With the hundreds of usernames and passwords, every typical Internet user has to remember, it is necessary to use a Password Manager. A typical Password manager is an application with a secure database that will store and retrieve hundreds of Usernames and Passwords with one key “Password“. Most of these tools have a high level of security measures ensured to protect the passwords stored, both from in-memory and from-disk attacks.
I have been initially using Password Safe, then moved to Plural Sight’s Keith Brown’s Password Minder that we extended in Vishwak. Password Minder was not managed by a community and we also didn’t want to commit resources to keep the project alive – earlier 3 years back Password Minder filled a vacancy neatly. As a result, the application has bugs that need to be fixed in our extension and poor Windows Vista compatibility. In Open-Source now you have lots of Password Managers which have more features, work across platforms, and offer better security – most importantly they have vibrant communities behind them that keep the projects updated regularly.
I weighed between the choice of committing resources to fix Password Minder or moving to a new application. In the end, I decided to move. After evaluating many products, I have ended my search with KeePass. This is a perfect Password Manager that offers state-of-the-art security, works on multiple platforms (Windows, Windows Mobile, Linux, MacOS, J2ME, PalmOS) and is very easy to use.
I still run Password Minder, but every time I need to access a site that is in Password Minder I first recreate it in KeePass, and delete it in Password Minder. This way I hope to fully move to KeePass in a few weeks.
Update 2021: I have moved to a fork of KeePass, called KeePassX which is faster, and more active yet is compatible with the KDBX database file of the original KeePass.
Hi Venkat,
You might want to try out pwdhash (http://crypto.stanford.edu/PwdHash/). It’s a firefox plug-in that converts the password you type into a hash value based on the domain name of the site at which you are trying to login. The cool part is that this enables you to type the same password everywhere. If the computer you are running on does not have the plug-in installed, you can get the hash from a secure web page and paste it into the form.
Ranga
You can also try EWallet from Ilium Software (www.iliumsoft.com). It’s a paid product but has versions for Windows, Palm, Windows Mobile and Symbian. It not only does passwords (and has a great password generator built in) but also lets you store other sensitive information such as Credit card info, ATM, Passport and all other sets of stuff. The best part is that it autosyncs with the mobile device version if installed which makes it great. Go to an ATM, change your pin, enter in into the EWallet on your mobile device and it syncs the next time you connect mobile to PC.
Kiran:
1) The Keepass has a 3rd Party addon Toolbar that integrates with IE/Firefox and makes it easy to type in passwords. But personally I like to run minimum add-ons so I haven’t tried it. It doesn’t take that much time or effort to right click in Keepass, copy and paste the passwords :-)
2) The Open source makes it sure that there is no hidden paths in the application that can transmit your information some where. And at the same time, how many of us will care and have the time to go through the code to verify it!
Venkat –
A layman’s query (ies)
1. When you use KeePass does it automatically use the login and password to give access – for example if i have a hotmail account and i store the details in the database – when i go to the hotmail site, does it automatically pick the result?
2. Being open source – is it secure? I mean it’s login and passwords we are talking about?
Thanks