Managing Passwords

Aren't passwords a pain in the patootie? Can't live with ‘em, can't live without ‘em. How do you manage your passwords? For too many people, I suspect, the answer is, "Not very well."

You basically have two choices in dealing with passwords, which are 1) committing them to memory, or 2) writing them down/recording them somewhere. Each approach has its advantages and drawbacks. If you commit passwords to memory, chances are you use one or a few of them over and over again. You have probably chosen passwords that are relatively easy to remember, and may be relatively easy for a determined hacker to discover.

Featured Software
  KeePass Password Manager

If you only have need of a few passwords, there are strategies for coming up with strong passwords that you can remember (see here, for example), and this may actually be the best approach. You can also write them down and store the list in a safe place, for those approaching Alzheimer's moments, and still be pretty secure.

However, if you have lots of passwords (I currently have well over a hundred), and you aren't Rainman, you simply have to record them in some fashion. The obvious disadvantage is that someone will discover your list.

This is where an application called a "password manager" comes in. The basic idea is that your passwords are stored in an encrypted file on your computer, or on something like a USB flash drive* that can be moved from computer to computer. The file is created and managed by the password manager application, and opened with a single "master password" that you commit to memory and don't even reveal to your pet rabbit.

I have been using a password manager for a number of years, now, and I count these among its conveniences:

  • I can use long, strong passwords that include numbers, symbols, mixed case, etc. that the password manager generates for me.
  • I can copy and paste, or drag and drop, the ID and password from the password manager to web form.
  • For websites, I can include the link in the record and access it directly from the password manager. I can also include notes that provide context for the entry.
  • I can record credit card numbers, so that I don't have to hand-type them when I shop online.
  • I can have the file backed up automatically by Mozy or IDrive-E in case something happens to the original file.

The particular program that I use (Access Manager, by Citi-Software) has the added advantage of being multi-user, which means that my wife and I can both use it, across our home notework. It contains some passwords that only I see, some that only she sees, and some that we share. A disadvantage of the program is that it requires the .NET framework to be installed on your computer, and this makes it less useful when we're traveling and want to use someone else's computer. At any rate, I suspect it isn't an advantage many Mainstreamers would exploit.

I think that a Mainstreamer's solution to password should allow you to carry the program and its data on a small USB flash drive, so you can transport it from one computer to another without ever actually installing it. That eliminates Access Manager, because I'm likely to run into computers that don't have .NET installed on them. There are are other good, free password managers out there, and the best I have found is one called KeePass. The Mainstream Guide for KeePass is here.

________________________________________

*A "USB flash drive" is a small memory storage device that is removable and rewritable. It is used much as a floppy disk used to be used, to carry data and programs from one computer to another. Modern computers often don't have floppy disk drives, but nearly always have a standard USB connection.