Keeping Passwords Safe

I normally only use one or two login passwords and so, previously, I have never bothered to check out password encryption programs. However, recently, I seem to have had to consult my “top secret” hard-copy file of web site passwords in order to access various obscure sites that I use only infrequently. While this file folder is a useful resource for storing multiple passwords, the difficulty comes when needing to locate a given password. Typically this means leafing through multiple printouts of login credentials for a wide range of web sites that aren’t arranged in any kind of logical sequence. I suppose I could organize these listings in a loose-leaf binder, rather than using a simple file folder, but it is probably even more efficient to use a computer-based password manager.

The essence of these software systems is an encrypted database, opened by means of a master password, that contains listings of individual web sites and their associated login credentials. Even better, most of these programs offer a way to enter a userid and password for any given site more-or-less automatically, thus expediting the login process.

My password manager of choice is KeePassX, primarily as it is open-source software that garners good reviews, but also because the Linux version has a Windows equivalent (KeePass) which means that I can use the same password database on both platforms.

By default, KeePassX offers to store passwords for three groups of applications, namely Internet, eMail and Backup systems. I only require to store passwords for web sites and so opted to set up a new database in the Internet group. The only requirement is to select a master password with which to access the database. Optionally, one can also specify a “key file”. This is an additional security measure since both the master password must be entered, and the specific key file must be present, before the password database can be opened.

With the database open, a new set of login credentials can be entered by selecting “Add New Entry”, either by clicking on an icon, or by using the program’s edit menu. The subsequent dialogue box has fields for Title, Username, Password, URL and Comment. An icon is associated with each listing and this can be selected from an available set of icons or a custom image can be used. The entry can be set to expire on a given date and time; however, by default, the expiry date is unchecked.

The password that is entered (and repeated as a double check) is encrypted in the final database and is displayed as a series of asterisks. A button (an “eye”) lets you see the actual password string behind the asterisks (when the encrypted database is open). The “quality” (i.e. strength) of the selected password is roughly indicated by the length of a horizontal bar, and an indication of the number of bits used in the string. For the paranoid amongst us, there is a built-in password generator that will produce (presumably) incredibly secure passwords. My test used a 256-character string producing a password with a full horizontal bar and 2048 bits.

Clearly, one could use KeePassX purely to store login credentials. The web sites are listed in alphabetical order so retrieving a given record is quite simple. One could then copy and paste the userid (Username) and password (having used the “eye” button to extract the encrypted text) from the data record into the login prompts on the web page. However, as noted earlier, KeePassX provides an option for the program to “fill-in the blanks” on the login screen. This process is a little non-intuitive and, in my case, required reading through a section of the web-based Quick-start Guide in the KeePassX User Guide (Help – KeePassX Handbook) a couple of times before I clued in on the technique.

The first trick is to hit the drop-down “Tools” button in the lower-left corner of the data record for any given web site. With the desired web site open in the browser at the login page, one clicks on “Auto-Type: Select Target Window”. Then, one uses the second drop-down menu to select the appropriate listing which in my test case was “Ottawa PC Users’ Group (OPCUG) Inc. – Mozilla Firefox”.

The second trick is to navigate to “Extras – Settings – Advanced – Auto-Type Fine Tuning” in KeePassX’s main menu and enter a keyboard shortcut in the “Global Auto-Type Shortcut” field. I opted for Ctrl + Alt + P as the keystroke combination that would automatically populate a web site’s login credential fields.

Even then the process turned out to be somewhat hit and miss. For example, I couldn’t get the system to work for the Ottawa PC Users’ Group’s web site as KeePassX returned the login credentials for a different entry. And, in my DropBox account, KeePassX selected the correct entry, but populated the E-mail field (effectively the userid) with my DropBox password instead of the user name! However, the auto-type process worked fine for some other web sites, e.g. National Capital Freenet.

While the automatic login process appears to be fraught with difficulties, KeePassX does at least let me store my infrequently-used web site login credentials in an electronic format, and provides a readily-available resource for this information when it is needed. So, no more leafing through dozens of pieces of paper for me!

References:

KeePass Password Safe
http://keepass.info/

KeePassX Beta
http://sourceforge.net/projects/keepassx/

KeePassX 0.4.1 Review
http://www.softpedia.com/reviews/linux/KeePassX-Review-125020.shtml

KeePassX: Keeping Your Passwords Safe
http://www.linuxjournal.com/content/keepassx-keeping-your-passwords-safe

Advertisements
This entry was posted in Applications, Encryption. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s