Wednesday, 12 December 2012

Using Password Safes

Using Password Safes to Manage your Credentials

I've been using a Password Safe to manage passwords to all of the websites for which I have credentials for about a year now.  The passwords are generated by the tool and are utter gibberish, I have control of the complexity and am certain there'll be no re-use across domains.

I'm going to describe my thinking behind this and then walk through how to set it up for a typical Windows user.

Why I'm doing this

I have a accounts on a large number of sites: retailers, utility companies, financial instituitions, travel companies and, dare I say it, social media.  Some I log into on a daily basis, others as infrequently as once a year.  It's a real problem to remember unique passwords for each one, so I've decided not to try any more.

By using a password safe on a USB keyring to manage all the credentials, I get the following:
  • Unique passwords per site
  • No need to remember passwords
  • No need to remember if I have previously used the site
  • Complete control over the complexity of the passwords used
  • Encrypted storage of all passwords in one place
  • Access to my passwords when I'm out and about

What's a password safe anyway?

A password safe is a (small) software program that stores login names passwords and any other pertinent data to the account in an encrypted file.  You need only remember the password to the password safe and everything else is taken care of.

I keep my password safe on a USB stick I (nearly always) keep in my pocket and I have a backup on a file server.  If I loose the USB stick, the file's encrypted and and it's only a few Euro to replace the stick and then get the file from the backup.

How I do this

  • I've a USB stick I keep in my pocket
  • I've downloaded a copy of Password Gorilla and have the binary on the USB stick.  This way I can run it on any Windows machine I'm using.  There are plenty of  other tools out there, but this is the one I'm familiar with
  • I've created an encrypted password safe file on the USB stick too.
  • I've got a record for each site I keep an account on 
  • Every time I create an account on a new web site I
  • Create an entry in the password safe
  • Generate a unique password for the site (Password Gorilla does this for me)
  • Record anything else relevant in the safe (answers to reminder questions for example)

  • I've configured the safe to auto-save my updates (so I don't have to remember to do it)
  • When I want to login to a site, I can get the URL, username and password and paste them into the browser

Anything else?

As the file is password safe file is encrypted, there's a bit of flexibility in what you can do with it.  Anything sensitive (bank account numbers, social security numbers) can all be stored with relative confidence.

Disclaimer

This is how I manage my passwords.  I'm not claiming it's foolproof and I accept no liability if you choose to do this.  It's your data & credentials: securing them is your responsibility.
Posted by at

1 comment:

  1. Mark Craven10 May 2013 at 02:04

    A little smug to comment on my own post, but I came across this the other day

    http://www.youtube.com/watch?v=dcjViYTDk-A

    ReplyDelete

Subscribe to: Post Comments (Atom)