Home » Keeping Your Passwords Safe

  • Keeping Your Passwords Safe

    Keeping Your Passwords Safe

    Keeping Your Passwords Safe

    There is a famous xkcd comic about passwords.

    Password Strength

    Although there is merit to message, with the amount of passwords one
    has to remember these days, this strategy is infeasable.

    1 Password Manager

    A more scaleable solution to the password problem is using a password
    manager.

    1.1 Benefits

    The benefits a password manager offers fall in the following
    categories

    1. Store passwords. It is not uncommon to need a lot of
      passwords. Reusing passwords if frowned upon, because it would
      provide access to multiple sites once one password is
      known. So you need a different password for each site, that need to
      be recalled. A password manager has no problems to hold hundreds
      of passwords.
    2. Securly store password. Having passwords is one thing, but you
      would not want your passwords to be exposed. Writing them down on
      a piece of paper offers adversaries an opertunity to know your
      passwords. So password managers need to store your password securly
    3. Generate strong passwords. Human are ill equiped to come up with
      strong passwords. Again computers have no problems to generated a
      seemingly endless stream of (pseudo-) random numbers.

    2 Usage

    We will discuss KeePassX, although other password manager work in a
    similar fasion. I use KeepassX because it is available for a lot of
    different platforms.

    When you start the progam you are greeted with the
    following screen. It is not very usefull because there are no
    passwords yet.

    https://blogs.infosupport.com/wp-content/uploads/2014/10/step.00.png

    You first need to create a database. In order to keep your passwords
    safe it is best to both provide a master password and a master key file. This way someone needs two thing, something you know, i.e. the
    master password, and something you have, the master key file. Store
    the master key file on a thumb drive making it a portable. You will
    still have to remember the master password.

    https://blogs.infosupport.com/wp-content/uploads/2014/10/step.01.png

    Once you have created a database you need to store it
    somewhere. Because you want to use it on different devices it is best
    if the file is automatically synchronized. I use Dropbox, but other
    file synchronization providers can be used as well.

    https://blogs.infosupport.com/wp-content/uploads/2014/10/step.03.png

    Now that we have password database synchronization it is time to add
    passwords. Password entries can be provided with a lot of
    information. E.g. the url for to this entry, the username and
    expiration date.

    https://blogs.infosupport.com/wp-content/uploads/2014/10/step.04.png

    Most important is the password. Password managers can generate
    passwords for you. This allows for very strong passwords that are
    very hard to guess are crack. There are a lot of options to pick, but
    again choising a long password with a lot of entropy is best.

    https://blogs.infosupport.com/wp-content/uploads/2014/10/step.05.png

    When the entry is created you can use it. The program copies the
    username and password to the clipboard so it can easily provided when
    needed. When you close the program, it also wipes the clipboard so it
    will not be accidently exposed.

    https://blogs.infosupport.com/wp-content/uploads/2014/10/step.06.png

    3 Conclusion

    Using a password manager allows for more and more secure
    passwords. By synchronizing the password database it is usable on a
    number of different platforms, keeping a user safe from password theft.

    Share this