geek security software tips

complex passwords the easy way

If you’re as geeky as I am you probably have a shitload of account spread all over the net for all sorts of websites like Flickr, Yahoo, the mighty Google and some more obscure ones. The shitty part of all these accounts is that if you want to be a bit secure you have to use a different password for each one, since you can never be sure some admin can’t read that password of yours, or some nasty cracker gets his way into the sites database and leeches the account info.

Using different passwords for all these sites however makes you end up using that “email me my password” button a lot, or makes you pick passwords that are somewhat related, like with a fixed pre- or suffix, and something variable for each site. You could make your passwords more complex and have your browser store them, but I know that isn’t secure either, and what if those passwords get erased somehow?

So then I came across a piece of open source software called KeePass that fixed those issues for me, and then some. KeePass Password Safe is exaclty what the name says. It keeps all your passwords and account info in a single database file (yep, you’ll need to make a backup of that) and protects it all with a master password you need to unlock it, and some hardcore encryption so nobody will crack that file and get all your passwords.

The encryption is pretty hardcore. You can make the AES encryption as tough as you like, as you can set the number of encryption rounds yourself. So with computers getting faster and faster, you can adjust your encoding level likewise. This makes it pretty safe AFAIK, so you can email this file to yourself without the fear of all your passwords being out in the open.

How does it work? Well, since I use this mainly for easy website logins, I’ll take that as an example. Let’s say you want to check your email. You logon to GMail (of course, what else would you be using) and get the login prompt. Then you hit CTRL-ALT-A and *kazam* KeePass pastes your account and password in the login fields, and even hits the return key for you. You’re now logged in to your favorite web service.

That is the short version. When you do this the first time, you’ll have to enter the master password to unlock the database. Also, when you add website accounts to KeePas, you’ll need to enter the URL for the site so KeePass knows which account to paste in the login fields. Sometimes you need to do a little tweaking for this to work on some sites, but it’s all nicely explained in the help file how that works. Most of the time you don’t have to bother though, it just works like that.

With this kind of ease of use you can use complex passwords like “49x+gDd5ywINaFVZl00K” KeePass generates by default, and not bother about having to remember them.

Ain’t that sweet?
If you feel like giving it a try, you can get it right here for Windows, Linux and Mac OSX.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.