Password keepers, my thoughts…

Good morning everyone,

So it’s nearly a week since I got engaged. I got engaged on the day after Valentines day, I did not want to do it on Valentines day, so I did it on the Sunday evening after a lovely dinner at Melrose Arch.

Last week my first blog post was successful, and I managed to get in some comments and a bit of discussion.

The question that I got was about password keepers \ password stores, so I thought that I would write about my thoughts on that today.

These days there are so many sites that we have signed up with, and each site needs a username and password. If you were anything like me when the internet was first starting to grow, I had so many web-mail accounts, that I just simply stopped using them because I forgot what the log in credentials were.

Now days you need to remember a password for Facebook, one for Twitter, one for your Gmail, your internet banking and if you’re like me you also have many other sites that you need to remember passwords for.

Now the problem that I have is that it’s easy just to use one password across all sites. (Bearing in mind that it’s a secure password as discussed last week.) But then some sites require passwords to meet specific criteria to be deemed strong. That is when I start getting overwhelmed, and decided that I would use a Password Keeper.

A Password Keeper is a tool that stores all your username and passwords. The good ones will store them in an encrypted file that can only be opened if you have the password. The one that I use can also be generate a unique secure passwords based on a set of criteria. I use KeePass (http://keepass.info/).

While I really like being able to access my passwords at a click of a button, I think that a password Keeper has a few draw backs:

1.  You do not actually know your passwords. If for some reason you loose your master password to your Password Keeper, then you have lost access to all your sites, and will need to go through the password reset process.

2.  Someone could gain access to your computer \ mobile device, and either knows, guesses or cracks your Password Keeper password then access to all your sites is compromised. I think this could be fairly low risk for your personal computer, slightly higher risk for a laptop, and high risk for your mobile device.

3. When you change your password, you must remember to update it in your Password Keeper otherwise the next time you come back to your site to log in you’ll have the old password on store, and will need to do a password reset.

If you have any comments or thoughts on Password Keepers I would like to hear it, so feel free to leave a comment for me.