and several other options. It also gives you an idea of how strong your password is.
* Support for more than just passwords. You can store software licenses, identities, secure notes, attachments, and other items.
* Everything is in one secure package file. Since everything is bundled into one package file, you can easily keep multiple machines in sync using a service like Dropbox. Even if you’re not on a Mac, you can download it as a zip file, and by using 1Password Anywhere, you can open your password using any browser.
* Great iphone app that syncs with your main 1Password database file.
If you own a Mac, I would say this is a must-have.
Eddie´s last blog ..Mac users damn, defend ‘ribbonizing’ of Office 2011 [Link>>]
Thanks for checking back in, Eddie. It is great having the Mac side of things since I only have Windows PCs around my house.