Saturday, May 7, 2011

How to keep your passwords secure

Well, now that there are reports of PSN passwords being exploited on other services (Blizzard, Paypal, etc.) I thought a followup to one of my earlier blog posts was in order.

Everyone knows that you should use secure passwords everywhere, and that you should use different passwords at each place.  "But Ed", you say, "How can I remember all that?  I'm not a computer!".  Well, I'm glad you asked.  This system is what works for me:

Step 1, Download and install Dropbox.  Dropbox works like a folder on your computer that is synchronized to the internet.  If your computer gets lost or stolen, the contents of your Dropbox folder are still accessible.  A 2GB account is free (and each of us gets another 250MB if you use that link), and plenty of space for what we're using it for.  You should be ok keeping the defaults during the installation.  Use a new password, at least 12 characters, with letters and numbers.  It's ok to write this one down for now.

Step 2, Download and install Keepass.  Choose the latest 2.xx version.  Keepass is a password manager.  There are others that can do the job too, but Keepass is free and open source.  From the Keepass website:

  • Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your website's FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem... A serious problem. He would have access to your e-mail account, website, etc. Unimaginable.  But who can remember all those passwords? Nobody, but KeePass can. KeePass is a free, open source, light-weight and easy-to-use password manager for Windows.


Step 3, Run Keepass.  Have it setup a new database (just using a master password, not a key file or a windows account), and save the database in your Dropbox folder.  To test it out, create a new entry (the icon with a green arrow pointing to a gold key) and put in your dropbox username and password.  There!  You have a secure Dropbox account, with a good unique password, that you don't have to remember!

If you have more than one computer, just install Dropbox and Keepass on them too, and Dropbox will keep your password file in sync across your computers.  Also, Dropbox and Keepass both have versions for ipad/iphone/ipod, Android, and Blackberry.

17 comments:

  1. Been a while since I used Keepass, may have to give it another shot.

    I find Google chrome browser with their sync option combined with Lastpass makes for an easy and quick alternative.

    Most of my passwords are from websites.

    ReplyDelete
  2. Yeah, there are many ways to skin this particular cat.

    ReplyDelete
  3. Great tip. I use dropbox already.

    ReplyDelete
  4. Very good reminder for those not in the know!

    ReplyDelete
  5. i need this service, thanks.

    ReplyDelete
  6. I just use a random password generator, basically a chart full of letters and numbers, and I roll dice, one die represents the x coordinate on the graph, and the other the y. And I make a password from that. It's not too difficult to remember, just gotta keep repeating it until its memorized.

    ReplyDelete
  7. Real usefull information, thanks for the tip off bro ;D

    ReplyDelete
  8. I just usually use variations of the same password, but it gets annoying when trying 5 different ones until you get the right one.

    ReplyDelete
  9. thanks.. i'm really paranoid about passwords. i have like 20 different passwords for 20 different websites... never the same one... i don't trust anyone! (and i do believe this is the right attitude)

    ReplyDelete
  10. They both have versions for the android? I'm signing up right now :)

    ReplyDelete
  11. This comment has been removed by the author.

    ReplyDelete
  12. I don't know that "you have a secure Dropbox account" is necessarily true (check this), though they may have fixed that by now. You might want to throw keep the whole Dropbox in a TrueCrypt volume to keep everything safe.

    ReplyDelete
  13. best tip: dont have one, haha

    ReplyDelete
  14. I just use variations of the same word with some reference to the site. I don't find it too difficult to remember this way.

    ReplyDelete