We all use passwords in our day-to-day lives. Logging on to your favourite site, remoting into a server, connecting to your home-lab. Passwords are here to stay.
There are people that think passwords will eventually disappear, but I don’t believe they will. People still to be be authenticated in some way, whether it’s a typed password or a retinal scan. It’s all the same.
While we still have typed passwords, you should at least make sure they are as secure as possible.
This is a list of tips that I try to use whenever I create a new password for a website or service…
- Use a random password generator,
- Use numbers and symbols if the service supports them,
- Make the password as long as possible. The longer the better,
- Don’t tell anyone your passwords.
- Use a different password for each site or service.
Never use the same password twice.
Now, I know there are many people out there that will have hundreds of websites and services that they use all the time, and trying to remember any password longer than 10 or 12 letters can be hard, so trying to remember more than an handful will be near impossible.
There is help though. There are several tools that will help you store your passwords in an encrypted database and all you need to do is just remember one password.
One of the most popular free tools is called KeePass. This will keep all your passwords safe and allow you to generate random passwords for your various websites. There are others available, some free, some paid. I personally use the paid tool 1Password, and have used this for quite a number of years. However at work I do use KeePass quite a bit.
This should be the last password that you will ever need to remember. Make it a good one. The longer and more complicated you can make it, the better. As you can see, I used the password from the XKCD Comic above as an example.
Once you have entered a master password, click OK.
A new window will appear, enter some optional details for the title and description if you want to, and select the Security tab. Here we should change the Key transformation number from the default of 6000 to something much larger. Click the blue link labelled 1 second delay. Depending on the speed of your computer, this number should change to something with a few more numbers. Mine came out at about 16965888.
You can change the settings in the other tabs too if you like, but the defaults should be fine. Click OK when you are done. Your new database will open and it will have some pre-configured folders and a couple of entries.
To create a new password entry, click Edit, Add Entry… From the window that appears, fill in all the details you can. A default password is created for you. So if you are signing up for the first time to a site, you can use this suggested password.
If you don’t want this password, or the website doesn’t support the length or complexity, you can launch the password generator to create a new one. Simple click the small key icon next to the password box.
There are tons of plug-ins available for KeePass. These perform all types of actions and allow you to expand the functionally KeePass. There are plugins that will allow you to import an existing password database, or import your existing passwords from Firefox. There are also plug-ins to hook into your favourite browser to help with auto-logging in.
Grab them from here.