Password Locker

I'm sure everyone has this problem and it is certainly a big problem for myself, passwords. I realize they can be a pain and a lot of people stick with simple ones or use the same one on many sites.

Bad idea on both accounts, using a easy password is asking to get yourself in trouble. One common attack that hackers use is what is called a dictionary attack, they'll simply keep trying different passwords until they hit the right one AND they know what the most common passwords are people use. How many of you have used "123abc" before, I know you are out there.

Using the same password on different sites also presents issues, if your password gets hacked on one site you are now vulnerable to it being used elsewhere. For example if someone were able to gain access to a database for a forum that uses poor security measures such as storing passwords as plain text then the hacker will now have your password and can try and use it elsewhere. In case you're wondering that isn't the case here, passwords are stored using a one way encryption method. To decrypt you need to know what the password is, once encrypted I can't retrieve it myself unless I intercepted when you login. That brings up another possibility that the person running the site might be less than scrupulous.

To solve these problems you can use a password locker like keepass: http://keepass.info/

Keepass will allow you store all your passwords locally and securely. The file when saved and closed is encrypted, you only need to remember one password to open the file to gain access to the rest of your passwords. From there it's simple right click on the entry to copy the username or password to the clipboard. Keepass also generates passwords up to any length and complexity you want which is essential to good passwords. You can also store notes, files and many other things that might be important for that login.

On a side note you can also use this as "in case something happens" repository. I've given the password for this file to a very trusted relative. With each entry I've left notes so they know what it is and other pertinent information.

Remembering passwords is difficult. I've found what helps is to create passwords out of words, phrases and numbers that already are long stored in your head. For example your first sweetheart, first pets name, an old street address, old phone number, etc. By concatenating these already remembered letters and digits plus some punctuation keyboard characters you can get a reasonably secure password. Then at some reasonable interval change the password by switching one or more of the words. Or perhaps changing the word order.

Passwords should also be written down so that your love ones have access to them. Should something happen to you there needs to be some way for that trusted person to have access to your accounts. What I do is make a spreadsheet of all my account names and URL's with a column for my password. I store this unencrypted on my computer. I print the list and then using a pencil write in the password. I store this out of plain view but where it's reasonably accessible. When I make periodic changes it's just a simple matter of erasing the old password and penciling in the new.

Yes, a dictionary attack on simple passwords will work, but frequent password changes can greatly reduce the security risk. There will always be a risk when using computers, but the risk can be greatly reduced by simple steps. It doesn't need to be complicated by additional dependence on more technology.

Well I use a fairly simple password for the file stored locally. There isn't a whole lot of complication Yanche.

When you open keepass you'll get a password entry box, once you open it you can minimize it to the tray for easy access:


Here's the password entry panel, the little key next to the "repeat" text box will auto generate a password:


When you want to access the password or username just right click the entry and you can copy it to the clipboard. Note that it only stays on the clipboard for 10 seconds by default. There is also a setting in the option to auto minimize it when you do this so once you copy it the last window you were viewing which is usually where you need the password will be open:


Here's panel for setting password preferences:

Thats a nice idea. I use the same password everywhere , except my bank , e-bay and Pay Pal. All 3 different , but easy to remember.

I should note that it stores the passwords in a separate file, you could for example store copies of the file elsewhere without too much concern of it getting hacked. If you wanted to send a copy to a relative and let them know where to find the master key you can do that.