Tuesday, December 16, 2008

Open Source Spotlight - KeePass

Like many of you, I have too many passwords to remember. Passwords for my online banking, my billpay, my blog... the list goes on. And like many of you, I was resorting to writing them down, reusing the same password over and over, and other bad ideas that aren't secure and will wind up getting you in trouble.

A couple of years ago I was introduced to KeePass. KeePass is what is known as a Password Safe. Basically it is a database of passwords that is encrypted and hidden behind it's own password. Only it's a little more user-friendly than just that.

It gives you a single place to categorize your passwords on your PC so that they can be found or even searched. It also gives you a place to keep other useful information like the URL to the site that you're logging into, your username, and a notes section where you can document all of your "security question and answers".

Not only is the database encrypted using must stronger techniques than a password protected Word document (I've cracked those in a matter of minutes), but it also has tools that can make your online life more secure. One of the best thing that you can do is have completely unique passwords on each site. KeePass makes this easy with a random password generator.

By selecting the parameters (length of password, upper case, lower case, numeric, etc...), it will generate a password and store if for you.

The password database can also help mitigate the risks of being infected with spyware/malware programs called key loggers. Key loggers are basically programs that capture anything you type in on the keyboard and send it to the "bad guys". With KeePass, entering a password on a site can be done with a couple of clicks of the mouse - no typing on the keyboard and it even flushes the password off of the computers clipboard after a few seconds so someone else can't stumble across it.

Like any piece of technology, it has it's drawbacks. With this, it is increasingly important to back up your data files on a very regular basis. Also, if you let it randomly generate your passwords, you become dependant on KeePass which can be frustrating if you're at a friend's house or otherwise don't have access to your KeePass file.

I give KeePass four out of five stars.