Better Security through Password Management
By Joe Moran
Last time, we looked at two commonly overlooked router-related passwords that can leave your network vulnerable if not configured properly. But it's not just the seldom-used passwords many of us neglect — there are plenty more passwords that we use far more frequently (particularly for Web sites) and also pay scant attention to.
On any given day, we may have to use many different passwords. Most of us are at least somewhat aware of the guidelines for proper password creation and use, but few actually follow them. (We won't rehash them here, but for a good explanation check out an earlier installment of this column. The problem is that even one "good" password is hard for most people to remember, never mind four, six, or ten.
Therefore, where passwords are concerned, we tend to do exactly the opposite of what we're supposed to—come up with the shortest password allowed, use the dog's name, use that same password for everything, and change it only when forced to (usually from something like baxter to baxter1).
If you lack a photographic memory but would still like to follow better password practices, here are two tools that can help you do it.
KeePass is a free, open source utility that gives you a centralized place to store, organize and manage all of your passwords. You can find it at http://www.keepass.info/news/n080112_1.html.
Once you've installed the software and it's up and running, choose "File" then "New" to set up a password database. Next, enter a Master Password in the space provided. This password will control access to the utility and it can also be the root of every other password you manage with KeePass, so make sure you create one that's a decent length. (As you type the software will report the bit strength of the key and the color indicator beneath will go from reddish to green as you add characters). You can click the button with three dots to view the characters as you type, and you should make a written record of the password before you type it in the second time for confirmation.
After your database is set up, you'll see are a number of login categories listed, such as network, Internet, and e-mail. To create a new password entry for a category, highlight it and right-click the empty space on the right side of the window. In the "Add Entry" window, give the entry a recognizable name and then enter your user name and password where indicated. The password field will automatically include your master password, which you can build off of or clear from the field and type whatever you want to use. Then enter the URL of the site in question.
To help visually distinguish between entries, you can change the icon each will display using the button in the upper right. If you put a check in the "Expires" box and specify a date or time, KeePass will indicate the password as expired after that point and display its entry with a red X. This doesn't mean your password will stop working, but rather serves as a reminder of when to change the password.
Now that we've created an entry, let's see how to use it. When you right-click an entry, you'll get a context list of actions to perform. For example, Open URL will open your browser to the site specified. If the site's main page doesn't contain the actual username and password sign-in fields, you should modify the entry to reflect the URL that does (for example, it might be www.site.com/login).
When the browser's open to a site's sign-in page, you can click and hold the user name part of the KeePass entry and drag it into the matching field on the page, where the information will automatically be filled in. Repeat the process for the password and click the site's sign in button and you'll have logged into the site without having to do any typing.
Another and even more convenient option is to use the KeePass Auto-Type feature. With the site's login screen open, right-click its entry and choose Perform Auto-Type. This will automatically send the username to the first field, then send a tab keystroke, then send the password to the second field, then an enter keystroke, effectively letting you log in with a single mouse click.
KeePass includes a built-in password generator, and if you'd rather not need to remember even a single master password, you can use a key file instead. KeePass obviously is ideal for those using a single PC, but if you frequently use more than one computer, you can download a portable version that doesn't require any installation and can be kept on a USB key.
To create a Clipperz account, click on the Register button in the upper right corner of the page. Just like KeePass, Clipperz will give you feedback about the strength of your password through a color indicator (you'll have to use at least 22 characters to make it to green). For obvious reasons, Clipperz doesn't keep a record of your passphrase, so they can't be of any help if you forget it. Therefore be sure to write it down somewhere in a secure place (and we don't mean on a Post-It Note stuck to your monitor).
Once you're at the Welcome to Clipperz page, click the tools tab (upper right) and then the Bookmarklet link (left margin), and add the Clipperz bookmarklet to either Firefox or IE using the instructions shown.
Now point your browser to a site's sign-in page and click the "Add to Clipperz" bookmarklet. This will open a small window containing the code for the login process. Copy this code to your clipboard using the mouse or Ctrl-C, then click the "Cards" tab and the "Add New Card" button. Paste the code you just copied into the Direct login confirmation box, Click "Direct Login" just above that, and then click the "Create" button. Finally, fill in the fields for your user name and password, and click the Save button.
The entry you just created should now be listed under the Cards and Direct logins heading. Clicking the latter will automatically log you into the site, while selecting a card and then clicking "Edit" will let you view or modify the information saved for that site.
Both KeePass and Clipperz can help you use stronger passwords without having to commit endless strings of gobbledygook to memory. Of course, this is just a basic look at how these tools work; for information on additional features and capabilities for each be sure to check the KeePass help file or the Clipperz online documentation and FAQ. Last but not least, if you decide to keep using either one, consider making a donation to the developers (both accept PayPal).
Joe Moran is a regular contributor to PracticallyNetworked.
For more help, don't forget to try one of our PracticallyNetworked Forums.
|Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums|