Manage Your Passwords and Protect Your Identity

9 comments

in How To...,Web

If you are like any average computer user you’ll have to manage usernames and passwords for dozens of Internet sites, computer domains, voicemail, telephone banking and odds are you’ll use the same information for all of them. Not only does this increase the likelihood that your password will fall into the wrong hands, it leaves you vulnerable for identity theft, fraud, hackers and other Internet baddies not only for one site but for all of them. The ideal way to deal with login security is to have compartmentalized login and password combinations keeping each account separate. Of course it’s a pain managing multiple accounts, remembering the passwords and you could even resort to the dreaded post-it note of passwords you keep in your wallet.

An excellent way to manage multiple accounts is with a password management program. There are many out there to choose from and it comes down to features and preference. Here at FiscalGeek we are strong advocates of the free Open Source package KeePass. KeePass is great it’s a very light weight, easy to use program and is available in Windows versions as well as Mac OS X, and many Linux variants. Further you can run KeePass directly from a USB thumb drive so you don’t even have to install it on the computer you are using which is a very handy feature in public or on a work computer which won’t allow you to install software. We won’t go into the details of installing KeePass their website has plenty of information on how to get up and running but let’s get into the details and talk about some best practices. I currently am using version 2.07 Beta.

Setting Up Your Password File

KeePass Setup FileAfter you fire up KeePass the first thing you are going to do is setup your Password File. You have a choice to make here and it depends on how secure you want to keep this file. Remember this file will contain your entire collection of passwords so it pays to be a little paranoid. You can trust that your file will be well protected because it’s encrypted with  SHA-256 which is a 256-bit cryptographically secure one-way hash function. Your master password is hashed using this algorithm and its output is used as the key for the encryption algorithms. So your decision is this, do I want to just use a very strong password for this file or do I want to keep a key on a thumb drive or media drive or do I want both? My recommendation would be to have both that way you are getting your highest level of security possible. A would be hacker would need to have access to your password file, have your password and have a copy of your key for the password file. This will make it very difficult for evildoers to get access to your file. A best practice here would be to save a copy of your key to a DVD,CD-ROM or USB thumb drive which you can then use to validate your identity upon opening the password file. In this manner you can use something like Live Mesh or DropBox to keep your password file synchronized among your various computing devices. You’d then just keep a copy of your DVD handy and store it safely away when not in use. I would suggest also creating a backup of the DVD and keep it safe.

Organize your Login Information

keepass_entryNow you are setup you just need to determine how you want to categorize your information. You could have separate categories for online banking, e-commerce, work passwords and on and on. This is going to depend on your needs and it’s very simple to setup. In the window you’ll see a folder view on the left. Right click on the  name of your file and choose …Add Group. Simply do this for all your groups. Under your groups that’s where you’ll create entries. Click on the group you want to add some entries to and then in the open windows to the right click or hit the Insert key and you can add your entries.

Choosing a Password

keepass_addentryIf you are going to fully buy into using a password manager to keep track of your various logins you can let KeePass develop passwords for you. This way you can be sure that they are strong passwords and that each one will be different. This will work well if you are going to be able to have KeePass with you everywhere. If not you may want to choose some passwords that you actually have a chance of remembering. Guest writer Adam Baker had a great post over at Bargaineering about Creating Strong Passwords You can Remember which would make a lot of sense for those sites or items that you need access to constantly like your Bank and Network Domain at work for instance. Then you can let KeePass create passwords for you on the less used items and keep your compartmentalization going. You can also tweak the settings in KeePass to utilize a scheme for your passwords which is also a handy way to make them more memorable and high quality at the same time.

Leverage the Power of KeePass

Now that you have your passwords “managed” you can easily use KeePass to login to your various sites. If for instance you are logging into your bank from your Web Browser and you click in the username field, get KeePass opened and get to the entry for this bank login you can then hit Ctrl-V to perform an autotype in your browser window alternately you can right click and choose …Perform Auto-Type. A super cool feature of Auto-Type is that it will perform Two-Channel Auto-Type Obfuscation. What? This means that KeePass will use a combination of cut and paste to the clipboard then to the password entry fields in the other application rendering any form of keylogger or clipboard spy useless. That’s great for piece of mind especially on a public computer.

Discipline

Like anything a little discipline is key in making a system like this work for you. You should regularly change your passwords (every 90 days or so) and you should protect them at all cost. You should also protect your password file by backing it up regularly. Finally stop writing your passwords on post-it notes under your computer keyboard. Good luck and hopefully you find some useful tips here.

This post was selected as an editor’s choice at the 71st edition of the Money Hacks Carnival hosted at the Canadian Finance Blog, give them a visit to check out all the great articles.  

{ 4 trackbacks }

Money Hacks Carnival #71 - Canada Day Edition | The Canadian Finance Blog
2009/07/01 at 12:06 am
Money Hacks Carnival #71 at The Canadian Finance Blog
2009/07/02 at 9:06 am
Quicken 2010 Software Review - Under the Hood
2010/01/26 at 9:22 am
Friday Round-Up - Get Motivated Edition
2010/03/26 at 9:50 am

{ 5 comments… read them below or add one }

MLR 2009/06/26 at 12:06 am

Hm, right now I have an excel file with an extremely complex password to keep people out.

Will give this program a try!

Reply

john cesta 2009/12/31 at 2:30 pm

Well the downloaded program doesn’t work. Why do I need net framework v2.050727?

Reply

Tater 2010/05/13 at 5:01 pm

……Because you are using windows and apparently your PC is 8 or more years behind.

Reply

Bob MacLeod 2010/07/07 at 8:55 am

I have been using KeePass for two years now. Over the years I have downloaded and discarded lots of free tools that have promised to help me manage my life better. I honestly expected the same of KeePass. But here I am, two years later and using KeePass almost daily.

In KeePass I have every bank account and credit card–including their websites and PINs. I also have every travel site and travel program, account numbers, and PINs. Of course I have every eCommerce site and their variety of logins and passwords. I have a lot of insecure sites too, like newsletters that are free but still have logins.

And finally, though KeePass isn’t really designed for this application, I have a list of key websites that I used to have as Favorites in Internet Explorer. Problem was that every time I crashed my hard drive or got a new computer, those favorites were lost and I had to re-search them. And now that I have a variety of browsers I use (IE, Chrome, Safari), it’s nice to know that the site I need is not stored on them).

Another major advantage for me is that now my wife at home on her computer can also have access to all those passwords. Before, she would have to call me and ask how to log in to whatever site. Now she can open KeePass, search for the name, and there’s the URL, the login, the password, everything she needs. And she does not even have to type the login or password… just copy and paste them.

I cannot speak highly enough of how helpful KeePass is. It’s so helpful, I would gladly pay money for it… but it’s FREE!

Reply

Hartman 2010/08/22 at 2:02 pm

Downloaded KeePass and is working fine. Cannot find an explaination of how to access protected sites from other computers. Can someone explain, I’m probably making this harder than it really is, Thanks……

Reply

Leave a Comment

Previous post:

Next post: