So if you’re like me, you’ve probably reached the limit of the number of unique passwords that you can 1.) come up with on your own, while still matching all the requirements like total character length, using capitals, using lower case, using special characters, using at least one or two numbers… oh, and it can’t be a password that you’ve used in the past. It’s a lot, but it is a great idea to have unique passwords for every site you need to log into on the interwebz. So how do I master password management?
The biggest issue is… how do you avoid using the same one or two or three passwords for every single site? I recently took a little inventory of my digital life. Before the inventory, I thought I was doing pretty good. I usually keep 5-7 unique, at least 50-100 bit strong passwords just on the top of my head, and I figure that was better than most who use maybe one or two passwords across all the sites they use, right? Well, comparing the number of unique passwords I kept in my head to the number of unique websites I use on a daily basis, suddenly I wasn’t doing so hot.
In just a typical week, I use at least 50 different websites that either required a user/password authentication, or were sites that I had already had accounts for. Suddenly my 5-7 unique passwords weren’t so strong. I knew I had recycled a handful of passwords across sites, but I had no idea how bad it was. When I actually took the time to note how many sites I was logging into with the same password, it was very surprising. Proper password management was now essential.
So how do you solve this problem? Nobody has time or willpower to suddenly become some cryptographic expert and just generate insanely strong passwords every single time you log into a new site, or create a new account. And sure, I could easily just make up a bunch of random numbers, letters, and symbols to get a super strong password, but how on earth can I remember or manage all that random stuff?
Most people use password management tools like LastPass or Dashlane. A lot of these services have a free version, and most at least offer paid upgrades. But in today’s internet, hardly anything is safe. Companies like this are huge targets for hackers because all it would take is one data breach and you have one of the world’s largest databases of username/password combos on the planet.
There’s been a lot of talk going around on privacy, especially online, and some tech giants like Facebook and Google are being heavily criticized for their use.. and misuse of other people’s sensitive information. So yeah, we get it, big corporations are evil. But that still leaves us with this whole password management issue. If I can’t remember ten thousand unique and strong passwords, and I can’t store them with a giant, hack-able company, what do I do?
Enter KeePass. KeePass is one of the best password management tools I’ve ever come across. It’s technically a Windows-native program (.exe), but it can easily be run on any machine using a tool called Mono. I use this tool on my Chromebook (running Gallium OS) every day. What makes this tool awesome is that there is no managed database. There is no company. And best of all, there is no fee.
KeePass is a completely free tool to manage all your passwords across all sites and even desktop applications and anything else you may need to log into. Unlike LastPass or Dashlane which are designed around managing your online accounts, KeePass manages your login credentials for anything. So instead of being limited to online accounts, you can simply generate insanely strong passwords and customize the number and type of characters used to match any password requirements, and paste them anywhere.
I use BitBucket to backup code that I’m working on, and before I can push code up to that repository, I need to provide my password… in the terminal. With LastPass, you’d have to log in to your LastPass account, scroll until you find the account you’re looking for, reveal passwords, copy… it’s a lot. And it requires you to be online. What if you need to log into a local network or a piece of software that’s offline? What if you need to unlock an encrypted file? KeePass has you covered.
Even more features:
KeePass also has a ‘notes’ section for each entry. This allows you can add required information in addition to your username/email and password. Some accounts, especially banking or loan servicing sites, require things like security questions, additional account PIN numbers that are different from your password, and any other pertinent information associated with your account. The ‘notes’ section is a great tool to keep track of all that extra information.
KeePass keeps all your login credentials in a single, encrypted database file. And even better, you can back up this file anywhere. Publicly, privately, whatever. You only need one password to unlock your own personal database. And KeePass is so flexible you can run it from a USB stick. Just plug it into the computer you’re using, run KeePass, unlock your database file, and boom. There’s your credentials library. Close it down, eject the drive, and leave no trace that you were ever there.