On Passwords and Password Management

Well, what with all the Heartbleed shenanigans going on at the moment, there are many of us faced with the daunting task of changing all of our passwords. Just to be safe, plus it is good practice to change them at least occasionally, Y’know?

I have also seen people talk of various password management solutions. So I thought it was as good a time as any to mention what I use. When I was looking into solutions last year, I wanted something that wasn’t tied to any one single online service. yet I still wanted something that I could keep updated between multiple devices and platforms.

PWSAs such, I am using a system based around Password Safe, and a Mac/iOS derivative called PWSafe. I find it useful because of the following reasons:

  • The official site gives links to compatible apps on multiple platforms
  • Individual safes are encrypted, preferable with a secure/long passphrase.
    • Even if no encryption is perfect, it still beats a plaintext file, a nice open notebook, or post-its at the monitor.
  • Accounts can be stored in groups and subgroups.
  • By default, account details open with the password and notes fields masked out, to stop shoulder-snoopers. But you can toggle them to visible as and when required.
  • The main program and the compatible apps (the ones I’ve tried, anyway) allow the copying of any account (username, password, etc) to the clipboard for easy entry.
  • Passwords are cleared form the clipboard after a period of time.
    • PWSafe, at least, allows you to set the duration.
  • You can set an account entry to remember a certain amount of passwords, should you need it.
  • it gives a timestamp of when you created and last changed any given password.
  • Random passwords can be generated within the apps.

In addition to this, PWSafe can use safes that are either local to the computer/device or online via either iCloud or Dropbox. Or you can just manually copy the safe file between computers and devices.

As a primarily-Apple-based user, my own setup is as follows:

  • PWSafe on my Mac, iPad and iPhone.
  • Safes stored and synced via iCloud.
  • Periodic manual copy between the Mac’s local iCloud folder and my Google Drive folder.
    • Does require a bit of searching on how to locate this folder
  • Windows installation of Password Safe pointed at the Google Drive copy of the safes.

For anyone with an Android device, I was looking into this as well when borrowing an Android tablet recently. There is a Password Safe compatible app with an accompanying sync tool that, amongst other services, can talk to a Google Drive account.

Unless you are purely Apple based or purely on an internal system (where you could point/sync multiple computers to a shared network location) it does require a little bit of manual interaction to work across devices. However, it does give me the freedom of not being locked into one particular site. And the bit of effort needed is well worth the convenience of pretty relatively secure password manager synced between platforms.