Managing Your Passwords - Is KeePass A Good Answer ?
By rcscsuk
KeePass
One of the problems with our online lives is the number of passwords which we’re required to keep track of. Ideally, of course, you should have a different password for each different online account which you use – but the reality is that’s a pain to manage and if it’s a pain then people won’t do it.
It’s estimated that something like 60% of internet users use the same username/password combination for everything. It seems a week doesn’t go by without some well know company being hacked and ‘losing’ their web users personal details to persons unknown. If your details are compromised in one of these attacks then the risk of real problems is compounded hugely by using the same password everywhere.
One solution is a password manager application like ‘KeePass’. These applications allow you to keep all your user names and passwords together in one application, stored in a strongly encrypted database all of which is protected by a single ‘master’ password – which I would suggest you don’t record anywhere – as long as you're sure you can remember it !
KeePass allows you to organise your passwords into different groups, for example ‘Shopping Sites’, ‘Internet Banking’ and ‘Utility Company Websites’ etc.
It’s possible to use the application in such a way that you don’t actually have to see or know the passwords which you use. The application will generate strong passwords for you – which by default are hidden by the application behind a series of black dots – you simply then double click the entry in KeePass – which copies the entry to your clipboard - and then you paste the password into the password input box on the applicable website. For added security the clipboard can be set to clear automatically after a predefined number of seconds and the application also uses other techniques to protect the clipboard from potential snooping.
Bear in mind, that if you’re using KeePass (or any other password manager) that you keep a regular backup of the database - and keeping a copy of the application installer somewhere handy would also be a good idea.
KeePass is open source – which means that you can download and check out the source code for the application to see exactly what it does. Of course this is beyond the ability of most people but this level of transparency – i.e. total – should give you some confidence that the program doesn’t have a hidden agenda. KeePass has been around long enough that those people who have looked at the source code would have shouted by now if there were issues with it.
The application is available direct from its own home page at http://keepass.info/. Versions are available for a large variety of platforms including Windows, Android, iPhone/iPad, Blackberry and more.
 | Amazon Price: $4.06 List Price: $7.95 |
 | Amazon Price: $0.00 |
 | Amazon Price: $11.72 List Price: $25.95 |
Comments
I'm not sure who you mean by 'the Administrators'. KeePass is an application which you downloand and install on your PC. The master password only you know - in theory no one can access your list of passwords contained in this application if they don't know the password.
I've installed this for some of my clients and I'm their network administrator - but I don't know their password to this application - hence I don't have access to anything it contains.
(I've used it myself for about a year now).
HTH.
I use RoboForm, it's the world's number one password manager. Keepass is nothing compared to RoboForm!
Thanks for your comment - had a quick look at Roboform.
Looks fine - my issues with it - and the reason I
personally wouldn't use it over KeePass are:
1. It would appear to be a browser plugin - browsers are a nightmare for security holes - if a rogue script gets access to your browser info then possibly it could get access to the plugin - and therefore your passwords.
2. It is not open source - who knows what it's really doing in the background.
3. You passwords are sync'd via an online service - again - can you trust the online storage to keep them safe ?
4. Its not free.
Not that I'm paranoid or anything ;)
If you really value security, the free products are rarely going to be your best option. I personally use RoboForm Everywhere with the online sync feature and everything is encrypted with my master password which they could not recover for me when I forgot it because they keep no record of these, only the user has it. So even if the information was stolen it couldn't be viewed unless they got the password from me personally. I love RoboForm.
LULU SUE1987 9 months ago
This is a great idea. However, it is safe. How do I know that one of the administrators wont use my passwords.