After writing my last post about drowing in passwords, I started to wonder if my plan of partitioning passwords was just plain bad. There were some issues that were still bugging me:
- Keeping track of which password goes where
- Tracking the passwords in general (ie. how many do I actually have?)
After thinking for a while, I decided to try a password manager. I have tried one before, but for some reason it just didn’t work out. I cannot remember why, but these things usually boil down to ease and usability. If the program is slow or complicated, and takes significantly more work than just typing a password into a field, then I usually give up. Still, I have a lot more passwords to juggle these days.
I found a password manager called KeePass that looks pretty promising. In addition, there is a port, KeyPassX that runs on Linux and hopefully Mac OSX (although I am almost never on a Mac).
So, with a password manager, I just need to remember one master password. It is never transmitted over the network, and never displayed in plain-text (unless I write it down). This master password unlocks all my other credentials. I can store the password database on a USB drive, along with the KeePass binaries. Then, it’s just plug-and-play on any computer I want to use.
This means I need to add my USB drive to my “always there” kit. Currently that kit includes my wallet, cell phone, and keys. If I can figure out how to get my current USB drive on my keychain then that would be perfect, since I would just need to remember my keys, which I almost never forget.
New plan: password manager + keychain USB + different passwords for everything + changing frequently = maximum security with minimum hassle
February 25th, 2007 at 1:21 pm
Even less hassle - nix the USB drive and go for an online password manager.
There are quite a few out there, just google “free online password manager”, though I’m clearly biased for my own product (I’m a PassPack founder). We’ll be releasing a new version on Feb.28 that has many of the functions keepass users are used to.
You can check the blog more info: http://passpack.wordpress.com
Cheers!
Tara
February 25th, 2007 at 2:54 pm
Hmm, PassPack is a really neat idea. There are a few problems that kind of offset its value:
1. You’re at the mercy of PassPack (and their server, and whatever else they rely on). If they go down, bye-bye passwords. Note: this isn’t just an issue for them going out of business. It is also an issue for denial-of-service attacks, server wackiness, or just plain old Internet hiccups.
2. It assumes ubiquitous internet access. This is fine for web only passwords like forums and such, but is no good for things like file-encryption or local database passwords. I think this is a small issue, but it’s an issue nonetheless.
Still, it has some definite advantages.
February 26th, 2007 at 12:02 pm
Hi. Yup, I agree on all points. One thing that’s on our road map is a local syncing program. It’s a future item, and will probably take a back seat to the more internet-centric features, but it’s on the list.
Thanks for taking the time to have a look though. Much appreciated.
Cheers,
Tara
October 1st, 2007 at 6:33 am
[...] Update:I’ve totally deprecated this plan in favor of using a passord manager. [...]