If you’re like me, you have a lot of online IDs and presences that you have to constantly maintain. Some may be credentials to your email accounts. Others may be information pertaining to your Facebook, Twitter, LinkedIn, or other websites, or credentials for devices such as your routers, WiFi access points, and printers.
Some of this info may be easier to remember mostly because – unlike what the common best practices tell us – many of us use nonexpiring passwords for these credentials. Meanwhile, other IDs may be more hard to remember, such as online banking, credit card sites, and other more security-aware sites and portals. Other IDs may be the ones that you opened just once in order to be able to read some members-only information, posted a question on some forgotten forum or community, or even registered to some company website that promised to give you something in return. The list is endless.
Almost all security experts will agree on this: Keeping your online IDs as diverse and complex as possible is good for your online safety. We wrote more about this in a past article, “10 Tips to Make a Secure Password.” Today I’ll introduce you to two free password management tools: Password Safe and KeePass Password Safe.
(Editor’s note: Already caught in a bind and forgot an admin password? Need to do a reset? Check out this article on how to regain access to an administrator password.)
Free Password Management Tools
Okay, so now it seems like you have a billion secure (more or less) passwords and online IDs, and in addition you need fast access to them, mostly because you usually need one or two or ten of them each day you spend online. In these cases and others, remembering all those online IDs is difficult, even for someone that tries to be as organized as myself.
So how do you manage your online passwords and IDs? Do you use some unbreakable and top-secret secure algorithm, or do you just write them down on a sticky note and post them on the corners of your computer screen? Some may even take additional security measures and sometimes stick these notes facing backwards to confuse potential hackers… sure, no one can break that security! LOL.
I’ll tell you what I do: I use a good password keeping software that I can trust, and then I just keep on using it.
In the past I’ve use a very nice (and old – 1999 – that old) password manager back when there were not so many of them. The tool was called Whisper 32, but it’s long gone and not maintained any more. Even though it had it’s flaws, I kept on using it, until one day the worst thing happened: I lost the master password for my latest passwords file that was used in the tool, and that meant I had to start from scratch.
So I started to recollect all my online IDs (the ones that I could remember), and looked for a better and newer tool for the job. My main requirements were:
- use freeware tools only
- no restrictions (for instance, a free version is limited while pro version has more options)
- use tools that are portable between computers
- use tools that make your life easier
- no sending of any information back to the tool’s website or servers – all information is stored locally
- open source
Then I came upon two excellent tools. By the way, I’m not saying that these are the only good tools out there. Do you use another excellent tool to keep your passwords safely? Is it 100% free with no restrictions or catches? Add it to the comments section below this article, and I’ll take a look at it.
The first tool is called Password Safe, which allows you to safely and easily create a secured and encrypted user IDs and password list. With it, all you have to do is create and remember a single master password of your choice in order to unlock and access your entire user name/password list.
Password Safe allows users to store all passwords in a single “safe” (password database), or to create multiple databases for different purposes (e.g., one for work, one for personal use). Each database is independent and can be moved and used on different systems as long as the same version of Password Safe is installed. Databases are encrypted with an encryption key derived from the master password (however, the master password is not kept in the database in any form).
Here as in with the next tool, you can decide to store the password database on your local computer, on an external flash drive, or even on the cloud using your friendly cloud-based service (Box, Drop Box, Google Drive, Skype, etc.).
When combined with DropBox or iCloud, you can keep a copy of your passwords on all your Windows PCs. What’s more, a nice port of Password Safe is now available for Android, and a compatible app called pwSafe is available for iOS. When combined with DropBox (or iCloud), you can now keep your master password list synced across all your devices.
Password Safe provides several mechanisms for using stored names and passwords. Most require copying the user name or password to the clipboard and then pasting the information into the required input field. Password Safe also provides a function, Auto Type, that automates the entering of user name and password into a web form.
Records can be organized based on your preferences, and quick access is provided to the username and password by copying them using an easy to remember key combination.
KeePass Password Safe
KeePass lets you put all your passwords in one database that is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). Both of these ciphers are regarded as being very secure. By the way, AES became effective as a U.S. Federal government standard and is approved by the National Security Agency (NSA) for top secret information.
A password database consists of only one file that can be easily transferred from one computer to another. You can store it locally or on an external disk. Another good place to put this file on is on the cloud (see previous tool for some examples). The complete database is encrypted – not only the password fields. So your usernames, notes, and other information are also encrypted. Alternatively, you can use key files. Key files provide better security than master passwords in most cases. You only have to carry the key file with you, for example on a floppy disk, USB stick, or on a burned CD. (Of course, you shouldn’t lose this disk!)
SHA-256 is used as password hash. SHA-256 is a 256-bit cryptographically secure one-way hash function. Your master password is hashed using this algorithm and its output is used as key for the encryption algorithms. In contrast to many other hashing algorithms, no attacks are known yet against SHA-256.
In-Memory Passwords Protection: Your passwords are encrypted while KeePass is running, so even when the operating system caches the KeePass process to disk, this wouldn’t reveal your passwords anyway.
The software itself is portable – it can be carried on an USB stick and runs on Windows systems without being installed.
The password list can be exported to various formats like TXT, HTML, XML, and CSV. It can also import TXT files created by Password Safe, which is a nice thing if you ever decide to move from one tool to the other.
The IDs and passwords can arranged in groups, and you can modify and delete them. You can also add custom icons of your own for the groups or records to ease quick identification. The groups can be arranged as a tree, so a group can have subgroups, and those subgroups can have subgroups themselves, and so on.
KeePass uses an intuitive and Secure Windows Clipboard Handling. Just double-click on any field of the entry list to copy its value to the Windows clipboard. Also featured is a timed clipboard clearing, which can automatically clear the clipboard some time after you’ve copied one of your passwords into it.
Finally, KeePass can generate strong random passwords for you. You can define the possible output characters of the generator (number of characters and type).