Ausgangslage:

Bei der Vielzahl an Web-Diensten, verschiedenen Zugangsdaten, Benutzernamen und Passwörtern gibt es zwei Möglichkeiten, in die man abrutschen kann:

• Man verwendet verschiedene Passwörter und vergisst das eine oder andere oder hebt sich irgendwo (im schlimmsten Fall unverschlüsselt) eine Liste auf, die dann womöglich gerade nicht zur Hand ist, wenn man sie benötigt.
• Oder man verwendet überall dasselbe Passwort, was natürlich bedeutet, dass jemand, der das Passwort mitbekommt, gleich auf alle Konten Zugriff hat.

Die Lösung ist natürlich ein Passwort Manager.

Nun waren für mich außerdem folgende Dinge wichtig:

• Ich möchte die Passwörter nur einmal eingeben (bzw. generieren lassen) und auf allen Rechnern (bei mir v.a. Windows) zur Verfügung haben.
• Die Passwörter sollen nirgends unverschlüsselt herumliegen.
• Ich möchte nicht von einem Online Dienst abhängig sein, um mit meinen Passwörtern zu arbeiten (wie es z.B. bei https://lastpass.com/ – sonst ein empfehlenswertes Angebot – der Fall ist)
• Ich will die Passwörter nicht abtippen / eingeben müssen, sondern möchte Mechanismen, um Login-Formulare schnell ausfüllen zu können, allerdings möchte ich keinen kompletten Auto-Login, um auch im Detail die Kontrolle zu behalten.

Meine Lösung:

Passwort-Manager: KeePass
http://keepass.info/

KeePass ist ein gratis Open-Source Passwort Manager, der hilft, Passwörter auf sichere Art zu verwalten. Alle Passwörter können in einer Datenbank abgelegt werden, die mit einem Master-Key oder einem Key-File gesperrt werden. So muss man sich nur ein einziges Haupt-Passwort merken oder einen Key-File auswählen, um die Datenbank zu entsperren. Die Datenbank(en) werden mit den aktuell besten und sichersten Verschlüsselungs-Algorithmen verschlüsselt: AES und Twofish).

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

KeePass (Professional) gibts für
Windows 98 / 98SE / ME / 2000 / XP / 2003 / Vista / 7, each 32-bit and 64-bit, Mono (Linux, Mac OS X, BSD, …).

Contributed/Unofficial KeePass Ports and Builds

• KeePass for PocketPC and Smart Devices (1.x and 2.x)
• KeePass for J2ME / mobile phones (KeePassMobile)
• KeePass for J2ME / mobile phones (KeePassJ2ME)
• KeePass for iPhone
• KeePass for BlackBerry (compat. with KeePass 1.x)
• KeePass for BlackBerry (compat. with KeePass 2.x)
• KeePass for PalmOS (Converter) (also see 2.x To KeyRing)
• KeePass for Linux / Mac OS X (1.x KeePassX)
• KeePass for PortableApps Suite™
• KeePass 1.15 for U3 Devices
• KeePass for Preinstalled Environments (PE)
• KeePass for Android (KeePassDroid)

Hilfe Seiten
http://keepass.info/help/base/index.html

Erste Schritte:
http://keepass.info/help/base/firststeps.html

Dropbox
https://www.dropbox.com/

Backup, Datei-Synchronisierung und Dateifreigabe leicht gemacht.

Was es tut:

Ordner aufmehreren Rechnern synchron halten
D.h. Wenn ich auf meinem Büro-Rechner und auf meinem Heim-Rechner mit dem gleichen Dropbox Account eingeloggt bin, holt sich der Heim-Rechner, wenn ich ihn einschalte, aus dem Internet die Änderungen, die ich im Laufe des Tages im definierten Ordner am Büro Rechner verändert habe.

Backup in der Cloud
Diese Synchronisation funktioniert auch über mehrere Geräte. Ein Zusatzfeature besteht darin, dass die Files auch in der Cloud bei Dropbox abgelegt werden und über ein Web Interface runtergeladen werden können. Insofern muss man natürlich Vertrauen in die Firma haben oder die Inhalte verschlüsseln. In diesem Web-Interface lassen sich auch alte Versionen von Dateien oder gelöschte Dateien wieder finden / wiederherstellen.

Wie funktionierts?
Client auf dem Rechner installieren, Account anlegen, Ordner auswählen, der synchron gehalten werden soll, fertig.

Dropbox und KeePass
Wenn man natürlich nun die KeePass Datenbank (und/oder die Software) in den Dropbox Ordner packt, ist auch die immer synchron (wenn ich alleine darin arbeite natürlich).

Dropbox ist free for Windows, Mac, and Linux, es gibt auch eine App fürs iPhone.

Firefox Portable
http://portableapps.com/apps/internet/firefox_portable

Nachdem ich nun KeePass und Dropbox verschränkt hatte, wurde mir klar, dass ich meine Passwörter manchmal auch an anderen Rechnern brauche. Die KeePass Applikation funktioniert auch ohne Installation, also insofern kein Problem, rauf damit auf den USB Stick.

Nachdem aber natürlich manche PCs respektive Browser die Passwörter speichern, habe ich mir auch noch gleich den Firefox Portable auf den USB Stick installiert, damit kann ich nun jederzeit an jedem Windows Rechner mit meinem Passwort Manager im Web arbeiten, ohne etwas preiszugeben.

iKeePass – KeePass am iPhone
http://ikeepass.de/

Was mir noch fehlt: die iKeePass App gibts bisher aufgrund von rechtlichen Einschränkungen nur in US und Canada. Da auch die App Dropbox (auf folgende Art: http://ikeepass.de/bl0g/?p=175) unterstützt wird, wäre mit dieser App mein System komplett.

Hoffentlich wird das bald etwas.

Freue mich über Kommentare und/oder Empfehlungen!

More than 15 years ago, I connected to a publicly available computer network for the first time to read the news and get the weather forecast for the following day.  I know I could have got this information from one of the local newspapers but it was more fun getting it this way.  I needed to know the weather forecast for a geography project I was completing and I logged in everyday for a week  to get it.  The computer network I was logging into wasn’t the internet – it was Beltel, a bulletin board system (BBS) based in South Africa.  Bulletin board systems were around before the internet and as many of my classmates didn’t have acess to Beltel, I felt pretty special.  Logging in to get the weather forecast was all I needed to do online at the time and all I needed to remember was a single username and password!

This has changed a lot since then.  All the people I know now have broadband access to the internet and the number of online services that you and I now depend on and use has increased dramatically.  We now do banking, shopping and socialising online. Each of these services require that we register before being able to use the service and this means another password to remember. Remember that the same password for all accounts should never be used as should a hacker gain access to one of your accounts,  then the same password could be used to gain access to all your other accounts.

I recently began reviewing several different password managers that I could use to store my passwords for me so I wouldn’t have to remember them.  I’ve decided that I’m going to be more comfortable using a password manager that saves passwords on my own computer rather than on a server somewhere out there.  It isn’t so much because I don’t trust that an online password manager won’t be able to keep my passwords safe but rather because I won’t be able to access any of my accounts if the online password manager service unexpectedly goes offline.  If you do decide to use an online password manager, be sure to use one that uses host-proof hosting such as PassPack.  Host-proof hosting ensures that even if the server is hacked, the data on the server is still safe as it has been encrypted and only the user holds the key to decrypt the data. 

The desktop password manager that I have decided to use is KeePass Password Safe.  It’s an open source program which means that you don’t have to pay for it and because the source code has and continues to be reviewed and updated by many software engineers, you and I can be confident that it does what it does very well.  All passwords are stored in an encrypted database and only a single password known as the master password needs to be remembered in order to encrypt and decrypt the database.  The password database can be stored on a USB drive enabling you to access your passwords when you move from one computer to another.  Be careful not forget the master password as it will then not be possible to recover the passwords stored in the database.  KeePass Password Safe has been downloaded more than 7.5 million times. 

If you do not yet make use of a password manager, I encourage you to take a look at KeePass Password Safe.  I have created 3 short videos to help you get started! 

How to download and install

How to create a new password database and add a new password entry

How to open a password database and retrieve a password entry

However you decide to manage your passwords, remember to stay safe online!

64bit Linux에서 LastPass Extension이 원활히 설치가 안되었던 것도 문제 였지만,
아래쪽 상태줄에 위치해서 참 거슬렸던 것이 해결 되었다.
Firefox 처럼 위의 주소입력 줄 옆에 빨간 LastPass 아이콘이 작게 들어가 있다~

LastPass는 알패스 오프라인에서 알패스 온라인 버전,
KeePass v2.x 를 사용하다가 최근에 거의 정착을 하고 있는 패스워드 관리 프로그램 이다.

좋은점,
1. LastPass는 우선 다양한 플랫폼과 브라우져를 지원한다.
(Safari도 플러그인을 지원한다.)
2. 랜덤 패스워드 생성이 원하는데로 조합이 가능하다.
3. 아이디, 패스워드를 자동으로 감지해서 로그인 시 입력 창 or 입력 줄 등을 생성해서 등록이 편하다.
4. 로그인 자동 입력이 지금까지 사용했던 제품들 보다 맘에들게 더 잘 동작 한다.

• 크롬버전 : 4.0.245.0~svn20091111r31665-0ubuntu1~ucd1~jaunty
• LastPass 버전 : 1.60.0

About LastPass
lastpass is an online password manager and form filler that makes web browsing easier and more secure.

• Create strong passwords, knowing you only have to remember one.
• Log into your favorite sites with a single click
• Fill forms in a second; stop pulling out your wallet to get your credit card number
• Access and manage your data from multiple computers seamlessly
• Securely share logins and notes with friends and let others share with you

- 끝 -

You use Firefox and let it manage your passwords? Did you know, everyone can access these by just clicking on

Tools > Options > Security > Saved Passwords… > Show Passwords

(in German: Extras > Einstellungen  > Sicherheit > Gespeicherte Passwoerter… > Passwoerter anzeigen)

You have 3 options to not let everyone see your passwords:

1. Do not let Firefox store your passwords. This may be your best shot, when more people work on the same computer. And instead…
2. Use an external Password-Manager like KeePass, which is also available for portable installation on an USB-Stick: http://keepass.info
3. Under Options choose Use a Master Password. Now, everytime someone wants to auto-fill-in a password or store a new password, your set Master Password is required.

With everything we do online these days, there are bound to be lots of usernames and passwords to remember, both for school and also for personal use.  It really is not advised to use the same username and password for everything – if someone figures it out, they have access to everything you do online.  Since it is really recommended that you create strong passwords, they become difficult to remember. 

One great program you can use to help keep track of all these usernames and passwords is Keepass.  Keepass is a free, open source program available for many different platforms.  They have Windows, Mac, Linux, iPhone, and many other versions available for free.  The program can be downloaded here.  They even have versions to run on your USB flash drive as well (then your passwords go with you).  The basic idea is this: all of your login information is stored in a database that is secure with its own password (a password to get your passwords… kind of sounds like getting a video tape that explains how to hook up your VCR…).  Once you open the Keepass program it allows you to view and manage all of your stored passwords.

Here is avideo that explains some of the features of Keepass:

As someone who does most of his work on the web, I’ve developed some habits to allow me to work quickly, without distraction, so that I can get my work done easily.

When I see others browse the web, it sometimes surprises me how far behind they are, and when others see me browse the web they’re surprised at how quick I am.

I’m not bragging — I know there are web monkeys faster than me. But I thought I’d share some of my tricks for the masses, in hopes that it’ll be of some use.

First, understand that everyone has their own personal style of browsing, and I don’t think you should adopt every tip below. This is what works for me. You probably won’t like it as much.

Second, understand that my philosophy is one of minimalism: I don’t like a lot of bells, whistles or distractions, and I like fast, lightweight programs that aren’t bloated or slow. I also like to work quickly, using the keyboard mostly, so that I can get my work done without friction.

So here are my tips — some of these will be old hat for web veterans, but they bear repeating.

1. Use a fast, minimal browser. First, if you’re using Internet Explorer and you don’t absolutely have to, please do yourself a favor and switch right now. It’s bloated and slow, insecure, and doesn’t render the web correctly. If you can’t switch, please start educating your IT or HR department about modern, standards-compliant browsers. Second, I’ve long been a fan of Firefox because it’s generally awesome and extensible, but lately I’ve switched to faster and lighter browsers that do what I need with a minimum of bloat. So on the Mac, that’s been Operaand lately Camino. Both are great and do what I need. On the PC, there’s no contest — it’s Google Chrome, as it’s the fastest I’ve tried.
2. Use tabs, not windows. This should be obvious but many people still open a new window each time they’re going to a new site (including my mom). Instead, configure your browser to open new tabs instead of windows. When you are reading a post, for example, and want to open a link in a new window, Command-click (on a Mac) or middle-click (on a PC) should open the link in a new tab. Now you can switch between tabs without needing to find where each window went.
3. Learn keyboard shortcuts. Again, this is obvious to most web monkeys, but it’s so much faster that you need to take the time to learn the shortcuts. Some common examples (using Mac shortcuts): Cmd-T to open a new tab, Cmd-L to go to the browser’s location bar (to enter an url), Cmd-D or Cmd-K (depending on the browser) to bookmark, Cmd-K (on some browsers) to go to the search engine box (the Google box), Cmd-W to close a window or tab, and so on. Each browser and OS have different shortcuts, but you can easily learn them by looking at the shortcuts in the menus of the browser. It just takes a few minutes to learn them, and then you’re golden.
4. Set up keyword bookmarks and speed dial. Most browsers have keyword bookmarks, and it takes just a few seconds to set up each one. Basically, for all of your common sites, you’ll want to create a bookmark, and then go to the bookmark and enter a keyword for quick access to that bookmark. To do this, go the the Properties of the bookmark and set the keyword. I recommend short keywords — common ones for me include “gm” for Gmail, “rd” for Google Reader, “cal” for Google Calendar, “bog” for my bank website, “tw” for Twitter, “st” for my blog’s stats, “post” to create a new Zen Habits post, and so on. Speed Dial is an Opera feature that other browsers seem to be copying — you set up your 9 most oft-used websites into Speed Dial, and then can go to any of them with the press of a key (i.e. Cmd-1 for Gmail, Cmd-2 for Twitter, etc.).
5. Set up keyword searches. Same as above, but these are saved searches you might perform commonly besides a regular Google web search. Examples might include Amazon, Wikipedia, Wiktionary, IMDB, Ebay, and Flickr searches. For each saved search, you’ll have a keyword, and then you can just search from the location bar (Cmd-L to get there) — for example, “im alyssa milano” will search IMDB.com for Alyssa Milano (once you set it up of course).
6. Set up keyword bookmarklets. In Firefox and a couple other browsers, there’s the ability to create javascript bookmarklets that have some kind of functionality — for example, a bookmarklet for Tumblr (to create a new post from the page you’re reading) or Instapaper (to bookmark an article for reading later) or Twitter (to tweet a page) or is.gd (to create a short url for a page), and so on (some good examples). Other browsers (Opera is an example) don’t allow you to drag and drop a bookmarklet into the bookmarks toolbar, but you can still create them: 1) create a regular bookmark , 2) copy the link url of the bookmarklet using Control-click or right-click, 3) paste this url into the regular bookmark in your bookmark manager (Cmd-B in Camino), and then create a keyword for this bookmark. Now, if I want to create a short url for a page, I go to the page, press Cmd-L (to go to the location bar) and type “is” and press enter — and instantly have a short url. This works for any javascript bookmarklet.
7. Fast online bookmarking. Beyond creating keyword bookmarks for common sites, searches and bookmarklets, I like to bookmark resources and pages to be read later using online tools. In the past I used Delicious (for bookmarking resources) and Instapaper (for reading something later), but these days I use Pinboard (by the writer of the excellent blog, Idle Words). It’s in beta, but it’s fast, and has both bookmarking and to-read features. Using a service like this allows me to access my bookmarks from any computer.
8. Block Flash. Adobe’s Flash format is everywhere on the web these days — popular sites like YouTube depend on it for video, and you’ll find it in ads everywhere, and some entire sites are built on Flash. It’s annoying, frankly. Flash is slow, and I prefer to turn it off by default … but have the option to turn it on if I want to watch a YouTube video or something. In Camino, it’s simple — just turn it off in the preferences. In other browsers, you might need a plugin or extension to turn off Flash but give yourself the ability to turn on Flash elements with a click.
9. Distraction-free reading and videos. I love reading without the distraction and clutter of most sites. So I use two bookmarklets: Readability for reading articles, and Quietube for viewing videos.
10. Turn off most extensions. Firefox is great for all its amazing extensions, but if you use a lot of them they can cause the browser to get slow and bloated, and often buggy. So when I do use Firefox I turn off almost all extensions (except Google Gears for offline access), and on Camino I use none. It makes for much faster browsing.
11. Don’t have a million tabs open. This is a common web-surfing mode for a lot of people, but it slows down the browser. I tend to open lots of tabs at times, but when things get too cluttered I bookmark them for later reading (using Pinboard) and then close the tabs, so I have only two or three open at any time.
12. Clear most of your toolbars. I like minimal toolbars, so I turn most of them off on the browser and remove most buttons, so the content is all there is.
13. 1password or KeePass. Good tools for easily storing all your passwords — otherwise, you’ll either have to remember them all or use the same ones over and over (not very secure).
14. Tuning out the Internet. When I need to do serious work, I try to remove distractions by closing the browser to do actual work. If I find myself opening the browser too much, I’ll use a utility (such as Freedom) to shut off the Internet altogether.

What are your tips for fast, minimalist web browsing? Share them with me on Twitter. And if you liked this post, please bookmark it on delicious.

we build websites that make you happy.
get to know us.

Email: hello@silex.co.in Web site: www.silex.co.in
Phone: +91.44.4314.4790

HOWTO: Jak się logować do SAP nie wpisując ręcznie użytkownika i hasła przy użyciu programu KeePass w Windows.
Program może automagicznie wpisywać dane na podstawie nazwy okienka. Działa to nie tylko z SAP GUI.

1. Ustawiamy pokazywanie większej ilości informacji w nazwie okienka SAP GUI – ID systemu, nr okienka, mandant. Jest to potrzebne, aby KeePass mógł rozróżnić do jakiego systemu się logujemy.
   Wygląda to tak jak na obrazku poniżej i może się przydać nie tylko do wypełniania hasła:
   
   

   SAP KeePass - dodatkowe informacje w tytule okna

   Uzyskujemy to wprowadzając do rejestru odpowiedni wpis w opcjach SAP GUI:
   REG ADD "HKCU\Software\SAP\SAPGUI Front\SAP Frontend Server\Administration" /v ShowAdditionalTitleInFo /t REG_DWORD /d 0x00000001 /f

2. Pobieramy darmowy (opensource) program KeePass do zarządzania hasłami. Można pobrać wersję portable – nie trzeba jej instalować, wystarczy rozpakować i uruchomić.
3. Gdy już mamy uruchomiony program KeePass i skonfigurujemy do swoich potrzeb, ustalamy dodatkowo w opcjach klawisz, który będzie wywoływał wypełnianie danych logowania (Global auto-type):
   
   

   Ustawienia globalne Auto-type

4. Dodajemy sobie konto a następnie dla wpisu uzupełniamy parametry Auto-Type (zakładka Auto-Type):
   
   

   Ustawienia Auto-type dla konta

   
   
   Na okienku powyżej jest ustalone, że gdy nacisnę domyślny klawisz wywołujący działanie Auto-type w okienku, które ma w nazwie „DAM” oraz „SAP”, KeePass uruchomi sekwencje {USERNAME}{TAB}{PASSWORD}{ENTER}, a to spowoduje zalogowanie się do SAP używając danych dla konta.

Więcej informacji na stronie dokumentacji KeePass.

dotEXE – KeePassX adalah salah satu software penyimpan dan generate password yang telah lama kami pakai. Software ini Free, Open source, ringan dan mudah digunakan baik di Linux maupun Windows, bahkan Mac sekalipun. Sebenarnya KeePassX sendiri dulu dirilis dengan nama KeePass/L for Linux, namun sejak porting untuk Windows sudah aktif dan massive dikembangkan, maka komunitas pengembangnya mengganti nama softwarenya menjadi KeePassX Password Safe.

KeePassX sendiri menawarkan fitur generate password dengan mudah dan aman. Generator passwordnya sangat mudah diatur ulang, cepat dan mudah digunakan. Bagi anda yang berurusan dengan generate banyak password, software ini sangat kami rekomendasikan.

Databasenya yang komplet baik itu metode enkripsi dengan AES atau Rijndael atau Twofish dengan key 256 bit sekalipun sudah ada. Selain password dan username yang bisa anda masukkan, anda juga bisa memasukkan informasi-informasi tambahan lain sesuka anda. Password yang dihasilkan oleh KeePassX sendiri kompatibel 100% dengan yang dihasilkan KeePass Password Safe.

Instalasi

Untuk distro Mandriva 2009.1 sendiri anda dapat menginstalasikan KeePassX dengan:

#urpmi keepass

Untuk versi Windows (dengan nama resmi KeePass Password Safe):

• Versi Portabel (ZIP) : http://downloads.sourceforge.net/keepass/KeePass-1.16.zip
• Versi Installer (EXE) : http://downloads.sourceforge.net/keepass/KeePass-1.16-Setup.exe

Referensi

Official Web KeePass: http://keepass.info/

KeePass (Wikipedia): http://en.wikipedia.org/wiki/KeePass

Official Project Page at Sourceforge.net : http://sourceforge.net/projects/keepass/

Da ich auch gerne auf meinem iPhone meine Passwörter hätte habe ich heute mal den AppStore durchsucht und bin dabei über 1Password gestoplert. Das Teil kostet zwar Geld, sieht aber ganz gut aus.

Leider hat die Sache einen Hacken, ich verwende aktuell das Open Source Programm KeePass um meine Passwörter zu verwalten. Nun kann man die Passwörter nicht einfach exportieren und wieder importieren. Daher müßte ich die Desktop Applikation 1Password kaufen ($39,99), denn die Passwörter auf dem iPhone eingeben ist doch etwas schwierig.

Also hab ich einfach mal nach einer iPhone App von KeePass gesucht. Die gibt es wohl auch und nennt sich iKeePass, leider kann man sie noch nicht im AppStore finden, da sie seit Monaten nicht von Apple freigegen wird. Mehr dazu findet Ihr in diesem Blog.

It turns out, it is “really-really-ridiculously” easy to create your own U3 applications! The good folks at eure.ca have made available a tiny application named “PackageFactory” that does this magic (free of cost!).

Note that the application you are trying to convert to U3 must be self contained. i.e., It should not depend on the registry and/or be tied to absolute directories. Applications that are built for PortableApps are therefore excellent candidates for conversion to U3.

(Please be aware that you can create a “thinstall” of ANY application.. and then convert the resulting .exe file into a U3p file using PackageFactory!).

Here’s an example of how you can use PackageFactory to create a U3 version of the wildly popular password storage tool KeePass:

1. Download and install PackageFactory

2. Download the Zip package of the latest version of KeePass (ver 2.08 as of this writing) from the KeePass website

3. Extract all the contents of the downloaded zip file into a folder on your computer:

4. Launch PackageFactory :

5. Drag and drop the KeePass.exe file from the downloaded folder into the area marked for the purpose on the PackageFactory screen. Add/Edit the Program name and description fields as required, and then click on the “Create” arrow:

6. The program then creates a .u3p file and prompts for a location to store the newly created file.. Select your desktop, and hit the “Save” button.

7. Click on the U3 icon on your taskbar. Then, click on “Add Programs” and select “Install from my Computer”:

8. In the “Open File” dialog box that pops up, select the keepass.u3p file that you created (Step 6)

9. This will create the necessary scaffolding on the portable/USB device for “Keepass” … note that the application is still not ready to launch .. We have not yet added the required support files.

10. Navigate to the System/Apps folder on your U3 device, and locate the folder containing the KeePass.u3p file(This is a hidden folder.. so, you may need to update your folder options to show hidden files). It should look like:

11. Copy the remaining KeePass support files from the extracted Zip file into the “Data” subfolder (K:\System\Apps\60F08E21-C250-4FDD-A804-CA25DD2892E2\Data in my case). Finally, the folder should contain ALL the files (and folders) that were present in the Un-Zipped (step 3 above):

That’s it! You should now be able to launch KeePass from your U3 Launch applet!

Tip: You can actually convert the PackageFactory application into a U3 file using the same process and keep it handy on your USB device for future projects

7월 5일 릴리즈 되었으니… 시간은 좀 되었군요.
어쨌든 KeePass 2버전 beta를 떼고 정식 릴리즈를 했군요.

KeePass 1버전을 USB로 넣다니기 불편하고 해서 LastPass를 사용했었습니다.
LastPass는 Firefox Addon과 IE 플러그인으로 두 브라우져에서는 불편이 없는데요.

Chrome, Safari 와 다른 어플리케이션의 로그인 할때는 불편함이 있더군요.
( Chrome, Safari에서는 LastPass의 Bookmarklets을 사용하면 그런데로 웹서핑에는 불편 없이 사용합니다. )

KeePass를 쓰면 좋은점은 역시 데이터를 직접 가지고 있는게 보안적으로 마음이 안정되는 겁니다.
LastPass의 웹만 있으면 된다는 편리함도 있기 때문에 당분간 둘을 같이 쓸것 같습니다.

리눅스에서 KeePass 2버전 실행은 잘 됩니다.
KeePass 2버전이 .net 프로그램이어서 mono를 사용해서 실행하면 되고요.

그런데 많이 아쉽게도 FTP기능이 아직 구현이 안되었다고 나오는 군요.
제가 1버전을 사용해서 손꼽아 기다렸던 기능인데요.

UI가 좀 어색한데 그것 조정하고 FTP가 되야 리눅스에서 사용하게 될것 같습니다~

- 끝 -

Очередной выпуск радио-т натолкнул меня на мысли о моих паролях, я сделал экспорт из FireFox и был удручён своей ситуацией, везде на всех сайтах он был один и тот же. Не думаю что у большинства ситуация другая. Раньше меня эта ситуация не сильно заботила, я всегда отвечал “кому я нужен”, но последнее время мне есть что терять, я не скрываю информации о себе в интернете и меня очень легко можно проследить на многих сайтах. Т.е. достаточно какому-нибудь не очень надёжному сайту который попросил у меня регистрацию для скачивания программы потерять свою не надёжную базу и всё, у меня нет почты (т.е. всех сервисов google), одноклассников и даже этого блога. Не так давно были уведены пароли администраторов с сервера qip, очень грустно глядеть что люди, которые ответственны за такую хорошую программу имели пароли 123456 и так далее. Одно радует, что мой великий пароль не подбирается ни словарём, ни быстрым перебором (10 символов как ни как).

В общем начал я искать в интернете упрощение своей задачи, очень жаль что не нашёл готового сервиса с клиентом, я бы даже заплатил деньги за такую услугу. Может кто знает, подскажите, погляжу. Пробовал много, нашёл даже сайт который может хранить пароли от всего, но у него нет клиента, а это для меня не маловажно. Хочется удобств. Отдаю идею в хорошие руки, думаю люди будут благодарны

Нашёл несколько ценных советов, один мне очень понравился. Если от вас не зависит пароль, допусти вам даёт его администратор и вам нужно каждый день им пользоваться, напишите его на мониторе (все так делают???), но добавьте туда символов или наоборот уберите парочку, вы ведь запомните пару лишних букв?

На данный момент я остановился на lastpass.com для FireFox и на KeePass для рабочей машины и коммуникатора. В процессе выбора подходящей программы, я сразу пробовал создавать и проверять как работает создание и запоминание, за что жестоко и поплатился. Когда я уже остановился на KeePass и решил что буду использовать её, я начал забивать сайты и менять пароли, потратил два часа времени и уехал на обед, а после обеда оказалось что я не помню пароль, точнее пароль я почти помнил, программа при создании базы просит ввести “основной пароль”, ну я его и написал, даже напишу его тут “’njvjqjcyjdyjfgfhjkm”, проблема была в другом, я не помнил его дословно и (я пишу в слепую) где-то на автомате поставил пробел, естественно где, я не помнил. Я даже ввёл подтверждение пароля с таким же одним пробелом. Короче мрак, все сайты уже там, включая почту. Подобрать просто не реально, такие пароли не подбираются

#yoASz1s@’}`9Yo
V?%y43}]Db_R9Fk
3d<iI!Rx3F.AB%^
+QJqv%amFeOn"Jm
^M<\fSu!@UVc3jz

Я был уверен что при создании я ввёл свой любимый пароль, но потом вспомнил что сначала экспериментировал с программой, а потом она так понравилась что я сразу забыл что это была тестовая база. Я даже с расстройства чуть не грохнул базу, но решил оставить до лучших времён. Лучшие времена наступили через пол часа, я разложил по полочкам что и как я делал и мне удалось открыть базу.

Основной программой у меня является KeePass, а lastpass просто запоминает сайты на которые я заходил и пароли, если будет какая-то чужая машина, то мне достаточно зайти на сайт и поглядеть пароль, а можно и плагин на время поставить, удалить не долго. LastPass можно использовать и в качестве основной программы, благо она умеет генерить пароли.

Ну и весёлая ссылка на последок, если кто ещё не видел.

Пентагон профинансирует разработку роботов-людоедов

Я даже вижу как робот-санитар, у которого начала заканчиваться энергия, откусывает ногу у раненного бойца, которого только что вынес с поля.

А как вы распоряжаетесь паролями?

As web workers, we are often asked to help friends and relatives fix computer problems. For me, the majority of these problems seem to be related to email. It’s ironic, as email is now less popular than social networks.

So why is email such a hassle?

• It’s more than 30 years old. Email has come a long way, but its underlying protocols haven’t changed much since the 1970s.
• It’s really three different systems. Sending (SMTP) and receiving (POP or IMAP) are totally separate functions, and are often handled on different servers. That’s why I often hear comments like “I can receive, but I can’t send” from clients.
• It’s being used for a lot of things it was never designed to do, like send images and attachments, highly formatted messages, signatures and calendar entries.
• It’s been overrun by spam, and even well-designed spam filters aren’t perfect, and cause unwanted side effects, like messages that get misidentified as spam, or just go away.
• Email software is too complex. These programs that were originally built for offline use; that is, they were set up so that users could read and write messages without being connected to the internet. Sending and receiving would happen in batches. That made sense when internet connections were slow, expensive and charged by the minute. Now that most people have always-on connections like cable or DSL, that process is less necessary. Desktop email client software is a pain to set up and use; as someone who helps many people with email, Outlook is the bane of my existence.
• Many of us connect to the Internet in more than one place — at work, at home, and on cell phones. It can be very frustrating to realize that we’ve left the message we needed to reply to at the office.
• Many of us have more than one email address. I try to keep my work and personal email separate, plus I have a series of email addresses that I use when registering on websites that might try to send spam. And I have several email addresses that were given to me, such as the ones that are automatically created when signing up for instant-messaging services like Yahoo, AIM and Windows Live/MSN.

What can be done to overcome these problems? Here are some tips that might help you and your clients and friends be more productive.

• Get your email on the web. Dump your desktop email software, and switch to Gmail/Google Apps (s goog) or another online provider like Yahoo (s yhoo). If your Internet connection is unreliable, Google Gears lets you work offline.
• Create a master inbox. If you have multiple email accounts, you can set up forwarding to receive and send email from one place.
• Use IMAP. If you need mobile access to your email, set up your phone software to use IMAP, not POP. By using IMAP, your messages will sync automatically in all of the places you check your mail.
• Use social networks. It seems like all of my friends under 30 don’t do email anymore, but they’re on Facebook a lot.
• Use instant messaging. For short, simple conversations, IM can be very efficient. In a few seconds, you can schedule a meeting or a lunch date. It’s much faster than email or phone conversations.
• Use file-sharing services for sending large documents. There are lots of such services, and new ones are popping up all the time, including Fluxiom and FileShareHQ. And Dropbox and the new Opera Unite service allow you to share files directly from your computer.
• Organize your electronic communications. Celine wrote about this recently, and I’ve talked about it, too.

Oh, and one more:

• Remember your passwords. This is obvious to you and me, but I’ve heard “I didn’t know I had a password” way too often. Online services like LastPass, or programs like 1Password, SplashID, or the free KeePass (Windows and phones; also available for Mac and Linux) can be lifesavers.

How do you keep email simple?

Image by stock.xchng user chris27.

How many passwords you use? Take a guess – 5 maybe, or 10?

I counted mine today and came up with 30 – if I spent the time I could probably come up with more:

• Desktop computer
• Laptop computer
• Email
• Blog
• Twitter, LinkedIn, Facebook
• Online news and blog reader
• Online newspaper subscription
• Back issue archive for trade magazine I write for
• Google, for Google Groups and Blogger
• Online writers’ group no. 1
• Online writers’ group no. 2
• Online bookmark service
• Technorati, Digg, StumpleUpon
• Bank No. 1 PIN number
• Bank No. 1 online bill pay
• Bank No. 2 PIN number
• Quicken
• Investment company for SEP-IRA
• Online bookstore
• Online grocery service
• Online grocery e-script fundraising program
• Online movie ticket service
• Online travel service
• Anti-virus software website
• Multiple airlines
• Doctor’s office online medical records account
• Cell phone PIN number
• High school website, for accessing son’s grades
• Online grade school lunch order service

No wonder I can’t remember the combination to my locker at the gym.

What does this have to do with writing? Directly, nothing. Indirectly, a lot. The more time you spend on work-related administrative tasks like logging into research archives, blogs, bookmark services, etc., the less time there is to do any actual work.

If you’re a blogger, or you use social networks like Twitter or Facebook to crowdsource, promote your work or connect with editors, think of the havoc a hacker could wreck on your files and your reputation by breaking into one of them and sending out tweets in your name, spamming your connections with a virus or corrupting your old blog posts.

If you work on a laptop, think of what could happen if it was lost or stolen.

So, ya, passwords are important.

How do you remember yours? Some I keep in my head. Some I keep in my contact manager, which isn’t the safest thing to do but it’s the lazy woman’s way.

Do you change passwords? If you’re like me, probably not often. Some I’ve had for years. Some I’ve changed once or twice. Some I change a lot – my Twitter password, for example, especially in light of what seems like a growing number of phishing attacks there.

I use Quicken’s password vault feature so I can log onto multiple investment accounts at once for updates without having to type in the individual PIN number for each – that’s handy.

But other than that, I’m due for a major password overhaul. So I’ve been reading up on password managers. Here’s a few worth apps considering:

KeePass – In a poll last year, readers of Lifehacker, the tech-savvy guide to getting stuff done, picked this open-source password manager as their favorite. Others mentioned: RoboForm for Windows, and 1Password for Mac.

Passpack – WebWorkerDaily gave this a thumbs up for storing multiple passwords in one location, automatically logging you into websites and some extra security features.

For Apple computers – The Apple Blog recently shared this list of five password managers for Apple hardware, including 1Password.

Picking passwords – Don’t use your dog, your address or your maiden name. Here’s other tips from YourSecurityResource.com, an Internet security site I write for on a regular basis (though not this story).

What’s your password protection?

A Linuxok egyik kényelmes funkciója a csomagkezelő, amelyben egyetleg listából választhatjuk ki a telepítendő alkalmazásokat. Roppant mód leegyszerűsíti a telepítés menetét. Kényelmesebb még az OS X Applications mappájába történő “dobálásál” is, pedig az már tényleg az egyszerűsítés netovábbja.

Nos, Windowson is elérhető egy hasonló program, amely amellett, hogy kényelmes telepítés tesz lehetővé, ráadásul csupa ingyenes alkalmazást érünk el belőle.

Az AppSnap így Windowsos csomagkezelőnek is tekinthető. Egyetlen felületről, részletes listából, pillanatok alatt telepíthetünk, akár egyszerre több programot is. Az eltávolításuk is megoldható, ugyanígy.

Az ingyenes felhozatal olyan nevekből áll, mint az AbiWord, a FlashGet, a Free Commander, a KeePass, a DeepBurner vagy éppen a Launchy. És ez persze nem a teljes választék. Segédprogramoktól a játékokig minden van benne.

A már telepített szoftverek verziófrissítését is elvégezhetjük az AppSnapól, így még ehhez sem kell felmásznunk az internetre egy böngészővel és keresgélni.

Sitting back and relaxing on my paid leave for four weeks is not in my plan at all. Even though semester two doesn’t begin until June, I have a lot of preparation to do. Today I made an appointment with the course counselor at AUT, as I need to ensure that the papers that I’m intending to do at Auckland University will be suitable for entrance to the Master of Forensic IT (MFIT) postgraduate course once I graduate. I’d hate to spend three years studying at Auckland Uni just to find that my academic transcript is not going to help me secure a place on the MFIT programme at AUT.

I have also been working on my LinkedIn profile today, and have gained my first network contact. Aaron Bhashkar of Soft Solutions has added me. He was a software vendor back when I started in the computer industry. I hope to get a lot more contacts in my LinkedIn network and maybe even get some recommendations. I have added many of my previous positions from both my time in the computer industry and in the security industry, so hopefully I’ll gain some recommendations to boost my reputation on LinkedIn.

Also today I’ve been posting the question, about whether I need to study Law as part of my undergraduate programme, on some security and forensics forums. I have posted on Forensic Focus, security-forums, and Computer Forensics World. I hope to get some good advice about my study options before I go to the course counselor on Friday.

I try to ensure that I am as prepared as possible for my studies, and I have spent some time today building a collection of book titles related to computer forensics, using Google Book Search. Later I will also create a list of articles using Google Scholar. By the time I begin my studies I will have a good collection of reference material that I can call on. I will be reformatting my 2Gb thumb drive and loading it up with my PersonalBrain data and my KeePass password database, two essentials that I can use both in Windows and Linux. I use The Brain to keep track of all my information, linking course information, reference material, class timetables, and favorite websites all in a single graphical “mind map” environment. I use KeePass as a secure repository for all my passwords. There is just so much to prepare, and I only have four weeks to do it.

I recently returned from a month’s holiday in New Zealand. As a one-man software company I still have to check my email every day, even on holiday. Here are a few tips from my experiences of running my business from a laptop whilst travelling.

Laptop

In theory you can run your business from a Blackberry or a mobile phone that supports email. But it is impossible to answer some support emails if you can’t run your own software. So I took a Toshiba laptop PC with a 13 inch screen with me. I find a 13 inch screen is a good compromise between portability and ease of use. Much bigger and it would have been too bulky. Much smaller and I would have struggled with the screen and keyboard.

The laptop contained my licence key generator and customer database. I owe it to my business and my customers to keep these secure and the Windows password is no protection at all if someone gains physical access to  your machine. So anything sensitive was encrypted using the free Truecrypt software. Whenever I brought the laptop out of hibernation or restarted it I just had to type the password to mount the Truecrypt volume as a virtual drive[1][2].

I took a combination laptop lock, but I rarely used it. The problem with laptop locks is that the only things strong enough to secure your laptop to are usually in plain view, and a laptop left in plain view is a bit of an invitation. Locked or not. I am also not convinced how strong the laptop security slot is. I suspect an attempted theft would wreck the laptop, even if it wasn’t successful. So I generally prefer to keep the laptop with me or hide it somewhere a crook wouldn’t think to look. I have since found out that laptop locks aren’t even very secure (see here and here). There are still occasions when a laptop lock is better than nothing though. Incidentally, don’t rely on that padlock on your hold baggage either.

The laptop was also invaluable for playing Thomas the Tank Engine DVDs (using Windows Media Player) to keep my little one occupied for part of the very long flights and for backing up photos from the digital camera. I also took a universal power adapter.

Laptop bag

I have a traditional Targus laptop bag with a shoulder strap. But I have found this uncomfortable for carrying a laptop any distance due to the uneven distribution of weight. It also makes it extremely obvious that you have a laptop. A fact I would rather not advertise.

For this trip I purchased a Swissgear Hudson laptop rucksack from Swiss Army knife manufacturer Wenger. It was much more comfortable to wear with the weight distributed across both shoulders and left both hands free for dealing with passports, boarding passes and a bored two year old. It was small enough to take on to an aircraft as hand luggage, but surprisingly spacious. It also had some useful extras, including: a carry handle, a breathable back and a compartment for an MP3 player. I was impressed with the quality of the construction and finish. My only quibble is that there wasn’t as much padding around the top and bottom of the laptop as I might have liked. So I wrapped my laptop in bubblewrap for additional protection. But on the whole I would recommend this bag highly for travelling.

Back-ups

As well a backup on DVD I also took a 2 Gig USB memory stick that contained everything I would need should my laptop malfunction or be stolen. This included copies of my licence key generator, customer database and various passwords. All the sensitive files were encrypted using the free Axxcrypt software, except my passwords which were encrypted using the free Keepass software. The memory stick also stored various third party software installers (including Axxcrypt and Keepass). I kept the memory stick on a lanyard around my neck when I wasn’t sleeping.

I also stored an additional encrypted back-up on a secure server.

Internet access

Trying to find holiday accommodation that was the right size and budget, in the right location and free at the right time was problematic. Insisting on broadband Internet as well was a step too far. I also wasn’t keen on relying on broadband at accommodation. What if it didn’t work? Relying on Internet cafes seemed an even worse idea. What if I couldn’t find one? And the security issues of using Internet cafes are very real. So I needed my own mobile Internet access.

The roaming charges for using my UK three networks mobile Internet in New Zealand are an outrageous £6/MB. Vodaphone has more sensible roaming charges for some plans, but I couldn’t justify the high monthly price for the occasional trip abroad. So I tried to find a company that would rent me mobile data access in New Zealand for a month, without success. In the end my brother-in-law very kindly sorted me out with a USB mobile modem and a 1GB/mo data plan with Telecom New Zealand. He picked the modem up cheap second-hand on trademe.co.nz and the data plan was of the order of $70NZD/mo, with no minimum term. So, rather than paying >£1000, I ended up paying about £50 (thanks Derek!). There is definitely a business opportunity for someone there.

I am glad I didn’t rely on broadband at the accommodation. It turns out that most of the New Zealand ISPs have restricted SMTP access to prevent spam. So I could receive email via IMAP when plugged in to an xtra.co.nz broadband cable, but I couldn’t connect to their SMTP server to send email. Thankfully I didn’t have this problem with the mobile broadband or I would have been stuck with webmail for a month (the horror!).

Mobile coverage is patchy outside the bigger cities in the South Island of New Zealand, due to the low population density (sheep can’t afford broadband). But I was able to get some sort of signal everywhere we stayed. This might have been helped by the aerial attached to the mobile modem. During the month a I used approximately 40% of the 1GB allowance. I could have used quite a lot less, if necessary.

Stopping over in Singapore I just purchased wifi access from the hotel. It was quite expensive, but I didn’t need it for long. Wifi and hardwired Internet access are available for free in Singapore airport (I couldn’t get the wifi to work, so I just plugged in a network cable).

Conclusion

Running an Internet-based business while travelling isn’t that difficult, with a bit of planning. I doubt my customers even realised I was on holiday. What are you waiting for?

PS/ New Zealand is lovely.

[1] Truecrypt can also encrypt the whole OS, but that seemed excessive for my requirements and I wasn’t sure what impact it would have on performance.

[2] If Truecrypt is so easy to set-up and use, why is it apparently beyond the capabilites of the UK government to encrypt sensitive data?

Photo of Airbus A380 by Claire Brice

Lodur over at Matticus’s post about password safety got me thinking. Parts of my day job involve computer security, so I’m going to go over some of the basics and tell you all what I do.

First off, as Lodur said, using a word for your password is bad mojo. Account crackers have virtually unlimited means to guess different words or combinations, and if you use a word in the dictionary, chances are they will eventually guess it, log in, shard all your gear, sell the shards, and move your cash to one of those gold spamming characters.

Next issue is how often you use your password. If your comment login for wowinsider is the same as your WOW login, all it takes is for a blogger to make a mistake and your password becomes essentially public. Bloggers make mistakes- we started blogs, didn’t we? More to the point, every site you re-use a password on is another vector for someone to get the keys to your whole online life.

After password re-use and password guessability, your largest risk is only a risk if you take it: sharing your account. I don’t care how cool your brother is. If you give him your password, he’s statistically most likely to burn you. Maybe not deliberately, but statistically. I’m going to be called a jerk for this one, but nobody, not even my beloved wife, knows my password. I would take my trust in her intentions to the grave, but if a mistake is made and my account gets ruined, I want it to be MY mistake. Never share a password.

Another issue is stagnancy. If you have a completely private, hard to guess password that you only use for WOW, but you haven’t changed it since 2004, you’re risking your account. The chances of some long shot hack in any given month are rare, but the longer it’s been since a password change, the more likely you are to be on some hacker’s list of accounts with known passwords.

That’s the theory, onto the practical stuff. What can you do to alleviate some of these issues? First off, memorizing multiple hard passwords is something only autistic savants can do. Create a weak stupid password you don’t care about, and use that to comment on wowinsider. More importantly, categorize all your logins by how important their security is.

Now all the logins you really need to keep secure should have unique unguessable passwords. How can you do that? The miracles of open source software come in here: go get Keepass from sourceforge.

Keepass is a wonderful little tool that gives you a master key to your online life. You create a key file, and you can add logins to it. It’s not something you want to use for really high importance stuff (online banking, paypall, etc) but for something like WOW, it’s ideal. Please note- this will not help you with some of the vulnerabilities I outlined above. You still have to change your public passwords once in a while, and never share them in order for this to be worth it. Some other helpful hints- there’s an option for the program to clear your clipboard once you’ve pasted the password. Enable it, but be aware that it won’t work if you have some other sort of clipboard manager program. This helps avoid keyloggers and clipboard scanners. It’s not perfect, but it puts you in the top 1% hardest to crack accounts, and that’s good enough for me

The important thing about keepass is that your master key should be hard to guess, and never used for anything but the keepass database.

Making this one hard to guess password is important- what I suggest to do is take two words you can remember, interleave the letters, and add two numbers in random positions. So, “dps” and “scrub” become “sdcprsu65b”  It’s going to be hard to remember this, so practice typing it out for a few minutes once a day for a few days.

Once you have a keepass file created, creating a key is easy. Just click on the “new” button. Here’s a sequence of screenshots for the process:

This is the box you get when you create a new login. The only thing you need here is to click “gen”, however putting a title will help you remember whether this is your WOW or WordPress account.

This is the cool part! Every password will have restrictions. I don’t know what they are for WOW as they only publish the minimum requirements, however I am assuming they accept letters, numbers, the “_” and “-” characters, as well as special characters. If they don’t, just untick whatever box they don’t support. Every site everywhere should accept numbers and letters though. As for the maximum length, go wild. Put as many characters as you want, but for all intents and purposes, anything above 16 is unbreakable except by the NSA. My Google password has over 30 characters. Collecting entropy I’ll explain later, so click on “generate”.

Here you’re going to do something called “seeding”. Generating a random number is something humans are terrible at, and something computers are incapable of. Pseudo-random numbers, however, serve our purpose.  Pseudo random number generators will always generate the same random sequence of numbers with the same “seed”. If your “seed” number is sufficiently random and unguessable, the number generated by the pseudo-random number generator will be actually random. Why is this important? For WOW, it isn’t. For the NSA, they know all the good pseudo-random number generator algorithms, and can often infer patterns if the same seed is used more than once. Solution? Collect entropy! Click on “use mouse as random source”, then wiggle your pointer for all you’re worth over that dot pattern. Unless you’re really precise, you won’t even know what random seed the program will get from this!

Once you’re done, you’ll have this screen. The highlighted part tells you how strong your password it. Green is good. The number of bits is basically based on the number of characters you picked. Here’s the one I generated to take these screenshots: “hK6FrE;zjkfy*Y=(4″8S”. Dictionary attack that, stupid gold farmers!

Next up- the blizzard authenticator. The only time this will help you is if someone has your login, but not the key fob (the little code generator they ship us). This means that you can use it to restrict friends who you’ve shared your login with from using your account, but you shouldn’t be doing that anyways. Other than that, the authenticator is useless. Anyone good enough to crack your password can probably crack your home address, phone number, or email, and as far as I know, that’s all Blizzard needs over the phone to deactivate the requirement for the authenticator. This is called a “back door” and is used to make the system more usable- imagine how horrible you’d feel if you lost your authenticator and had to start a new account. Unfortunately, it’s also what makes the system next to useless.

Okay, well I’m going to go and soak my fingers- I think this might be the longest post I’ve written thus far. I’m sure I missed some stuff too, but I’ll be responding to comments as the come, so ask away.

Using a password vault or a password safe can provide some ease and can simplify our lives nicely. However, what is the point of saving all these passwords when we can just type it in – or use Firefox or Opera to do it for us?

Let’s look at several and consider what they offer – and the hidden surprise that makes them most valuable. There are several that are worth considering depending on your environment – Apple’s Keychain, GNOME’s Keyring, KDE’s Kwallet, KeePass and KeePassX, and Passpack. The first three belong to that set of tools that provide for password vaults that are unlocked when you log into your computer. As long as you are logged in – and perhaps only until the screen saver kicks in or you log out – these tools will be active and your passwords automatically available.

KeePassX is part of a small set of tools that provide this capability, though in a cross-platform way.

Lastly, PassPack is an online password vault which is easy to use and provides for exports to other systems like KeePassX and its ilk.

What is it that provides a surprisingly high level of security with the use of these vaults? Simply this:

You can generate random passwords of arbitrary length that you need not even try to remember.

This is very powerful. Passwords no longer need to be memorized: so why try? The passwords can be generated by the associated password generator, and then copied or otherwise placed into the password field of whatever process is requesting authorization.

There is no pattern which makes it easier to crack – no combinations of words, numbers, etc – just pure randomness (or as close as one can get on a non-random entity like a computer).

Once you have a tool like a password manger in place, you can use a different password – a random password – for every site and every location that a password is needed.

I recently purchased a U3 usb drive (Sandisk U3 cruzer micro). Other than the fact that it is windows only, I am quite happy with it (I tried it on Ubuntu 9.04.. Absolutely nothing happens!.. no mount, no LED light.. nothing..bummer). The drive comes with a password management program called ‘SignupShield’.. Unfortunately, this is a trial program and imposes restrictions (limited number of passwords, reduced functionality etc) after its trial period… Another weird thing about it is that it ‘phones home’ upon startup.

Here is an excellent description of free/opensource password managers:
http://www.purdue.edu/securepurdue/pswdManager.cfm

I finally settled with PasswordSafe. Very convenient and works as expected.

Update 08/02/09

I changed my default password manager to KeePass V 2.08.. (The export/import process was a little tideous.. but totally worth it!) I prefer it to passwordsafe for the following reasons:

1. Very slick user interface.. Much more polished than passwordsafe and allows icons to be assigned to groups and items. The UI is very customizable as well (Fonts, columns, views etc)
2. Awesome global auto-type feature. If Keepass is running on the system, it creates a global hook (Ctrl+Alt+A) in Windows. If you type in this key combination in a window that is identified in the keepass database (by title), it automatically types in the username and password!
3. Multi-user support
4. Ability to sync to a keepass database on a shared/network drive
5. Excellent import/export options