With the recent sweep of passwords being stolen from LinkedIn, Last.fm, and apparently eHarmony, I decided to post some tips and tricks on how to create strong passwords, how to keep track of them, and if you want to go a further step, delete online accounts that you no longer use.
Firstly, you can follow a few different methods to creating a strong password. You can either have a password with letters, numbers, special characters, or you can follow the XKCD comic's method. Or, you can mix and match. You can have a string of random words or a full phrase, such as a quote, and replace certain characters with numbers or special characters. The key to all of this, however, is that each website you log in to MUST be unique for each website. If you only use one password for all your websites, then you will have a lot of work when one of them is hacked.
Now, the hard part is remembering all of the passwords, especially when everyone has at least one e-mail account, a FaceBook, an Amazon or other online retailer, and online banking. That's four passwords for a very minimum Internet user. I know that I have more than 30 passwords for online shopping, gaming, music, banking, and social networking. And I've seen others with more, and other's with less. The real danger, though, are accounts that you don't use everyday, or even every week. Sites that you have forgotten existed.
Before I get to far ahead of myself, lets figure out the best way to store all of your passwords. If you said Post-it Notes on the monitor, do me a favor and slap yourself. Thanks. Now, the best way to store passwords is NOT on Post-it Notes. I mean, not only is it insecure, but could you imagine how many Post-its you would need for 30 or 40 passwords! You wouldn't be able to see your computer screen. So, that leaves us with your brain, or your computer. I know, I hear you saying "But what if I don't remember my password to get into my computer?!" I would have to say "Once you finish reading this, you'll only need to memorize 3 passwords!" And if you can't remember at least three passwords, than you're up a fecal creak without a paddle.
My preferred method for storing passwords is using the open-source and cross platform program KeePass. The other big player is Lastpass, which offers cloud syncing and saving, as well as a browser extension for almost every browser. Lastpass and KeePass can auto-generate a password for you, and both have 256-bit AES encryption. KeePass is a local (i.e. stored on your hard drive) solution while Lastpass is in the cloud. However, with the use of my most used and favorite program DropBox, you can turn KeePass into a cloud-like solution as well.
Since KeePass is my preferred method, that's the one we're going to look at. KeePass is cross platform, and is actually more akin to an encrypted database. You can see in the photo that KeePass has a folder hierarchy, but the most crucial and important file is the one that ends in .kdbx. That is the database that holds all of your passwords, and everything else just holds the config files for how KeePass displays your data. As you can also see by the screen-shot, I already have my KeePass in DropBox."What about security!?" As I said Earlier, KeePass supports 256-bit AES and uses a password you set up as the key. That means that your KeePass password needs to be longer than 16 characters, strong, and complicated. I used a phrase with upper and lowercase characters, as well as numbers and special characters. It makes it extremely difficult to guess and break, but because it's a phrase, I have an easy time of remembering it.
"What if DropBox is hacked?" Because KeePass uses 256-bit encryption, not only will the hackers have to try to break DropBox's Encryption, they'll have to break yours on KeePass. And if you're worried about DropBox snooping on your Data, they would have to crack your encryption just the same.
"What happens if KeePass is hacked?" Because all your KeePass data is local, there are no worries. And if for some reason KeePass ever stops development and is never picked up by any other developer ever in the open source community, you can still access your KeePass Database. As you can see the earlier screen-shot, my folder has a "keepass.exe" in it. That means that under Windows I can still run the program. That means that I could always go through and copy the data to a different program, or continue to use KeePass.
 |
| Awesomely Intricate Password Goes Here. |
 |
| The basic Screen. |
Now, to use KeePass the Easy Way, go to something you need to log into, such as Mint.com, and get into the login page. Make sure that your cursor is in the "Username" field, and then click over to KeePass. KeePass has a function called "Perform Auto-Type" which does as its name implies. This essentially types in your username, types "tab", and then types your password for you. It doesn't work flawlessly in all websites, especially ones where there's a checkbox or something in between the username and password fields, but I would guess that 90% to 95% of the time it works without a hitch. Right Clicking on an entry will bring up the context menu to use "Perform Auto-Type", and then you'll see the magic happen on the login screen on your web browser.And there you have it. You now have all of your passwords stored in a safe, easy environment that works on all sorts of different Operating Systems and Platforms. All you need to memorize now is your computer's login password, your KeePass password, and if you use DropBox, your DropBox password. Everything else is memorized for you by KeePass. And since KeePass is locally stored, YOU have control over where it is, and how it's stored.
Gallery:
 | |
| Adding a Group |
 | |
| Adding an Entry |
 | |
| Empty Fields with auto-generated password |
 | |
| What a Password! |
 |
| Icon Choices! |
 | |
| Icon Changed and Data Entered. |
 |
| Complete! |
No comments:
Post a Comment