Password Security

With all the security breaches happening on networks and computers all over the world, you’d think that something as simple as password security would be in the forefront of everyone’s mind. Yet, for some inexplicable reason, the majority of folks don’t give it much thought. Be honest now, are your passwords difficult to guess? Are they written down somewhere? If so, where? Please don’t say under your keyboard or tacked to your bulletin board.

In today’s world of social media and basically doing most everything online, long gone are the days of just having a handful of accounts and passwords to remember. As a matter of fact, I would bet that most folks have a minimum of 20+ online accounts they access on a regular basis. It’s not hard to imagine if you think about it. The average person will have passwords for accounts at Work, Google, PayPal, Credit Cards, Facebook, Banking, Email, Amazon, School, Netflix, Online Gaming, etc. These are just a few examples. How can someone manage all these passwords? I’m sad to say that many people use the same weak password for most, if not all, of their online accounts. And if your password gets compromised…..ALL of your accounts are in jeopardy of getting compromised. This is serious business, yet I continue to witness a laissez fair attitude when it comes to managing and securing your passwords. Would you leave the keys to your house just laying around for anyone to take and break into your lovely home? Of course not. Your passwords are your “keys”, take very careful care of them.

OK, now that I’ve gotten that off my chest, the rest of this post is about using a free Password Manager to manage your passwords securely and effectively. There are several really good FREE Password Managers available and it really doesn’t matter which one you use as long as it is reputable. We are only going to touch on one of them today, KeePass. At the end of the post, there will be a few links to several Password Managers that you can try and decide for yourself.

Download and install KeePass here. The premise for any Password Manager is to “manage” all your passwords in one place in an ENCRYPTED database file. Most Password Managers will have a Master Key. This should be a long, strong combination of characters, symbols, numbers and upper and lower case letters. It can be a phrase, sentence, quote, list of concatenated words as long as it is STRONG. Whatever you make this Master Key, please don’t forget it. If you forget the Master Key (Password), quite frankly, you’re screwed. There is no way to recover your password database. So don’t forget it! The Master Key is the only thing you need to remember to access all your passwords. You don’t need to remember all 50 darn accounts and passwords you’ve accumulated throughout your lifetime. This allows you to create DIFFERENT passwords for all your online accounts. You should already be doing this but if you are not, then you to immediately.

When you first open KeePass, you will be presented with an empty database. Select the Create New Database button.

pwmgr_a1

Save and name your new database to your hard drive.
pwmgr_b

Now you need to create a Master Key. I suggest you create the Master Key using a combination of a Master Password and a Key File. I’ll explain why this is more secure later. Enter in your strong Master Key password/phrase and re-type it to confirm.
pwmgr_c

Check the Key file / provider box and select the Create button to create a Key File. Save the Key File somewhere on your hard drive. I would save it to a different spot from your KeePass database (just to be a little more secure).
pwmgr_d

You will now be presented with a screen where you will be asked to type in random keyboard input and mouse clicks in order to build the Key File. Do this for a while and then select OK.
pwmgr_e

Select OK on the Create Composite Master Key window to finish creating your Master Key. Please remember where you saved your Key File. You will need this to access your KeePass database.
pwmgr_f

Finally, you will be presented with a Database Settings window and asked to give your new password manager database name and a description. After you select OK, it will open the KeePass database.
pwmgr_g

pwmgr_h

If you exist out of the database and re-open KeePass, you will see below. You will need to enter in two things:
1. Master Password
2. Location of your Key File

pwmgr1

To add an entry (account and password info), just select the Key button
pwmgr2

You can organize your passwords in Groups by right-clicking KeePassDB and selecting Add Group. You can also Edit existing groups if you wish.
pwmgr3

Once you’ve selected the Key button to add an entry, just add your account information, password, URL and any relevant notes. You can view the password by selecting the ellipsis button. You can also generate a password by selecting the Generate a Password button below the ellipsis button.
pwmgr4

After you’ve entered and organized all your passwords and accounts, you can hit the Save button to save your settings.  If you’d like to synchronize your Password database between two computers (say your desktop and laptop, then you will need to Synchronize your database. You can do this by selecting File, then Synchronize with file. Select where you want to save the database (i.e. USB drive). You can now take this database AND the key file to your other computer, install KeePass and manage your passwords from that computer as well. Keep in mind, any changes you make from multiple computers MUST BE SYNCHRONIZED (to a USB thumb drive for example) and then taken to each computer and SYNCHRONIZED from those computers as well. There are all kinds of plugins for KeePass that will make things easier but that is for another time.
pwmgr5

pwmgr6

I promised earlier I’d explain why we are using a two-factor method to secure our password manager database. The two factors are 1) Master Password and 2) The Key File. In order for your database to get compromised, a hacker would need to solver your Master Password AND get access to your key file. Save your Key File to a secure location on your hard drive where only YOU have access to it. When backing up your KeePass database, DO NOT, backup your Key File to the same location. You should only have to back up your Key File once to a couple of different locations (i.e. USB thumb drive, DVD). This way, the Key File will exist in three different places (including your computer hard drive). Store the Key File in a safe location and never let it get into untrusted hands. Go to the KeePass website to read more information about how it all works.

There are many more features and great plugins for KeePass but we’ve only covered the basics which is plenty enough to get you started and functioning within a few minutes. Check out the links for additional information. I hope this has been helpful. If so, don’t be shy, leave a comment and say Hi!

http://www.howtogeek.com/141500/why-you-should-use-a-password-manager-and-how-to-get-started/

http://keepass.info/

http://lifehacker.com/5529133/five-best-password-managers

 

George Almeida

Welcome to my little corner of the blogosphere. I'm an Information Technology Director. I specialize in Windows operating systems, applications, servers, storage, networks and also have a technical background on the IBM iSeries platform. My only purpose for this blog is the hope that it helps someone, someday, somewhere. Any meager proceeds derived from our sponsors will be donated to charity.

You may also like...

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x