I'm a firm believer in:
making every username unique
making every password unique and complex
never storing an electronic copy of either unencrypted
So if you have several dozen or a few hundred usernames to keep track of, and lots of crazy passwords keeping an electronic copy is a double edged sword, but for me it's unavoidable. My password manager can generate custom passwords and open encrypted password files. I've run PwManager on linux for years, and keepass on windows, but now in Lenny we have keepassx in the repo! Let's grab it:
debian:/home/thom# aptitude install keepassx
Then add it to your fluxbox menu via geany:
[exec] (KeePassX) {/usr/bin/keepassx} <>
Then we can go ahead and launch it from the menu. (and begin the screenshot slideshow...)
K there is nothing there, we need to create a new password database.
First thing we get asked for a Master Key, whatever you type in here will be the only way into the password file. You'll need to enter it again to confirm it.
OK now we have created a database with a master key, but there is nothing in it. Next I right click in the Groups section and add a new group.
I will create a group for all the logins to different websites, you can break these groups down anyway you like.
I will do one for routers and servers, one for email and im accounts, and one for use inside of web browsers. Next I will highlight a group I want to put an entry in and click the little Add Entry icon my mouse is hovering on here.
Go ahead and fill in all the info you want to store in the database. If I type in a password I can click the eye to see what I typed, or if I want to generate a password I can click Gen.
I love using password generators, they let me pick my mix of characters and I can customize what I generate for any given site by it's minimum password requirements. I will pick my options and click Generate.
Whenever I generate a password I review it and usually change out a few characters before clicking OK. I remove any character that looks too much like another (capital I's and lower case L's can be difficult depending on font) and any special character that isn't easily recognizable.
Now we have our first entry, we must save the update to our database. Do Not make important accounts with impossible passwords then forget to save them!
You can name it something tricky too.
Once it's saved, close out of the program and launch it again. Now all you need to do is enter the master key once and you can see all your other passwords.
Notice we've got our entry and when we open the program it doesn't show us the password. If someone is sitting behind us they can't see the master key or the passwords in the file.
Now lets do something fun. This is the most exciting part for me in being able to switch to keepassx. Let's copy the password database to a windows box. We can install Keepass for windows and it will recognize the file type.
When we double click it we can enter the same master key we used when we first created the database in
Here we can see our entry. Pretty cool huh? Cross platform password manager.
But wait, go to Portable Apps website and you can install Portable Apps and Keepass on a USB thumb drive, then save your password files on the drive and put it in your pocket. This is really helpful when you're a linux guy and you have to work at the console of a bunch of Windows servers with lots of passwords but a no-install policy.
I hope seeing how easy these steps are will encourage anyone using poor security practices to step up their password strength and storage practices.
No comments:
Post a Comment