I have about 180 passwords for different websites and web services. They are all stored in one single password protected Excel document. As the list gets longer I am more and more concerned about its security.
Just how secure, or should I say insecure, is a password protected Excel document? What's the best practice for storing this many passwords in a secure and easy manageable way?
I find the Excel method to be easy enough, but I am concerned about the security aspect.
Answer
My favorite password storage tool is KeePass:
What is KeePass?
Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your website's FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem... A serious problem. The thief would have access to your e-mail account, website, etc. Unimaginable.
KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.
Is there any limit as to how many passwords you can store in it?
Only in theory. You can put as many entries into the database as you want, but at some point your USB key or HDD will be full.
Is there a way to automatically sync changed passwords?
No, not like you expect it.
You'll want to make that a regular, manual process. This can not and should not be automated.
I like to set up expiration dates for all my password entries: 
Then I remember to change my passwords regularly. I store the URL of the website with the password entry, so it's a quick process.
Can I automatically log on to a website like Facebook using this software?
No, not automatically either (at least to my knowledge). But this is where Auto-Type comes into play. For example, for Facebook, this is my Auto-Type setup:
As you can see, I've created 3 configurations for different browser titles. This allows me to simply go to facebook.com, press Ctrl+Alt+A, and the username and password will be automatically entered and I will be logged in.
If you have multiple username/password combinations for the same window title, you'll get a popup window asking you which password entry should be used.
What about mobile?
There are apps that support the KeePass container format on mobile devices. But I stay away from those. I just don't like the thought of my KeePass database on my phone.
I prefer to only transfer single passwords using the QR Code Generator plugin. It lets you generate a QR Code from a password, which you can then scan with your phone. It helps to have an app that can copy the scanned content to clipboard.
No comments:
Post a Comment