Everybody has passwords they need to keep secret, but that also need to be remembered. Managing these passwords can be a pain and time-consuming. For these reasons, a lot of people just decide to have one password for everything, which can be disastrous if your info falls into the wrong hands. I was one of those people who had mainly one password for everything. I knew that what I was doing was insecure, so I decided to look for a password manager.
My needs in a password manager were:
- Something that can securely store my passwords and other private data (WiFi keys, product licenses, PINs, etc).
- Easy to sync between computers so I always have the latest copy for whichever computer I am currently on.
- Automatically fill out login fields on websites.
- Control of the password database.
There are many password managers out there. A lot of the newer web browsers have some sort of password management built in, there are online password management sites, and there are desktop clients for all the different operating systems.
I used the password manager in Firefox for a while, but it didn’t fulfill my needs. I could only store passwords and nothing else and you couldn’t use it anywhere else except for Firefox. Also, some sites, mainly banking sites, wouldn’t allow Firefox to save passwords.
I looked into online password management sites, specifically Clipperz, but I just decided it wasn’t right for me. It had a lot of the features I was looking for, but I didn’t have control of my own password database. If the site ever shuts down, then I’ll lose all my passwords and would have to find something else.
After looking into desktop clients, I found KeePass, which had everything I was looking for and what I ended up using.
I used the newer 2.x beta version of KeePass as it had more features that I wanted. KeePass is natively a Windows program, but with the Mono project, can be run on OS X, Linux, etc.
KeePass works by creating a password database for all your passwords and data. This password database is encrypted by a master password that you choose. All you have to remember after that is your master password, and you have access to all your secure data.
KeePass is primarily a password manager, but it also has custom fields where you can store any data you would like. You can also attach files to an entry, which is really useful for attaching product keys and licenses. You can sort your entries into different groups, making it really easy to organize your different types of data.
KeePass stores all your passwords and data in one file, which makes it really easy to synchronize. While there is synchronization built in to KeePass, I already use the awesome file synchronizer Dropbox on all of my computers. I store the password database in Dropbox, and it will automatically get synchronized to all of my computers when I make any changes to it. If you are on a computer where you don’t have Dropbox installed, you can use Dropbox’s web interface and download the file directly from there.
One of the most useful features in web browser password managers is that it fills in your username and password automatically on websites where you have your login information stored. KeePass has a very similar feature called “Global Auto-Type”. In the options, you can set a custom key command for Global Auto-Type or you can use the default Ctrl+Alt+A. On a webpage you want to login to, click on the username field and then press the key command for Global Auto-Type. If KeePass can match the website to an entry you have saved in your database, it will automatically fill out the username and password fields and submit the form. If there is a webpage that doesn’t follow the username-tab-password-enter flow, you can set up a custom Auto-Type sequence on a per entry basis.
I described some of the basic core featured of KeePass above, but there are a lot more options available to you if you are a power user and really want to customize your experience.
This system made password management quick and painless for me, but it might not fit everybody’s needs. If you use something else that works well for you, leave a comment and let me know about it.
UPDATE: See also Password Managers: 2014 Heartbleed Edition.
