Wednesday, October 18, 2006

Keeping your Passwords Safe

Network login password. Document Management system password. Internet Access password. Email password. Minimum 9 characters, mixed case, including characters, digits, and at least one symbol, no dictionary words allowed. Change them every 30 days, and no reusing the last 50 passwords.

In the attempt to make their systems more secure, companies make it practically impossible for you to remember the multitude of passwords that are required to log into their various systems. They force you to write the things down, which ironically makes their systems less secure than they would have been with sane passwords. And although they know this is the case, sysadmins persist in the almost religious conviction that they're doing a "Good Thing". Think I'm kidding? Look here.

So what do you do? The short answer is KeePass, an open source password safe. Keep KeePass on a USB data key. Keep it with you. This gives you access to a secure database of locations, names, and passwords that you use. One password is all you need.

Some of the nice, simple features:
  • KeePass can generate all those goofy passwords for you, according to whatever rules are dreamed up by your ITdepartment.
  • It doesn't require any installation, so you can keep it on a data key or floppy and carry it around with you (and if you're restricted from even running it, then find another job, because you are working for certified idiots. Refer them to me and I'll tell them for you).
  • No typing. KeePass copies the secure password to your clipboard to be pasted in. After you've pasted it, then KeePass will delete it from your clipboard. It never openly displays your password. It's actually possible to use it forever and never know your own passwords.
  • KeePass can categorize your passwords. You can organize them any way you like, keeping personal data separate from work, etc.
  • It's encrypted; it's secure. Really secure.
This is excellent software. Use it.