Password Manager – KeePass
With the hundreds of usernames and password every typical Internet user has to remember, it is necessary to use a Password Manager. A typical Password manager is an application with a secure database that will store and retrieve hundreds of Usernames and Passwords with one key “Password“. Most of these tools have high level of security measures ensured to protect the passwords stored, both from in-memory and from-disk attacks.
I have been initially using Password Safe, then moved to Keith Brown’s Password Minder that we extended in Vishwak. Password Minder was not managed by a community and we also didn’t want to commit resources to keep the project alive – earlier 3 years back Password Minder filled a vacancy neatly. As a result the application has bugs that needs to be fixed in our extension and poor Windows Vista compatibility. In Open-Source now you have lots of Password Managers which have more features, works across platforms, offers better security – most important has vibrant communities behind them that keeps the projects updated regularly.
I have weight between the choice of commiting resources to fix Password Minder or to move to a new application.In the end, I decided to move. After evaluation of many products, I have ended my search with KeePass. This is a perfect Password Manager that offers state of the art security, works on multiple platform (Windows, Windows Mobile, Linux, MacOS, J2ME, PalmOS) and very easy to use.
I still run Password Minder, but every time I need to access a site that is in Password Minder I first recreate it in KeePass, delete it in Password minder. This way I hope to fully move to KeePass in few weeks.
4 Comments
ranga
Hi Venkat,
You might want to try out pwdhash (http://crypto.stanford.edu/PwdHash/). It’s a firefox plug-in that converts the password you type into a hash value based on the domain name of the site at which you are trying to login. The cool part is that this enables you to type the same password everywhere. If the computer you are running on does not have the plug-in installed, you can get the hash from a secure web page and paste it into the form.
Ranga
Vinod Unny
You can also try EWallet from Ilium Software (www.iliumsoft.com). It’s a paid product but has versions for Windows, Palm, Windows Mobile and Symbian. It not only does passwords (and has a great password generator built in) but also lets you store other sensitive information such as Credit card info, ATM, Passport and all other sets of stuff. The best part is that it autosyncs with the mobile device version if installed which makes it great. Go to an ATM, change your pin, enter in into the EWallet on your mobile device and it syncs the next time you connect mobile to PC.
Venkatarangan TNC
Kiran:
1) The Keepass has a 3rd Party addon Toolbar that integrates with IE/Firefox and makes it easy to type in passwords. But personally I like to run minimum add-ons so I haven’t tried it. It doesn’t take that much time or effort to right click in Keepass, copy and paste the passwords :-)
2) The Open source makes it sure that there is no hidden paths in the application that can transmit your information some where. And at the same time, how many of us will care and have the time to go through the code to verify it!
Kiran
Venkat –
A layman’s query (ies)
1. When you use KeePass does it automatically use the login and password to give access – for example if i have a hotmail account and i store the details in the database – when i go to the hotmail site, does it automatically pick the result?
2. Being open source – is it secure? I mean it’s login and passwords we are talking about?
Thanks