Talk Tech with CTI

Episode 12: Password Management: How do you keep track of your passwords?

I’m Jeff Durbin and this is Talk Tech with CTI. One of my clients recently asked me how I keep track of my passwords. So, I’m going to tell you about the way I manage my passwords.

Passwords! It’s a love hate relationship. There’s a password for your email, password for this web site and that web site, a password for my bank, password for my cable bill, you get the idea. We all have a lot of passwords. Keeping track of all of these passwords is a full time job. I’ve tried a lot of different ways to manage my passwords. One the deciding factors of why I do it the way I do is cost. I don’t want to spend money to manage my passwords unless I have to.

Free password management tools exist. You might even have some of the tools already installed on your computer. Microsoft’s Excel progam makes an excellent tool for managing passwords. You can create a spreadsheet with all of your passwords and user names. Using the built-in security features you could then password protect the spreadsheet. This isn’t the most user friendly approach but it works.

I’ve known people who keep a Word document with a list of passwords and user names. This way will work. You can even password protect the document. In the end though it doesn’t really matter how you manage your passwords as long as you keep them safe. Using a Word document or Excel spreadsheet even if it is password protected is not the most secure method of managing your passwords.

That’s were KeePass (http://keepass.info) comes in. KeePass is a free Open Source password management software. It keeps your user names, notes and passwords all in one database. This database is password protected. You only need to remember one password to access all of your passwords. I know this doesn’t sound much different than using a password protected Excel spreedsheet. The difference here is that your KeePass database is protected by the best and most secure encryption algorithms currently known (AES and Twofish). If you use a good, strong password for your database master password this is as secure as it gets.

Some people even go one step further and encrypt the database file using someting like TrueCrypt (http://www.truecrypt.org)or BitLocker (http://www.talktechblog.com/bitlocker). That’s one of the great things about KeyPass, you can use it any way you choose. You can encrypt the database with a third party encryption software, you can even encrypt a thumb drive and run it from there.

Because KeePass is Open Source, it theoretically is more secure than a proprietary solution. Allowing access to the code let’s security researchers review the code and see if it is truly secure. KeePass is the most secure free password management solution that I have found.

I even have an app on my iPhone called MiniKeePass (http://www.talktechblog.com/MiniKeePass). It’s free and so far I’ve really liked it’s features. You can even use DropBox to import and export the databases. It’s not as seemless as something like RoboForm (http://www.roboform.com) or OnePassword (https://agilebits.com/onepassword), but it’s free and open source. If you are looking for something a little more seemless you might want to check out one the commercial products.

Here’s the process I use for managing passwords with KeePass.

1. Create your database.

2. Create your Master Password.

3. I create groups. You don’t have to, but it helps keeping everything organized. It comes with some default groups. General, Windows, Network, Internet, eMail and Homebanking.

4. Start creating entries for each of the passwords that you use. Start with the passwords you use most often.

5. Once you have the database created and populated, it’s time to go and use the password generator and creat a secure password. Change the password to the secure password that the app generated. This will make it a lot easier to manage creating secure passwords.

6. Make sure to backup your database. Considering getting an off site copy. Put it on a flash drive, use DropBox, or you could use a backup program like CTI Remote Backup (http://whatisyourdataworth.com) to backup the database to an off site location.

7. Update your entries every time you create or change a password.

This isn’t the only way to manage your passwords. You can do it anyway you choose, but this is the way I recommend. I hope this helps.

Local Web Site Spotlight:

This weeks Local Web Site Spotlight is Midland Community Bank at http://mcbbank.net. Midland Community Bank is a local bank that provides the home town service with big bank features. Stop by and see what services they offer at MCBBank.net.