Better Security Through Password Management

By Joseph Moran | Posted March 14, 2008

In our article A Tale of Two Passwords, we looked at two commonly overlooked router-related passwords that can leave your network vulnerable if not configured properly. But it's not just the seldom-used passwords that many of us neglect — we still manage to ignore or forget there plenty of passwords that we use far more frequently (particularly for Web sites).

On any given day, we may have to use many different passwords. Most of us are at least somewhat aware of the guidelines for proper password creation and use, but few actually follow them. (We won't rehash them here, but for a good explanation check out an earlier installment of this column. The problem is that even one "good" password is hard for most people to remember, never mind four, six or ten.

Therefore, where passwords are concerned, we tend to do exactly the opposite of what we're supposed to—come up with the shortest password allowed, use the dog's name, use that same password for everything, and change it only when forced to (usually from something like baxter to baxter1).

If you lack a photographic memory but would still like to follow better password practices, here are two tools that can help you do it.

KeePass
KeePass is a free, open-source utility that gives you a centralized place to store, organize and manage all of your passwords.

Once you've installed the software and it's up and running, choose File then New to set up a password database. Next, enter a Master Password in the space provided. This password will control access to the utility, and it can also be the root of every other password you manage with KeePass, so make sure you create one that's a decent length.

As you type the software will report the bit strength of the key and the color indicator beneath will go from reddish to green as you add characters. You can click the button with three dots to view the characters as you type, and you should make a written record of the password before you type it in the second time for confirmation.

After your database is set up, you'll see a number of login categories listed, such as network, Internet and e-mail. To create a new password entry for a category, highlight it and right-click the empty space on the right side of the window. In the Add Entry window, give the entry a recognizable name and then enter your user name and password where indicated. The password field will automatically include your master password, which you can build off of or clear from the field and type whatever you want to use. Then enter the URL of the site in question.

To help visually distinguish between entries, you can change the icon each will display using the button in the upper right. If you put a check in the Expires box and specify a date or time, KeePass will indicate the password as expired after that point and display its entry with a red X. This doesn't mean your password will stop working, but rather serves as a reminder of when to change the password.

Now that we've created an entry, let's see how to use it. When you right-click an entry, you'll get a context list of actions to perform. For example, Open URL will open your browser to the site specified. If the site's main page doesn't contain the actual username and password sign-in fields, you should modify the entry to reflect the URL that does (for example, it might be www.site.com/login).

When the browser's open to a site's sign-in page, you can click and hold the user name part of the KeePass entry and drag it into the matching field on the page, where the information will automatically be filled in. Repeat the process for the password and click the site's sign in button and you'll have logged into the site without having to do any typing.

Another and even more convenient option is to use the KeePass Auto-Type feature. With the site's login screen open, right-click its entry and choose Perform Auto-Type. This will automatically send the username to the first field, then send a tab keystroke, then send the password to the second field, then an enter keystroke, effectively letting you log in with a single mouse click.

KeePass includes a built-in password generator, and if you'd rather not need to remember even a single master password, you can use a key file instead. KeePass obviously is ideal for people using a single PC, but if you frequently use more than one computer, you can download a portable version that doesn't require any installation and can be kept on a USB key.

Continue to Page 2



Page 1 of 2

 
1 2
Next Page

Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date