So, everything requires a password these days right? Whether you’re setting up a new email account, signing up for twitter, or creating a new bank account. How in the world do you remember all of these passwords? Well, I’ve seen the old sticky note on the monitor (in the drawer, under the keyboard, you name it) all too often, and we all know that we shouldn’t use the same password everywhere right? That leaves two options: have an amazing memory (ask my wife, I don’t) or find a way to securely manage your passwords.
Thankfully KeePass (or KeepassX on Linux or Mac OS-X) can help out where my memory lacks. KeePass will provide you with a secure place to store all of you passwords in an encrypted format. From the screenshot you can get a rough idea as to what the interface looks like. When you highlight any of the entries, you can just Ctrl+C to copy the password and paste it into whatever application is asking for it. For websites, there’s even an ‘auto-type’ feature. To use this, you first go to the site you want to log in to, click in the username box, and then open KeePass and click on the entry for the site. Then press Ctrl+V and it will type in your username / password for you. Slick eh?
I’ve also been asked about how to generate secure passwords. If you are going to use something like KeePass, I would recommend using it’s built in password generator tool (take a look to the left). It gives you a few options to configure, and then spits out a nice random password for you. For those of you using Ubuntu (or any variant of linux for that matter) you can use the command line tool pwgen (click to install in Ubuntu or ‘apt-get install pwgen’). After installing run something like:
pwgen -B -N 5 -1 |
To get a list of passwords similar to:
eiyah7Ei Aeh3Ooxo jaW9ahFi rohxiJ7z uth9ZieY |
The -B parameter tells it to not use ambiguous characters (is it a 0 or an O? l or I?). -N 5 creates 5 for you to choose from and -1 puts them each on their own line to make it easier to pick.
If you don’t have access to either of those tools, or you need something that you’ll have a better shot of remembering, try basing the password off of a phrase or something you’ll remember, and add in a couple twists. Let’s try one here… off the top of my head, the first phrase that came to mind was “an apple a day keeps the doctor away” and the password I came up with is “4pP13/d=!phD”. (4pp13 kinda loos like apple, /d is short for per day, =! is ‘not equals’ in programming, and phD is a doctor.. apple/day equals no doctor). Okay, that may not be the best example, but you get the idea right?
If you are needing to create a password for a remote server, I would recommend looking into ssh keys. Used well they can provide better security and less hassle for you.
Anyone else have any password strategies they’d like to share? Please, please don’t say “my favorite pet’s name” or “my birthday and last 4 digits of my phone number”…
Tags: apps, security, system admin
I’m not so sure I agree with you about your inability to remembering passwords. I believe at one time you have over 50 memorized.
Hey, what’s wrong with my favorite pets name!?