Google+

Webmail

James's Blog

IT Hints, tips, tricks, and ramblings.

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login

Start using a Password Manager!

Posted by on in Tech tips and thoughts
  • Font size: Larger Smaller
  • Hits: 1802
In this day and age, we are surrounded by passwords. Passwords are a security necessity in the digital age we live in. Email accounts, bank accounts and electronic tax lodging are just a few examples of services you'll need a password for. Now let's introduce the concept of... passwords to access passwords - Password Managers. This may seem like an odd idea at first, but in this post I will touch on what a Password Manager is, and why you should consider using one.

What is a Password Manager?

A password manager is a program designed to store all of your passwords in a database. This database will of course have its own password so that it can be accessed. The database will also be encrypted with this password, so that it is secure. The password manager I'll touch on in this article is KeePass.

Why use a Password Manager?

In many instances, using a password manager is likely to be much more secure than your current password methods. One of the biggest security issues is the use of the same password across many different services. It's very common for people to have so many services that require passwords, that they simply use the same password on each service. If a password that is used across more than one service is compromised, it opens up the possibility that every service you use that uses the same password, is also compromised. Having different passwords across everything (and complex passwords at that) is a fairly standard "best practice", yet many people do not follow this. A fairly obvious reason is that people simply don't want to remember a long list of complex passwords, it's not particularly convenient. This is where a Password Manager steps in.

KeePass

KeePass is a free and open-source application. It is highly regarded in terms of being secure. You can store usernames and passwords, as well as various other account information into a KeePass database. This database is heavily encrypted. Using KeePass makes adhering to password "best practices" convenient and simple, for example - there is a built in password generator, which you can use for generating complex passwords for all of your different accounts. This way you could have massive complex passwords for all of your accounts, with no need to remember them in your head. Another great feature is configurable password-expiry timers. If you want to change a password for an account every 30 days, KeePass can be configured to automatically remind you to do this, at which point a new password can be generated.

Many people would now be thinking - isn't it insecure to store all of your passwords in one spot? Good question. Generally speaking, account details are compromised by hackers attacking the websites that are storing the account details. For a hacker to get access to your KeePass database, they will first need access to the PC that is storing the database, and they will also need your database password. If your PC is infected/compromised, then you could get yourself into serious trouble here, however in this event you are already going to be in serious trouble, as unauthorised access to your PC means that all of your keystrokes and activity could be logged anyway, therefore using a password manager or not, all of your account details can be stolen through your PC, so this really depends on your perspective.

For added convenience and security (again, depending on perspective), you can store your KeePass database onto a mobile phone device, and run a KeePass app such as KeePassDroid or iKeePass.

For more information on the many features in KeePass, best practices, and setting up and using KeePass, check out the following links.

http://keepass.info/

http://keepass.info/features.html

http://keepass.info/help/base/index.html

http://keepass.info/help/base/security.html

http://keepass.info/ratings.html

http://niallbest.com/password-management-with-keypass/
Last modified on
James has not set their biography yet