We've all been there. We go to a website and want to use it's
services or features and what do we have to do? That's right, come up with
another username and password. One solution for managing your smorgasbord of
user credentials is to just use the same name and password for everything. And
of course you have that one username and password on a sticky note attached to
your monitor so everyone can see it. I don't have to tell you why this is a bad
idea.
Enter KeePass, a very handy password manager that will remember
usernames and passwords so you don't have too. Now imagine that you download
your new password manager and take the time to enter all of your 100 username
and password combos for say, 100 websites. Good for you! Then an hour later you
hard drive dies! Oh the humanity! That’s where Dropbox comes in.
Now Dropbox is possibly the greatest service on the internet.
Period. Check out the site. I'll probably write more about the coolness of it
later. But let’s just say that when you start using it, you will wonder why it
took so long to sign up.
Put Dropbox and the stand-alone version of KeePass together and
you could have access to all of your user credentials from all of your devices.
There are apps for both programs on many platforms such as Android, iPhone,
Windows 7 Phone, Palm OS, Windows, MAC, and Linux.
Here's what you need to do to get this working for you.
1)Click on this link to
sign up for Dropbox. Install Dropbox on all your devices. Visit these sites for
tips on how to maximize your free account space.
2)Now download the stand-alone (Doesn't install like a typical
windows program) version of KeePass.
3)Now extract the KeePass zip file to the Documents folder in
dropbox. (Or any dropbox folder you want.)
4)Double click on the keepass.exe file to get started. You will
need to create a new database for your usernames/passwords. Then you will need
to decide to secure your database with a master password or use a file as a key
to access the content. All data in the datebase, once secured is encrypted with AES256. If you pick the password option, this
is one password you must remember and if you lose it, you lose your database.
Same thing goes for a file key. If you lose the file, you lose the database.
The risk of losing a file key however is minimized by the fact that a file key
could and should be stored in your dropbox which is backed up. (Just don't make
it obvious that a particular file is the key.) You can click on the file
keepass.chm (The help file) and read up on how to use the software.
5) Add your username and passwords to your new database! I
strongly suggest that you read the help file to get the most from this nice
little app. Also, once you have your database created and have it stored in
dropbox, you can then download the iPhone/iPad/Android apps for your mobile
devices and have access to your database just about anywhere. (Remember,
storing the database in dropbox is what allows this, so don't forget the
dropbox app!) The database file will have an extension of kdbx. For iPhone,
download the MiniKeePass app. It's free and can give read/write
access to version 2.x databases.
Lastly, I'll leave you with a few links to help you create strong
passwords and to test how resistant they might be to a brute force attack. For
those of you that are not aware of what a brute force attack is--Trying all the
different possible combinations of characters until your particular password is
found. You shouldn't be too worried about this, at least with online accounts
because a reputable website will have built in safety measures to limit the
rate at which password attempts can be made, thus making such attacks much less
likely to succeed.
The following links are a very good resource for all things
passwords. And GRC also has many other interesting things on their website.