Hopefully, the answer isn’t “I use the same password for everything” – that would bring a tear to my eye!!
It seems like every website you go to now wants you to create an account. And that means you need to decide what password to use. Many people get in the habit of just using the same username and password for every site. And why is that? Well, convenience, of course! Why not use one password for all sites so you always remember it?
Here’s why – if that password is ever compromised, the person with the password now has the potential to log into every single website that you do! Think about this for a minute. This could be email accounts such as Yahoo! or Gmail, bank or credit card websites, shopping websites like Amazon.com or eBay, or social websites like Facebook or MySpace. Really think about this – do you want someone to basically steal your identity just because it was convenient for you to throw security out the window and only remember one password?!
Well, I’ve got some good news for you. I currently have over 450 user accounts and passwords and guess what… I don’t think one of them is even remotely close to being the same. And the best part is that I only need to remember one password. The trick is to use a password manager.
Password management software is great because almost all of them have one encrypted file that is protected by a master password. Once you enter in that password, you now have access to enter as many account credentials you want. In most password management applications, you can generally enter in the following:
- Title or name of the account (whatever you want to call the entry – i.e. “Yahoo! Mail” or “Facebook” )
- URL (the website address – i.e. http://mail.yahoo.com or www.facebook.com)
- Notes (this is for yourself for whatever you want to enter in as a reminder for yourself. I always put the email address that I used to register the account, but I also use it for account numbers, special instructions, notes to myself, etc.)
Additionally, some of the software even lets you set an expiration date if desired or the ability to categorize the accounts into groups (such as Banking, Email, etc.).
So, you can have all your information in a single file that you can back up and you can have different passwords for all accounts. And since you now only need to remember one master password to open it all, you should make it a very strong one composed of capital and lowercase letters, numbers, special symbols, and six characters long at the very minimum. Once you start typing it enough, it will be a cakewalk – I promise! Without this password, the file with all the passwords sits encrypted. And because you don’t need to remember the password for the account, you can now make it more than your dogs name. In fact, most password management software will provide the ability to auto-generate some complex passwords for sites that no one could guess… and you don’t even need to remember any of them!
How much would you pay for this peace of mind? Ten thousand dollars??!!! Fifty thousand dollars??!!! Well, guess what – you can actually get some of this software for as low as FREE!! That’s right – free!
I’ve been using different password management software for years now trying out all sorts of them to make sure that I would be familiar with them and be able to keep you informed. Here’s some of my thoughts on just a few of them…
Password Keeper 2000
This was one of the first password managers that I started using. It’s fast, it’s easy, and it works. It’s kept up by a guy named Gregory Braun. It lets you export your password list out as well. This is critical when choosing your password management software!!!! Over time, you gain more and more passwords. Once you have even 50 passwords, if the software is no longer supported in a new version of Windows or you choose to use different software, you’re going to be upset with yourself when you need to re-enter each one of them, one at a time. This is a very straight-forward program and might be worth looking into. $19.95 after trial. http://www.gregorybraun.com/PassKeep.html
Access Manager 2
This program is one that I used for quite some time. Very straight-forward and easy to use. This one allows you to import passwords into it from a couple different formats such as CSV and XML. These are standard formats and you should find that other programs that allow you to export/import will generally support either one or both of these formats (you’ll probably have to do a little tweaking to the file first though). The only downside that I have with Access Manager is that it’s not the fastest program. Not to say that it’s slow, but you’ll find most other password management software to be more zippy than this one. There are two versions for this software – a free edition that should support most of your needs and a professional version that gives some extras that some people may find beneficial. Here’s the catch though, to export passwords, you need the Professional Edition. So if you ever want to change programs without retyping them into a new program for example, you’ll likely need to upgrade to the Professional Edition first. The Free Edition is obviously free and the Professional Edition is $24.95. http://www.accessmanager.co.uk/
KeePass Password Safe 1.x
Alright, boys and girls, let’s talk about KeePass for a minute. This is the software that I’m now using… and I love it! Here’s the highlights and scoop about KeePass:
- KeePass is open source software. That means that if you are a developer, you can get the actual code behind it to see exactly how it works. That allows people from around the world to contribute fixes and improvements to the software.
- There are currently two versions of this software – the 1.x version and the 2.x version. The 2.x version is still in beta. Normally I’m pretty excited about getting in on beta software, but when I’m dealing with all my passwords – not so much. I’ve been using the stable 1.x version and it’s great.
- It’s lightweight and fast. There are keyboards shortcuts you can use to quickly open the software and auto fill in usernames and passwords.
- There are plugins that are available to do different things (integrate with Internet Explorer or Firefox, importers, exporters, etc.).
- There’s even a mobile version of the program. I have a Windows Mobile phone and I set it up so my passwords sync to my phone anytime I connect up my phone to laptop. And remember your passwords are in an encrypted file, so with a strong master password, they are as secure as you can get.
- Importing and exporting. Even without the plugins, you can easily import in passwords from other programs (provided they let you export them out!). And think exit strategy – if down the line you want to move to other software, you can export your passwords out from this software (no additional cost). It lets you export out to several different formats as well.
- If you’re a fan of grouping passwords into different groups (Banking, Email, etc.), you can easily do that as well. But you don’t have to – I don’t feel the need for that with mine, so I just don’t use that feature.
- There’s a portable version. Do you need to have easy access to your passwords on a USB drive… done! There is a version of the program that does not require installation so you can put it on a USB drive with your password file.
- Did I mention it’s free???!!!
Check it out… http://keepass.info/
Of the software above, I would highly recommend using KeePass. It’s fast. It’s easy. It’s open-source. It’s flexible in the options and plugins available. It’s secure. It’s portable. And it’s free! If you like it and stick with it, they do, however, let you donate to help support the project, and I highly recommend that you send them something. Every penny counts when you’re dealing with free software – give the developers incentive to continue to make the software even better and want to keep it free!
A few other important notes:
- If you are using the “password manager” built into Internet Explorer, you should re-read this post and quickly find a password manager that suits you. I discuss in Just the Computer Essentials some of the problems with Internet Explorer’s password keeping, such as weak encryption, no easy way to routinely back up your passwords, etc.
- There are tons of other passwords manager programs out there. Check them out and find one that works well for you. Just because I’m a big fan of KeePass and the others above, doesn’t mean there aren’t programs that might be better for you. Many people are fans of RoboForm or Password Safe – find out the one that works best for you!
- Almost all password managers store all your passwords in a single, encrypted file. Find out what file this is and MAKE SURE TO BACK IT UP!!!! In my book, Just the Computer Essentials, I discuss the importance of backups and even take you through the process of determining what you need to backup and how you should back it up. If you are not doing backups on your computer, get this book! You will learn what you need to know to make sure that you are protected from problems in the future.
If you thought this information was valuable, just remember that I cover password management, along with all the other important things you should be looking at on your computer, in my book Just the Computer Essentials:
- Help you understand exactly what you need to know when buying a new PC
- Lead you in protecting your computer from dangers such as viruses, spyware, spam and phishing
- Show you how to set up a backup strategy to safeguard all your important files
- Coach you how to recover your computer from system problems – starting with the least intrusive all the way to disaster recovery
- Teach you how to migrate your files and settings from one computer to a new PC running the Windows Vista™ operating system
Best of luck to everyone out there!
MCITP, MCSE, CCSP, CCEA, Server+, A+, and more!