Friday, August 7, 2009

Utilitarian Friday: "KeePass" Password Safe

After several months without many brick-wall coding problems to document, I'd like to start a mini-series called Utilitarian Friday to showcase many essential free software utilities that I use every day to increase my productivity. Not only are these useful to coders, but to the power computer-user alike.

Let's begin with KeePass - the Password Safe!

KeePass

KeePass is an easy, secure way to control your passwords using a flash drive or your local machine.

If you suffer from any of these conditions, KeePass is for you:
  • same-password-for-everything syndrome
  • I-can't-find-the-blasted-post-it-note-itis
  • I-thought-it-was-PA$$W0RD-but-maybe-it-was-P7S$WOR3-disfunction
There are 5 key features KeePass delivers for me: security, organization, ease-of-use, password generation, and a good deal (free!).

I. Security
How are stored passwords kept secure?
  1. The software is open-source, so you can ensure for yourself that it's not doing anything fishy.

  2. The master password, required to use your KeePass, is hashed with the very secure SHA-256 algorithm. Both the passwords stored and the utility's database itself are encrypted using the AES and Twofish ciphers -- which are ciphers used by banks.

    According to the makers of KeePass:
    "Even if you would use all computers in the world to attack one database, decrypting it would take longer than the age of the universe."
  3. When running in memory, passwords are still encrypted.

  4. Set KeePass to lock when minimized, and any subsequent access requires entry of your master password.

II. Organization
Set up a tree of Password Groups, assign little icons to each group, and it is so easy to find your passwords.

For example my KeePass, below, contains "folder" groups for: personal stuff, my full time job, and my freelance job. Then I organized those into type of passwords such as FTP, RDP, VPN, Live Sites, Dev Sites, etc.



While others are struggling to locate passwords by shuffling through physical folders and papers, or thinking back through fading memories, KeePass makes it a no-brainer.

III. Ease-of-Use
So once your passwords are stored, how to you use them? There are 3 ways.
  1. In your web page or application, click on the username text box, then press Ctrl + Alt + A. KeePass automatically enters your username, password, and submits the form. It can do this because it's aware of the title bar of the active window, using that to find a match in your password database.

  2. If no exact match is found or if the web site you are using does not have useful or consistant title bar text, press Ctrl + Alt + K to bring KeePass to focus, browse for your password record, click on it, then press Ctrl + V and it will auto-type in the window that last had focus - starting from the text box that last had focus.

  3. If you just need to copy and paste the password itself, in KeePass click on the password record and simply press Ctrl + C to have the password copied to the clipboard for 10 seconds.

Additionally, KeePass is a tiny application, less than 1MB, that you can easily carry around on your USB flash drive, and keep back-up copies on your home computer and work computer in case you lose or forget your flash drive.

IV. Password Generation
The great thing with KeePass is that if there is a password that you do not *need* to commit to your brain's memory, you can use the built-in password generator, to automatically make long, secure passwords for you to use.



This especially comes in handy for services that require you to change your password periodically.

V. A Good Deal
As with much of the open-source world, this price of this utility is FREE! Since this is not a remote service, there is no monthly fee or anything of the sort.

Download It Already!
Get KeePass now from its official web site or from its SourceFourge project page:

Stay tuned to next week's Utilitarian Friday for another review of an essential software utility!

1 comment:

  1. I love the concept of Utilitarian Friday! I've been using KeePass since you clued me on to it and it's been great. You kind of mention it, but another feature that is neat is password expiration. It won't let you use a password once it's expired, pretty much forcing you to change it before you can continue. It was kinda helpful for me to keep track of a password at work that changes frequently.

    ReplyDelete

Was this post helpful? Do you have questions about it? Do you want to share your own programming blog? I'd love to read your feedback.

Note: Only a member of this blog may post a comment.