Keeping a list of complex hacker-vexing passwords is an absolute must for every computer user’s security plan. It’s also a royal pain in the neck. As we visit more and more sites, we consequently collect more login credentials, making for a motley collection of username and password combinations. In a bid to save their sanity, some PC owners opt to use the same login information for every site they frequent. Others resort to recording all of their login information on a piece of paper or pasting it into a Word document. With insecure stop-gap measures like these for keeping track of the keys to your digital kingdom, you may as well send hackers your personal information via email and be done with it.
Fortunately, there is a free, easy-to-implement solution to all of your password-management woes. It involves KeePass—an open-source password manager—and Dropbox. Thanks to these two awesome freebies, not only will you be able to back up all of your online login credentials, software serial numbers, and a wide array of other information, you’ll also be able to easily synchronize that data across any number of computers. Interested? Of course you are! Let’s get started.
To work your way through this guide, you’ll need to have two things: the KeePass software and a Dropbox account. Fortunately, as we mentioned earlier, both are free. For anyone unfamiliar with Dropbox, it’s an easy-to-use cloud synchronization service that lets you upload and share any kind of file under the sun. If you don’t already have it, go to www.dropbox.com and sign up for a free Dropbox account, and follow the site’s prompts to install the service’s desktop client. The whole process shouldn’t take you more than five minutes. Once that’s done, direct your browser to http://keepass.info and download a copy of KeePass. Be sure to download the desktop version of the installation file and not the application’s portable iteration. Work your way through the KeePass installation wizard.
As part of the installation process, you’ll be asked whether or not you want to visit the KeePass Plugin and Extensions gallery. You’ll want to accept this invitation, as the page offers an impressive array of add-ons to augment the application’s already impressive suite of features. If you finished your KeePass installation without taking a detour to the Plugin and Extension gallery, don’t panic, you can still check it out by browsing to http://keepass.info/plugins.html. It’s worth mentioning, however, that while the majority of the extensions and plugins available via the gallery are reliable, none of them are reviewed by KeePass’s development team, meaning that the plugins could be buggy, out of date, or worse, contain viruses and malware.
KeePass is designed to maintain a database of all of the computer and Internet login credentials you use on a regular basis (above). Once you’ve entered the credentials you want the application to keep track of for you, you can call upon KeePass to enter the login information for any of the websites you frequent by entering a single user-chosen master password. When it comes time to create secure passwords for new login credentials, KeePass has your back there too, as the program also offers a built-in complex-password generator, to ensure the highest level of security possible. Best of all, the program’s archive is protected by very respectable AES 256-bit encryption, making it a tough nut to crack.
To get started with KeePass, you’ll need to set up a new KeePass database, and in order to do that, you will be required to set a master password. Click the New icon found in the top-left corner of the KeePass interface (above). You’ll be greeted by a pop-up window requesting that you enter a master password (below). This is the one password you will have to remember, and will also unlock all of your other passwords, so pick one that’s memorizable but follow the rules of good password construction.
Once you’ve confirmed your password, click OK.
Now, it’s time to start adding some entries. Look for the Add Entry icon—it can be found in the same row as the button you just clicked to set up your master password (above). For each new set of login credentials that you enter into KeePass, enter your username and password information. KeePass also offers you the ability to categorize the entry under a number of subheadings, along with the ability to enter notes or attachments to each entry (below).
As your journeys around the Internet find you needing to create new login credentials, you can rely on KeePass to generate them on the fly. Just open the application’s New entry dialogue, and KeePass will do the random-password encryption for you. Pro tip: The Notes field is a great place to store software serial numbers for posterity’s sake.
If you’ve been wondering where Dropbox comes into all of this, your patience is about to be rewarded. Now that you’ve created a KeePass database, it’s time to back it up. From the program’s menu bar, click File and then Save As. Enter a name for your database, and then save it to your Dropbox folder or a subfolder nestled inside of it (below). By doing so, you’ll not only be backing up an off-site copy of your KeePass database, you’re also making it possible to connect and synchronize with that database from any number of other computers, be they virtual machines, off-site, or across the room from you.
In order to utilize your database on another computer, install Dropbox and KeePass to the system. After opening KeePass, look to the button bar at the top of the application window. Click the Open Database button (located next to the New Database button), and navigate to your Dropbox folder, selecting the KeePass Database as your source. Presto: You now have access to all the KeePass information that you entered on the first computer. Conversely, any new login information you add to the database while using the second computer will be available to use on the first computer.
As with all files synchronized to your Dropbox account, your KeePass database will also be available for download via Dropbox’s web portal, and can be used offline when no Internet connection is available, ensuring that you’ll never have to go without access to your secure library of password information.
Not too shabby for freeware, huh?
You might have heard the guidelines for creating a good password before, but they bear repeating. A good password can make the difference between a hacker getting easy access to your account or leaving disappointed. Here are three basic rules to follow:
The simplest thing you can do to make a password more secure is to make it longer. Even though a service might only require a six-letter password, you should use a password that’s at least 10 characters for anything you care about.
Any word found in the dictionary is inherently easier for a password thief to guess, so try to come up with a random-seeming string of characters. Try using the first letter of each word in a sentence you can remember, then add numbers and symbols.
That means upper- and lower-case letters, and symbols, and not just at the beginning or end.