Home > Articles > Security > Network Security

  • Print
  • + Share This
Like this article? We recommend

Software Solutions

There are several software-based options available for managing passwords, including those built in to your favorite browser.

Cheap and Easy (But Insecure)

I know many individuals who write down passwords, usually in their day planner or other suitable notebook. Even when the writing is shorthand or otherwise cryptic, this method is very insecure. Anyone with enough time and your notes can easily access any resource listed in the notes.

Most browsers have a built-in password database and offer to remember any password required by HTTP authentication. HTTP Auth is recognizable by the plain-Jane dialog box used to collect the authentication info, as shown in the following figure.

There are some caveats to this browser feature:

  • The authentication has to be HTTP based; the browser can't remember form fields or other methods of accomplishing a login.

  • The remembered username and password appear magically whenever the protected site is accessed—all the user has to do is click OK.

The first caveat makes the feature fairly limited in scope—most online accounts use more sophisticated protection schemes than straight HTTP Auth. The second feature allows quick and easy access to the protected site, easy access for anyone using the browser.

KeePass – The Open Source password safe

One step up from a non-protected password database (whether electronic or written) is a password vault such as KeePass. KeePass is an open source program that stores passwords in an encrypted database, requiring a master password to access that database. The KeePass vault is shown in the next figure (from the KeePass website).

The features that make KeePass a really cool (and more secure) application include these:

  • The vault uses folders to help organize your password entries into groups.

  • When cutting and pasting a password from KeePass, the clipboard is automatically cleared after 10 seconds (helping ensure that the password doesn't remain there for anyone else to access).

  • The vault auto-locks when minimized or after a period of inactivity.

  • The pass-phrase to access the vault can be stored on removable media, such as a USB flash drive. Assuming that the two (computer and flash drive) aren't always connected, you can be reasonably sure no one can access the vault without your presence.

  • It autogenerates passwords and indicates how secure the manually entered passwords are.

The product is very feature-rich, but it is a bit rough around the edges. It doesn't integrate deeply into Windows—the options to populate data into web sites and applications fields are limited to cut and paste, with a few template options (text mixed in with fields from the vault). It also doesn't integrate with hardware authentication options, although this is because of a lack of APIs for the hardware instead of a shortcoming of the KeePass programmers.

  • + Share This
  • 🔖 Save To Your Account