Use Strong Passwords and Keep them Safe with KeePass

As all three of my regular visitors know, a few months back my server was hacked. It was pretty bad, to the point where I lost a couple of years of blog posts and other information I had on my server. This event prompted me to start walking the walk that I talk about in regards to password safety.

This post talks about Keepass. While Keepass is still a good choice and continues to be updated, I have been using Lastpass and recommend it over any other choice. You can read other posts I've made regarding Lastpass here.

I am leaving this post here for archival purposes.

When I got hacked, I realized that I had 3 or 4 main passwords that I used on a daily basis, and these 3 or 4 passwords if lost, gave you access to over 30 systems I use regularly. From banking to blogging, computers, and voicemail systems, if you got a hold of these few passwords you could have an insider's view into my personal, financial, and mostly private life. Kind of scary if you think about it. Of course, as soon as I found out, I began changing the passwords and making sure no malicious activity had happened.

I've worked in corporate IT shops pretty much my whole life. The corporate policies on passwords are usually pretty good. You need to keep a password, that is at least eight characters long and that contains capital letters, lower case letters, and symbols or numbers. That's pretty good, the problem with that is that most people end up using one or two passwords for all their stuff. If you care about your sensitive information, you'll think twice about doing this in the future. In fact, start now and begin changing your passwords for different systems so that they are unique. I took this as a basis for my new passwords and began working on it. Took me about a day to change all my passwords and a few more minutes later on when I found the occasional

When I was all finished changing passwords so they are all unique and locking my stuff down, I had over 100 usernames and passwords. You may be wondering how I have so many. I have a lot of web accounts, I do most of my banking online and I also have a lot of accounts I use for my consulting business. If you really think about it, you probably have a sizable number of usernames and passwords. Even 10 or 20 passwords can be difficult to manage. So my task was to find a way to manage all the passwords easily and quickly.

I found several little programs on the internet that helped with this. Norton has a password manager application, there is my ex-favorite PINs by Mirek, but I found the best one so far. It's called KeePass Password Safe.

I love KeePass and I live by it now. I have a huge password that unlocks the whole file so I have access to my username and passwords. I think this is a great solution that everybody can use. One of the greatest things about KeePass is that it works on almost anything you can think of. It runs on Windows, it runs on Macs, Linux and other Unix variants. You can even run it on some mobile devices. It is really secure because it is encrypted. Make sure you use a long master password, like a passphrase and then you're pretty safe.

Some of the other key features of KeePass highlight on its maturity as an OpenSource application. You can import and export from and to a variety of formats, you can export certain groups of passwords, this comes in handy when you want to share a group of passwords with colleagues or spouses or for some other reason but you don't want to share your whole database. Another really handy feature of KeePass is its password maker utility, you can specify your password criteria and then have it automatically generate random passwords for you, this is a huge help when trying to come up with unique secure passwords.

This cool little app could even be used in a corporate environment where multiple people need access to the same systems. Like networking equipment, web servers, management consoles, etcetera etcetera. Given that this is OpenSource, cross-platform and easy to use I'm not sure why more companies don't use it. You can even team it up with a version control system so multiple people have access to it and changes are documented as time goes by.