What exactly is the best way to manage your passwords?

Master your passwords

Overwhelmed by an ever-increasing number of passwords in your life? Password manager software lets you unlock all your accounts using the one master word.

These days, the cloud is vital for storing information about our personal and work lives – email, accounting data, file back-ups and more. It’s convenient and mostly secure – so long as you can come up with strong passwords, and then remember them all.

Storing data on the internet creates new risks, though, such as the potential to expose some of your information to prying eyes. Symantec’s 2015 Internet Security Threat Report claims 348 million identities were exposed in 2014 due to compromised accounts or websites.

Why use a password manager?

A usually secure online service can become a full-fledged security disaster with just one simple mistake. That mistake is using the same password for different services. A study by UK communications watchdog Ofcom in 2013 found that 55 per cent of adults used the same password for most or all websites. For such people, exposing one account exposes all of them, as most hackers immediately check if stolen passwords work on other sites.

Security experts often recommend using password-management software, which lets you:

  1. Use secure, complex passwords containing numbers and special characters
  2. Use a unique password for each account
  3. Change your passwords regularly to stay one step ahead of the bad guys.

Password managers may also protect you against phishing emails because unlike humans – who can be tricked into logging in to fake websites designed to steal personal or financial details – the software will only log in to the correct site.

There are quite a few password manager programs around, but they all work on the same basic principle: a “master” password gets you into the manager and it then automatically creates different passwords for all your services before logging you into them.

The generated passwords are highly complex, and therefore secure, but it’s vital that the password manager is available for all your devices or you’ll struggle to log in from unsupported devices.

Which one?

While there are a number of password managers to choose from, we’ll focus here on KeePass (see “Up and Running with KeePass”). It doesn’t have the prettiest interface, but it is open source (free and transparent) and very flexible. It stores login and credit card details, WiFi access codes and more – letting you automatically log in to your email and cloud services, and fill in online forms. KeePass is available on Windows, Mac, iOS and Android, and has plug-ins for all popular browsers that automate online logins and forms.

Some password managers, such as LastPass, keep an encrypted database of passwords in their own cloud services. KeePass stores your encrypted data in a third-party cloud storage service that enables you to sync files between devices and services such as Dropbox, Google Drive or OneDrive. KeePass’s approach has one obvious benefit: you don’t have to rely on its own site security. LastPass, for example, recently reported a security breach, although no user details were exposed.

Up and running with KeePass

To get started with KeePass, download and install the Professional edition from keepass.info. Next, create a new database, select where to save your database and create your master password. This password has to be super-strong because it's guarding access to all your other passwords, and you can't reset it if you forget it. Write it down on paper then lock it away. (Tell your spouse or partner where it is.)

To integrate KeePass with your browser, we recommend the KeeFox plug-in for Firefox and ChromelPass for Chrome. Install the rlevant plug-in and follow the instructions to connect to KeePass. Setting it up requires some work upfront as you must manually change your password on everything that requires a login. Go to the "change password" option for each online service, then click on the KeeFox or ChromelPass icon and select the "generate password" option.

You also need to install KeePass apps for your other devices. We recommend MiniKeePass for an iPhone or iPad, and KeePass2Android for Android. After installation, these apps let you access a cloud storage service such as Dropbox using your master password. Due to the way mobile operating systems work, you need to switch between apps to manually copy and paste each password.

348 million identities were exposed in 2014 due to compromised accounts or websites.

You can now use KeePass (or the browser plug-in) to change the details for any of your accounts.

KeePass Tools

Other Password Managers

This article is from the September issue of INTHEBLACK

Read more:

September 2015
September 2015

Read the September issue

Each month we select the must-reads from the current issue of INTHEBLACK. Read more now.