Tuesday, February 5, 2013

My New Way to Manage Passwords

Keeping Passwords Secure

So like most everybody I have a bunch of passwords. Unlike most everybody I use unique passwords per site as much as possible to limit the damage if one gets compromised. Since I am not good at remembering crazy long passwords I use a tool called Keepass to keep everything organized. Keepass is available for Linux, Windows, Mac, iPad/iPod and Android. It stores everything in a encrypted database.

The Setup

I use Fedora on my desktop computers and Android on my mobile devices. I also use Dropbox to store files. You can probably guess where I am going with this... store your Keepass database on your Dropbox share. Now that allows you to get to your passwords anywhere you have internet access. However that wasn't quite what I was looking for. There is one more piece of magic that makes this system just awesome. A program called Dropsync for Android. This program automatically downloads your password database from Dropbox and keeps it synced on your mobile device. This allows for offline access to your passwords as well as the ability to add stuff from your mobile device and have it sync to your desktop devices.

One Last Hint

Dropbox offers the ability to share folders with other Dropbox users. A password database can be put in a folder and shared with somebody. That allows for a password database to be used by multiple people. A way to use feature is to keep your root passwords in the database and have the folder shared across the administrators in your organization. This allows other people to get to the root passwords if the world is crashing down and normal login methods in no longer work.

Conclusion

This system works really well for me. Even if the password database were to get released Keepass has done a lot to prevent it from being decrypted by an attacker. Disagree with me? Let me know in the comments.