Selecting, maintaining, and updating strong passwords for the many different applications you use at your institution or online can be greatly simplified by using a password manager, as Amy discussed in Maintaining Sanity and Security: Why Use a Password Manager? Amy mentions several password managers in her post, and Ryan has written about LastPass, a cloud-based manager that offers extensions for the major browsers.
I’ve been using LifeHacker favorite KeePass Password Safe for several months now, and thought I’d explain why I like it and how it’s different from some of the other managers available.
KeePass is Open Source
KeePass is free open source software, certified by the Open Source Initative. The central software is available in two editions for Windows, Classic and Professional (which requires .NET). Both are still supported and continue to be developed, as they meet the needs of different user groups. I use the Classic edition. A wide variety of ported versions are also available, including KeepassX for Linux and Mac OSX, and versions for Android, iPhone, Windows Phone 7, Blackberry, and more.
You are in charge of your KeePass database
KeePass is a full-featured password database, not a web-based service. This means that when you download and install the software, you have complete control over the file in which your passwords are securely encrypted. If you’re at all nervous about having all your passwords securely stored in the cloud by some corporation, then this is a good solution.
The only caveat I’ll point out is that if you forget your master password, then you will be completely locked out of the database.
Features
Downloading and installation is very simple; there’s both the standard Windows version and a portable version (in a ZIP file) that runs without requiring administrative installation, making it perfect for using on a flash drive. Although KeePass is a full-featured program (see screenshots) it is also very easy to use.
- Password generator: KeePass can generate random passwords (you can set parameters of which characters to include and how many in the string) for you, or you can select your own passwords.
- Password strength meter: KeePass indicates how strong your passwords are, encouraging better password selection.
- Master Key: you can either set a master password for your database (again, it’s crucial that you don’t forget this one) or you can use a key file, which you would need to have with you on a USB stick or other storage format to open the database. You can also use both.
- Organizing Your Passwords: Within your database, you can create groups and subgroups to organize your information. Each password entry screen has fields for item name, URL, and notes.
- Import/Export: You can import and export your password information in a variety of formats, including ,CSV, .TXT and others.
Use KeePass with Dropbox
Since your KeePass Password Safe database will exist only as a file on your computer, if you want to synchronize it with your phone or across several computers, you’ll want to use ProfHacker favorite Dropbox. I use KeePassDroid and Dropbox on my Android phone to make sure that I can access my information if I’m away from my primary computer.
Better Security, Better Peace of Mind
When you first adopt any password manager, it will probably take some time to learn its features and to create entries for all your accounts. That’s also a great opportunity to go ahead and change your passwords to more secure randomly-generated ones. If you’re not ready to sit down and do that today, at least make sure that you’re not using the same password for multiple accounts or using some of the common weak choices that criminals exploit.
What’s stopping you from using a password manager? Let us know in the comments!
[KeePass logo from software website.]
