After some tries I settled on Keepass family. The original app works on Windows and has two lines: Keepass Classic (1.x) and Keepass Professional (2.x). Before you jump to the latter (it has a bigger version number and it's called professional, so it must be better, right?), bear in mind that Keepass 2 is written in .NET. What's wrong with that?
- It severely limits the number of systems that can run it. While you can use it on most versions of Windows and (with Mono) on Linux, BSD and MacOS X, .NET runtime needs to be installed. What if you need to run it on someone else's machine? No problem in carrying a few MB portable Keepass binary with you, but .NET Framework is large and invasive.
- It's way slower then Keepass Classic.
Supported systems
Keepass 1.x only runs on Windows, but there are ports and clones for almost any system and device: Linux, MacOS X, PDAs/smartphones (iPhone, Blackberry, Android, Windows Mobile) and even dumb phones (using Java Mobile, almost any phone can run it). All of them use the same file format. I mostly use KeepassX on Linux, supplemented by Windows and phone versions.
Windows version can be integrated with Portable Apps Suite and Bart Preinstalled Environment, two great tools that many IT professionals carry around. No problem in using my passwords on a friend's computer, got Keepass Portable and the database is backed on my USB drive [*].
Organizing passwords
Image via Wikipedia Keepass can organize your passwords in the tree structure (eg. you can start by dividing into Personal and Work, than in Personal into Shops, Forums, Websites...). Useful if you have dozens of them. Even better, you can search your database. When adding a new entry, you have a choice of writing a password or generating a new one with a given length and set of characters. There's even an option to generate pronouncable passwords. I usually go with a long random string of mixed case letters, numbers and several special characters.Keepass database is a single file. It means in case of corruption, you lose it all, so Keepass automatically writes backups. It's protected with a strong encryption, so it's safe to send it over the network. Just remember to choose good password: containing numbers, special signs and REALLY long - like, 20 characters or more.
Noticed that Keepass gives you an option to see the password you're typing instead of asterisks and to correct it in case of a mistake? All apps written by security-savvy people do it. Asterisks give little protection against someone looking over your shoulder (they can see the keyboard anyway!), but discourage from using strong passwords.
Integrating with other applications
Keepass can import passwords from several applications, including Firefox, and export to XML (both human and machine readable) or TXT. There are plugins to integrate it with web browsers and other apps. I don't use them though, there's a simpler and more secure option: press Ctrl-Shift-A while visiting a page, Keepass will auto-type your username and password. It matches application titlebar to the entry's Title and URL field. To make sure the match is correct, install Hostname in Titlebar extension in Firefox. For other apps, use Ctrl-C to copy password to clipboard (Ctrl-B for username). Keepass will clear your clipboard after a specified time (20s by default).
-------------
Footnote:
[*] Some would consider it insecure: if you don't control the machine, it might steal the password you use - or ALL passwords once Keepass database is unlocked. In my opinion it's secure enough provided that you:
1) trust your friends not to intentionally steal your password,
2) trust your friends to secure their machines.
While condition 1 is generally always met, condition 2 rules out many machines. When I need to work from an untrusted system, I use Keepass on my phone. It's damn inconvenient to type a Keepass password on the phone's keyboard (obviously I've chosen a strong one) and even worse to read on the phone and type on the computer the password from Keepass, considering that most of them look like F25c6D-SGe#r5vK;DVb5, but I do it maybe twice a year.
Posts
0 komentarze:
Post a Comment