More passwords than I can handle…

Like most people, I have access to a wide range of systems: servers, routers, websites, home banking, paypal, ebay, amazon and quite frankly, I can’t remember half of the passwords I need.

I suppose I have done what most people do in the circumstances, and use and reuse passwords between tens of websites: the same login, the same password and despite what I tell people to do, I am just as bad as everyone else. This is simply because I havn’t the brain capacity to contain all those different passwords.

A recent security compromise on a developer’s website and the hacking of my webserver has, however, made me start to think again, and I am changing my passwords progressively to be different across all my systems. How I will track this is with a little program called KeePass (http://keepass.info/)

keepass

It can run as a standalone application on a memory stick, so I have installed it on my new 16Gb stick on my keyring (the size of 4 DVDs constantly in my pocket – I still can’t believe it!), and created a very simple autorun.inf to start the application when it gets inserted into a PC (which ever one I happen to be on).

To do this create a simple text file called AUTORUN.INF and put it in the root of the memory stick.

In the text file, add the following:

[autorun
open=Run_Password_Manager.bat
icon=stick.ico

You can go to the wonderful iconarchive (http://www.iconarchive.com/) for a lovely icon of your choice, and put that in the root of the memory stick also, as defined by icon=

Create a simple text file called Run_Password_Manager.bat (or what ever you want to autorun) and in that put the following:

@echo off
cd KeePass
KeePass.exe SPR.kdbx

or whatever program you want to autorun, in this case, I have specified the name of the database file I am using on the stick. So when I plug it in, a popup says “Do you want to run …” and when I say yes, the Manager is loaded. This runs on any PC I plug into. I would like to stop it opening up a black command window, but I suspect this is because I am using a batch file rather than a nice executable.

As for password choices, one effective way is to prepend or append the password with an identifier of the site you are on, so a password of abcdef becomes paypal_abcdef. This is made even better when you use the mixture of upper, lower, letters and numbers you are supposed to…

You can also use KeePass for recording other necessary information and configuration details, so I have all my network config recorded there for easy reference.

Give it a go, you will find it useful.