Friday, November 22, 2013

Managing Passwords

In a previous post, I gave some guidelines for creating good passwords (ie relatively long and random, and unique for at least sensitive accounts, if not all accounts).

So, how do you go about creating good passwords? and how do you manage them?

Well I can share one trick for creating them, though I don't use it. On trick is to use a phrase, line from a song, or quote, as your reference, and pick letters from it. An example. Say you are a big fan of Bon Jovi, so you pick the phrase "Whoa, we're halfway there whoa, livin' on a prayer". You could select first and last letter of each word, which would give you "WawehyteWal'onapr" as a password. That is 17 characters long, with a mix of upper and lower case letters, and since it had the word livin' in it, I also have the good fortune to be able to include a symbol. I could also easily add a number to the begining or end, by counting the number of words, or maybe the number of letters int he last word (WawehyteWal'onapr6). That is long, random, and fairly easy to remember... So long as you don't have too many different passwords.

I have over three hundred passwords. each one unique. I have a fairly untrustworthy memory also. So I don't use that technique.

I use a program to store my passwords in an encrypted database, and I let it generate random passwords for each account for me.

I have used two different password managers, and I like both of them. On is Password Agent, a closed-source Application by Moon Software. It is $25 for a single user license.

The other is KeepPass Password Safe.KeePass is open-source and free (Note there is a donation link. If you find the software useful. please consider donating. It is a good program, and people have invested considerable time to make it so).

I was going to link a howto for keepass, but so far, I am not satisfied with any that I have seen.
This youtube video is pretty good other than:

  • I would recommend going to (the original source) to download it, rather than cnet (a third party repository). 
  • For the master password, His example password shows a good quality password. It is imoprtant that this password be hard to guess. This is the password that grants access to all your passwords. Another possibility is to use a phrase, instead of a password (like "I am a really big fan of tom8to spam sandwiches."). Whatever you use here, you MUST REMEMBER IT! If you forget this password, you have lost access to all your passwords!!!
  • As a matter of protecting your data, you must make sure you have a good backup of your password file. You can also print the password database, place the printout in a sealed envelope and store it in a fireproof safe. 

  • One other point he misses- in additon to the executable installer, there is also a zip file, which allows you to place the program on a thumbdrive that you can carry around with you, and use on any computer (make sure you have a copy of your password file on the thumb drive. There are also versions for iphone, android phones...

This video is another good one, that catches a few of the things the previous one misses, though he makes a few mistakes as well. Between the two, you should get a good idea how it works.

But both of these videos fail to actually show you what to do after you enter the username and password.

The short version, if you have populated the username and password fields, and the url, the easy way to use it, is to:

  • select the entry you wish to use and press ctrl+u to autolaunch the URL in your default web browser
  • make sure the cursor is in the username field on the web page
  • press ctrl+alt+k to return to keepass
  • press ctrl+u to have keepass transmit the username and password to the page.

Hopefully that is enough to get you started. Maybe if there is interest, I will put together a more complete tutorial.

So either of those is a good option. Next time I will show you an option for safely keeping your passwords on a piece of paper in your wallet.

No comments:

Post a Comment