|
Passwords. They're a blessing and a curse, aren't
they? In today's digital world, we all seem to have passwords for
well, for everything. And a lot of passwords.
 For
online banking, Web mail, e-commerce sites, our favorite Web
applications, and more.
As many of us have learned, though, it can be hard to remember all
of those passwords. If you forget a password, the kinds of sites
mentioned in the last paragraph can either send you a password or
reset it. But that's takes a bit of time and just adds to the
confusion.
While you can write down your passwords in a paper notebook (remember
those?) or in a file on your
external hard drive, what happens if you lose the notebook or
delete the file? Or if someone else gets hold of them? The situation
will end in tears.
Instead of relying on your memory or more traditional ways of
storing passwords, why not turn to a password manager?
Enter the password manager
A password manager is a piece of software that, obviously, lets you
securely store and organize your various passwords. The software is
usually designed for a
desktop computer or a
notebook computers, but password managers are also available for
smartphones. The BlackBerry, for example, comes with one called
Password Keeper.
The principle behind the password manager is simple. It stores your
login information in an encrypted database or in a file hidden
somewhere on your external hard drive. You enter your information
using a simple form. This information can include:
-
The name of the Web site or service with which the password is
associated
-
A user name
-
The password (of course)
Optionally, there might be space for entering a URL and a note.
Whenever you need a password, you just dip into the password manager
and pull it out. Some applications, like Apple's
Keychain Access, enable you to log into a Web site using a
single password.
The obvious advantage to using this kind of software is convenience
you don't need to try to remember multiple user names and
passwords, or worry about confusing them. They're all in one secure
place. But what's out there? Let's take a look at a few.
Universal Password Manager
This is an interesting one.
Universal Password Manager is an Open Source application that
runs on Linux, Windows, and Mac OS. You'll need
Java installed on your computer to run this application, but the
three operating systems on which it runs usually have Java installed
already.
To get set up, you create a database for your passwords. From there,
you can add your passwords to the database using a simple form.
Universal Password Manager has a nifty feature that lets you copy a
user name or a password from an entry in the database, without
having to double click on the entry. This is useful when you
remember one or the other (it happens!).
The database is encrypted with a scheme called
AES (Advanced Encryption Standard). It's not the
strongest encryption but it works. While you can create multiple
databases for example, one for our desktop computer and one for
your
cheap netbook Universal Password Manager is Web enabled. You
can save a database to a Web server and point the application there.
No matter what computer youre using, you can always access your
password store.
KeePass Password Safe
KeePass is sort of like a supercharged version of Universal
Password Manager, though only for Windows. It comes in two versions.
The Classic version, which has more than just basics features, and
the Pro version, which needs Microsoft's
.NET to run. You can compare the features of the two versions
here.
Remember what I said about KeePass being Windows only? That's not
quite true. The Classic version also runs in Linux under Wine,
although the toolbar buttons go AWOL. And the developer says that
the Pro version will run under any operating system, like Linux or
Mac OS, that supports
Mono (an Open Source version of .NET).
KeePass stores all of its information in a database that's encrypted
with AES (told you it was like Universal Password Manager).
You can have multiple databases, and add multiple groups to a
database. Groups enable you to collect similar Web sites,
applications, services in separate folders -- one, say, for Web
applications, one for e-commerce sites, and another for banking
information. This makes it easier to manage your passwords.
You can also tell KeePass to protect certain fields of the database
-- like password or user name -- while the application is running.
While you're using a database, or before you save it, this keeps the
information safe from other applications, like
trojans, that may try to read your computer's memory. What
really sets KeePass apart from other password managers is its
collection of
plugins. There are plugins for importing passwords from other
applications, managing databases, integrating KeePass with other
software, and more.
GNOME Password Manager
If you're running Linux with the
GNOME desktop, you've got a password manager already installed.
Called
GPass, you can find it under Applications > Accessories.
It's a simple application but one that gets the job done.
To use it, you click the Add button on the toolbar.
From there, enter whatever information you need. At the very least,
you should specify a name to identify the information, a user name,
and a password. Click OK and you're done. It's that
simple.
Passwords are stored in a file, encrypted with the
Blowfish encryption scheme, somewhere on your computer. I'll be
darned if I can find that file ...
GPass lacks a lot of frills. But one useful feature that it shares
with Universal Password Manager is the ability to copy user IDs and
passwords by right clicking on an entry you don't need to open it.
GPass also has a decent search feature, which is useful if you have
a lot of passwords.
Passpack
Passpack is a Web-based password manager. It's said to be quite
secure. The login procedure itself is in three steps: enter your
user name and password, then click a security image, then enter a
passphrase.
Once you're in, it's easy to use. As with desktop password managers,
Passpack has a form for entering a user name, a password, and a link
to a Web site (if necessary). On top of that, Passpack
shows you the strength of the password while you're typing it. I
can't vouch for the accuracy of this. If you enter the entire
alphabet and numbers from 0 to 9, the password will be considered
fairly strong.
Passpack also has some useful tools. You can import and export
password files to and from another password manager. There's an
Adobe AIR application that lets you access your passwords from
your desktop. On top of that, Passpack supports a feature that lets
you specify sites to which you can login with a single click.
A few words of advice
If you're using an online password manager like PassPack, it's
probably best not to add passwords for online banking, credit cards,
or services like PayPal to it. The application might be secure, but
you can never be 100% confident. The convenience could wind up
costing you.
If your password manager has a feature that automatically generates
password, don't use it. A good password is random. These
applications generate passwords that aren't truly random. Instead,
they're what's call
pseudo random. You get a complex password, but there are tools
available that can detect a pattern in the password and break it. It
may not happen to you, but you never can tell.
And never, ever forget the password to get into your password
manager. That seems like simple advice, but far too often people
have let that password slip their minds. It's embarrassing, and
I'm speaking from experience.
Conclusion
Wrangling your many and varied passwords isn't an art. It can be
tough, but with the good password manager the job is a lot easier.
You don't have to worry about potentially fallible human memory, and
you'll eliminate the chaos that all of your passwords are causing
you. |
