Wednesday, January 18, 2012

Organize Your Passwords: KeePass Review

I recently received an email from Zappos informing me that a hacker had gained the account information of 24 million of its customers.  EEK!  From their end, Zappos had things under control.  Their software was good, kept costumer passwords scrambled and didn't show all of the credit card number.  In the email, Zappos customers are instructed to login to their Zappos accounts and change their passwords... as well as change passwords at other websites where they use the same email address and password.

So, this brings up a very important issue.  We all know that we should never ever, ever use one password for everything.  What happened to Zappos is just one reason why.  But, many argue that it is just too hard to remember all those passwords for all those accounts.  (I've got over 162 accounts out there orbiting in cyber space.)  Enter KeePass Password Safe.  If you don't have a program to keep your passwords safe, you might want to give KeyPass a try.  It is free and uses open source code.  It can be as powerful or as simple as you want it to be.

My Review:

I've been using KeePass for over a year now.  Previously I had used SplashID to keep my passwords organized and safe.  However, SplashID isn't free after various version upgrades, I had to shell out more $$ if I wanted to continue using it.  I chose KeePass as my free alternative because it could import my files from SplashID.  The importing wasn't seemless, but all the data did make it from SplashID to KeePass.  I had to move information from one field to another which was a big project (still working on it) but it was better than having to start from scratch.

Now, for using KeePass.  This is where it can be as simple or as powerful as you want it to be.  In order to access KeePass, you can set up a master password or key file that will unlock your passwords for access.  I chose to use a master password simply for ease of use.  A key file is likely more foolproof, but I'm not the Pentagon and I think I would likely mess up the key file and loose all access to my information.  The key file can be any file you choose, but you have to make sure you never change it, otherwise it will not open KeePass.  Now, KeePass is a very lite program; you can easily put on a USB drive (with a key file if applicable) to use anytime, anywhere.

For the first few months that I used KeePass, I just used it to look up my usernames and passwords as well as to input new account information along the way.  I didn't use any of the bells and whistles.  For organizational purposes only, KeePass is great.  Recently, however decided to try out those bells and whistles, and the nerd in me came out.  It's so FUN!  KeePass allows you to drag and drop your username and password from KeePass to your web browser.  No typing needed.  If that doesn't make you feel like royalty already, there is more!  From KeePass, you can select the account you want to access, and automatically open up a browser with the account's URL.  Then, use KeePass's "Perform auto-type" and what your username and password magically appear, all with just a few mouse clicks.  Brilliant.  You can even customize the keystrokes KeePass needs to make in order to auto-type everything.  It's fun, for me, but perhaps not for everyone.

But there is more!  If you hate coming up with strong passwords, you can use the password generator.  I love how I can set up the parameters for how long I wan the password as well as if I want it to have symbols or caps in it.  I use the generator for accounts that I don't use often, but need a good, strong password.

One more thing, KeePass users can easily print a master copy of  all the passwords to keep in a safe place (like a safe...heheheh).  All the instructions are found at KeePass's website.  I haven't covered anywhere near all the neat things KeePass is capable of, but, if you check it out and like it like I do, don't forget to donate to the cause.