Storing Passwords

If you follow password security guidelines, you should have a unique password for each online service you use. That way if one service provider does get compromised and some ne’er-do-well in Russia gets your password, he can’t get into all the other online services he might guess that you use. But a study from 2010 reveals that 75% of people use the same password for social media sites that they use for their email. Why? Well one obvious reason is a false sense of security, but a more practical reason is convenience. Who wants to (or can) remember dozens of unique passwords? Some folks keep a text document or spreadsheet with their various passwords in it. But typical desktop software has notoriously weak password protection, so instead here are 2 better ways to do it, one for Mac and one for Windows.

Mac: Keychain Access

The keychain is where your Mac stores usernames and passwords you use in applications that integrate with the keychain, like the Safari web browser. So if Safari asks you if you want to remember the login you used to login to Amazon and you agree, that data is stored in your keychain. Likewise all those WiFi network passwords you let your Mac remember. And Apple provides a simple utility for seeing (and editing) those items in your keychain, called Keychain Access (Applications>Utilities>Keychain Access). The great thing about Keychain Access is that you can also create Secure Notes, containing any text you want, which also get stored in your keychain. Keychain Access prompts you to enter your password to view those notes, and your keychain file is stored with Triple DES encryption. Extra Security Tips: Set your keychain preferences (again via Keychain Access) to lock your keychain when your Mac goes to sleep. Also set a “hot corner” (System Preferences>Desktop & Screen Saver>Screen Saver>Hot Corners)to put your display to sleep, and when you walk away from your Mac, drag your cursor to the hot corner.

Windows: KeePass

KeePass is a free, open source application designed specifically for storing passwords. Your password database file is stored encrypted via AES or Twofish, and a single password unlocks the database. You can have multiple databases as well, if that’s your style. KeePass is quite easy to use. Stored usernames and passwords can also have an associated URL and notes, and you can right-click an item and copy its username or password to the clipboard for easy pasting into another app. You can also group stored items and search your database. Bonus Tip: Since KeePass is open source, it has been ported to many other platforms, including Mac, Linux, iPhone, Android, and Blackberry. Some folks store their KeePass database in Dropbox or Box.net, so they can access it from anywhere. So no more excuses. Secure your online accounts so the next time an online service gets compromised you won’t have to scramble to change your password everywhere else.

« Previous Post
Next Post »