Better Security Through Password Management

by Joseph Moran

Quit typing your dog's name over and over: Tools like KeePass and Clipperz can help make dealing with passwords simpler and more secure.

In our article A Tale of Two Passwords, we looked at two commonly overlooked router-related passwords that can leave your network vulnerable if not configured properly. But it's not just the seldom-used passwords that many of us neglect — we still manage to ignore or forget there plenty of passwords that we use far more frequently (particularly for Web sites).

On any given day, we may have to use many different passwords. Most of us are at least somewhat aware of the guidelines for proper password creation and use, but few actually follow them. (We won't rehash them here, but for a good explanation check out an earlier installment of this column. The problem is that even one "good" password is hard for most people to remember, never mind four, six or ten.

Therefore, where passwords are concerned, we tend to do exactly the opposite of what we're supposed to—come up with the shortest password allowed, use the dog's name, use that same password for everything, and change it only when forced to (usually from something like baxter to baxter1).

If you lack a photographic memory but would still like to follow better password practices, here are two tools that can help you do it.

KeePass is a free, open-source utility that gives you a centralized place to store, organize and manage all of your passwords.

Once you've installed the software and it's up and running, choose File then New to set up a password database. Next, enter a Master Password in the space provided. This password will control access to the utility, and it can also be the root of every other password you manage with KeePass, so make sure you create one that's a decent length.

As you type the software will report the bit strength of the key and the color indicator beneath will go from reddish to green as you add characters. You can click the button with three dots to view the characters as you type, and you should make a written record of the password before you type it in the second time for confirmation.

After your database is set up, you'll see a number of login categories listed, such as network, Internet and e-mail. To create a new password entry for a category, highlight it and right-click the empty space on the right side of the window. In the Add Entry window, give the entry a recognizable name and then enter your user name and password where indicated. The password field will automatically include your master password, which you can build off of or clear from the field and type whatever you want to use. Then enter the URL of the site in question.

To help visually distinguish between entries, you can change the icon each will display using the button in the upper right. If you put a check in the Expires box and specify a date or time, KeePass will indicate the password as expired after that point and display its entry with a red X. This doesn't mean your password will stop working, but rather serves as a reminder of when to change the password.

Now that we've created an entry, let's see how to use it. When you right-click an entry, you'll get a context list of actions to perform. For example, Open URL will open your browser to the site specified. If the site's main page doesn't contain the actual username and password sign-in fields, you should modify the entry to reflect the URL that does (for example, it might be www.site.com/login).

When the browser's open to a site's sign-in page, you can click and hold the user name part of the KeePass entry and drag it into the matching field on the page, where the information will automatically be filled in. Repeat the process for the password and click the site's sign in button and you'll have logged into the site without having to do any typing.

Another and even more convenient option is to use the KeePass Auto-Type feature. With the site's login screen open, right-click its entry and choose Perform Auto-Type. This will automatically send the username to the first field, then send a tab keystroke, then send the password to the second field, then an enter keystroke, effectively letting you log in with a single mouse click.

KeePass includes a built-in password generator, and if you'd rather not need to remember even a single master password, you can use a key file instead. KeePass obviously is ideal for people using a single PC, but if you frequently use more than one computer, you can download a portable version that doesn't require any installation and can be kept on a USB key.

Continue to Page 2

If you want a way to manage passwords without software that's tied to a particular PC or having to carry a USB key around with you, check out Clipperz, an online password manager that works with Internet Explorer or Firefox browsers. Clipperz consists of a Javascript application that encrypts your information on your computer before transmitting it to the Clipperz servers, which prevents either Clipperz or another party from accessing your stored data.

To create a Clipperz account, click on the Register button in the upper right corner of the page. Just like KeePass, Clipperz will give you feedback about the strength of your password through a color indicator (you'll have to use at least 22 characters to make it to green). For obvious reasons, Clipperz doesn't keep a record of your passphrase, so it can't be of any help if you forget it. Therefore be sure to write it down somewhere in a secure place (and we don't mean on a Post-It Note stuck to your monitor).

Once you're at the Welcome to Clipperz page, click the Tools tab (upper right) and then the Bookmarklet link (left margin), and add the Clipperz bookmarklet to either Firefox or IE using the instructions shown.

Now point your browser to a site's sign-in page and click the Add to Clipperz bookmarklet. This will open a small window containing the code for the login process. Copy this code to your clipboard using the mouse or Ctrl-C, then click the Cards tab and the Add New Card button. Paste the code you just copied into the Direct login confirmation box, Click Direct Login just above that, and then click the Create button. Finally, fill in the fields for your user name and password, and click the Save button.

The entry you just created should now be listed under the Cards and Direct logins heading. Clicking the latter will automatically log you into the site, while selecting a card and then clicking Edit will let you view or modify the information saved for that site.

Both KeePass and Clipperz can help you use stronger passwords without having to commit endless strings of gobbledygook to memory. Of course, this is just a basic look at how these tools work; for information on additional features and capabilities for each program, be sure to check the KeePass help file or the Clipperz online documentation and FAQ. Last but not least, if you decide to keep using either one, consider making a donation to the developers (both accept PayPal).

Adapted from PracticallyNetworked.com, part of the EarthWeb.com Network.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Return to Page 1

This article was originally published on Friday Mar 14th 2008
Mobile Site | Full Site