Sunday, July 15, 2012

Safely storing passwords

A classic advice on the Internet is to have different passwords for different sites. The reason behind is that if someone manages to get your password for an application - webmail, facebook, linkedin or anything else - he may have a way to find some of your other applications. And if your password is shared, the attacker has access to them. But, with that advice comes the hassle - rather the pain actually - to manage all these passwords, with certain sites that ask you to change your key from time to time.

The solution comes with a "keyring" or password manager: an application that will securely store your passwords and credentials, and that will allow you to access them whenever you need. Its characteristics need to be:
  • Secure, i.e. the information cannot be retrieved without your master password 
  • Easy to use
  • Portable, so you may have your password database on a USB thumb drive
Here are three options.

Excel/LibreOffice spreadsheet

Maybe the easiest is to use an application you are used to: a spreadsheet. In this case, you may create one to store your sites, usernames and passwords, and protect the spreadsheet with a password.

Modern versions of Microsoft Office and LibreOffice come with a strong encryption - as long as the password you use is strong - that cannot be easily brute forced.

While the spreadsheet can be put on a USB drive, you will need all the machines on which you expect to read the file to have the relevant Office suite installed.

To use LastPass ****, you have to install a small piece on your computer and allow the device to access your database.

While the master database is stored online, each device gets a locally stored copy. That way, if you don't have an Internet connectivity or if the LastPass site is down, you still have some of your credentials available.

The con is actually that the master database is stored online: you have to trust that the security of the site and the master databases is adequate.

Password Safe

This is a little more than a spreadsheet, as you also need to install the application on all your devices. It has a few interesting features, such as generating passwords for you.

There are many, many more options available, certain commercials (ironkey, Kaspersky), others free.

Happy surfing!