A solution to the Great Hassle of passwords

Passwords are everywhere. With most services on Internet, a new user account must be created – and with each of those, comes a password. Often, people will find themselves using the same passwords over and over again – but do they realize they are easy targets for crackers with malicious intentions?

In the past, public leaks of accounts on a single service led to the breach of many more accounts on other online services. As an example, a recent Anonymous leak of 4,000 American bank executives contained the victims’ passwords. I wouldn’t risk saying that most of these executives used their password somewhere else – be it on their private email or social networks. Vile persons looking forward to accessing those victims’ accounts could easily have been able to do so.

This raises a serious security concern that is unfortunately disregarded by most  – one password shouldn’t be used for every account you own. If a leak was to happen, you would be endangered and crackers would not hesitate to steal your private informations. On the other hand, though, remembering passwords is hard! Every password should be unique – but while this must be enforced to ensure your personal safety, keeping in mind all of the passwords you use across different services remains a tough task (unless you’d like to practice and memorize all of them – but hey, we’re too lazy to do that).

So, what’s the solution to the problem? You’d like to have unique passwords for every of your accounts, but you won’t be able to remember them all.

That’s where passwords managers kick in. Passwords managers are simple softwares designed to save your login credentials for your accounts (and any of them – not necessarily on Internet). They are then stored in a safe and encrypted database, that needs to be unlocked with a password.

KeePassX Logo

On Linux, an excellent free-software password manager is KeePassX. It is cross-platform and versions for Windows and Mac exist. Here’s a list of its features (the full one is available here):

  • Extensive management – title for each entry, groups, etc.
  • Search function
  • Autofill (experimental)
  • Database security
  • Automatic generation of secure passwords
  • Precaution features – quality indicator for chosen passwords – hiding all passwords behind asterisks
  • Encryption:  256 bits Advanced Encryption Standard (AES) or 256 bits Twofish algorithm
  • Import and export of entries
  • Operating system independent
  • Free software

KeePassX has a simple and straightforward interface (GTK2 on Linux), which makes navigating through your accounts an easy task:

KeePassX - Interface

KeePassX – Interface

Some of the features I like the most are the abilities to add custom icons to every entry in the list, and to gather different categories of accounts into groups. The strong password generator comes in handy when you can’t think of a secure password – you can generate one with different settings (number of characters, special characters, numbers, caps, etc). By far, however, the shortcuts are the best things in KeePassX:

  • CTRL+C copies the password to your clipboard;
  • CTRL+B copies the username to your clipboard;
  • CTRL+V automatically fills in a login form for you.

Thanks to KeePassX, you don’t have to remember your passwords. This means that you can use extremely complex passwords (up to your discretion) without typing or memorizing them. And, if you take a look at the bigger picture – your safety is overwhelmingly increased, with those unique and secure passwords.

If you use multiple computers, dual-boot and/or need to access your passwords at any time, you can simply export the database by sending it to your devices (preferred) OR by clicking on Files > Export to… > KeePass XML File. Whilst you can use the Windows/Mac versions of KeePassX, this file can alternatively be opened on Windows with KeePass or on Android with KeePassDroid.

So, eventually – passwords managers are the way to go. Your passwords will be kept completely safe with a solid database encryption, and you will be the only one to possess the password that opens up the database (master key). I would suggest generating a new password with one of those simple command lines and use it as the master key.

Stay safe and protect your accounts!

P.S: The version of KeePassX shown in this article is 0.4.3 (stable), and only features KeePass 1.X databases (.kdb). You may use KeePassX 2 Alpha currently in testing phase – it natively supports KeePass 2.X databases (.kdbx) and therefore makes database sharing easier.

Download:
KeePassX 0.4.3 (stable) – SourceForge
KeePassX 2 Alpha (testing) – gittarball releaseAUR

Tutorial:

Advertisements
About

"Knowledge is power. Information is liberating." - Kofi Annan. I love messing with stuff. The result's always awesome!

Tagged with: , , , , , , , , , ,
Posted in GNU/Linux, Privacy
3 comments on “A solution to the Great Hassle of passwords
  1. William Purcell says:

    My concern would be, if your account was hacked and your keepassx password discovered all your passwords would be vulnerable.

    • iceTwy says:

      If you do not save your KeePassX password in a file, there is no reason it would ever be found. That’s why I said it was risky writing it down in a file. If you can memorize your master key and avoid noting it somewhere, you’re 100% sure you’re safe.

      Also, if you’re worried about having your master key found, you can also use a keyfile. Watch the tutorial I added at the bottom of the post.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: