Posted 17 Apr 2011
In my previous article, I talked about the first step to digital security: good passwords.
Once you have a system, the easy part is coming up with secure passwords (IliKeC@tnip$1928 I used as an example came pretty easy). However, the hard part is remembering all these passwords.
You could come up with different variations of your same password for the various accounts that you use. But all those accounts start to add up: multiple e-mail accounts, Facebook, cell phone, Bitcoin, banking, Amazon, iTunes, Dropbox...the list goes on and on.
You may have a wonderful method of keeping the passwords straight, but do you really want to remember 50 variations of IliKeC@tnip$1928? If you like to keep your brain cells available to store random trivia facts for your shot against Watson on Jeopardy, there are software solutions that do the remembering for you.
A quick search on your favorite search engine (google, yauba, whatever floats your boat) reveals the plethora of available software solutions.
Many are paid, many are free, and many are just no good. Some use proprietary cryptography, while others use open source cryptography. Some are cloud based, while others are traditional desktop software. So what's a secret agent to do?
My personal preference for password managers is to look for a free, open source, traditional desktop solution. I like free because I try not to pay for software, since software trends change so rapidly. I like open source because I know what software and what cryptography is being used to protect my data.
I like a traditional desktop solution because when it comes to my personal data, I want to be in control of it.
Now, I'm a huge proponent of cloud-based solutions for most of my software solutions. E-mail, word processing, music, file storage all taste better in a cloud-based solution.
But when it comes to my user names and passwords--my access to all my private data, like my anonymous card for shopping online--I want to be in control of my data. Cloud- based solutions offer a great deal of flexibility and accessibility, but if I don't have access to the Internet and the cloud-based solution doesn't offer a local storage solution, I'm SOL.
With the ubiquity of Internet connectivity these days, it's not a likely scenario. But, if you are reading this, you are the type to plan for all contingencies, not just the most likely ones.
So which free, open source, traditional desktop software do I use to keep track of my passwords? KeePass.
This awarding winning piece of software meets all of my requirements for a password manager and is a breeze to use.
After downloading and installing the software (Windows, Mac, Linux, Android, iOS, and portable versions are available), you create a new password database.
This entails creating a master password that you will use to unlock the database.
Once you've created the database, you can create entries for each and every login you have. And this is where KeePass truly begins to shine. Let's use creating an entry for your e-mail account.
Instead of using IliKeC@tnip$1928 as your password, you can have KeePass create a random password for you. You can set up the various parameters for the password, including password length and types of characters.
Not only does KeePass create passwords for you, but KeePass also remembers passwords for you. With a convenient copy/paste feature, you no longer have to type your own passwords.
As awesome as KeePass is, we've only scratched the surface of this fantastic utility. Digital security is like forcing the principle of the Fourth Amendment, requiring a really good reason to pierce your personal privacy, to work for you. Check back for the follow up post with secret ninja tips and tactics of how to use KeePass as your greatest password weapon.
You can use KeePass to make sure you are keeping good records with strong encryption that won't be compromised. Everything from any hawala transactions you make to protecting your bank privacy. You can even use it to store the usernames and passwords for your anonymous web surfing accounts.