One of the things I got to do over the holidays was dial up the strength of my passwords across the web. This was a gift that resulted from the Gawker hack.
I’d been casually improving the strength of the passwords I used, but using very little variety among the passwords. I was an easy target. So, when the Gawker notes went out, followed by Amazon’s note and so on. So, I decided to take my security more seriously. I explored creating a system that allowed for unique passwords, but was memorable enough that I could still keep them in my head. But, all the typing quickly got old.
Then a note from a team member who linked to this post “Jesus Christ, Use a Password Manager Already” and it got me looking into password managers.
As a quick overview, there are three basic categories:
- Desktop – stores your passwords on your computers hard drive.
- Portable – For your mobile device whether it’s your smart phone or thumb drive.
- Web based – Online password manager.
What you quickly discover is that each method has its own strengths (platforms or uses where it excels) and weaknesses (where it’s vulnerable). Each also creates additional overhead in terms of what you need to do to access secure sites (cut and paste, authenticate manually). Don’t get overwhelmed and do nothing. Choose a path that fits best with your computing habits. You’re online security will be better for it.
I’m giving KeePassX a try. It’s a free open source password manager. It keeps my passwords in an encrypted database with either a master password, a key file or both. You only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using secure encryption algorithms currently known (AES and Twofish) which is great. And it’s available across platforms, so whether you’re on Windows, Mac or Linux, you’re covered.
If you don’t want to get a feel for what others are using, check out Lifehacker’s Five Best Password Managers from their Hive Five efforts.
Good luck and safe browsing.