All of us have credentials for a variety of web sites, e-mail accounts, not to mention other sensitive personal information. Passwords alone can multiple like rabbits if you are careful not to reuse them (which is strongly advised). The temptation to record passwords, and other sensitive information, in an insecure fashion is strong. The proverbial sticky note under the keyboard is only one example. But what should you do?
Bruce Schneier recommends two approaches:
- Write them down on a piece of paper and store it in your wallet.
- Use a password safe.
I tend to agree with a comment to that posting stating that wallets are often stolen and are otherwise not under positive control at all times. A password safe is software that handles the encrypted storage of credentials (or other pieces of information). I happen to like KeePass. It runs on a myriad of platforms, either because they are directly supported, or contributors have ported it to other devices. Besides Windows, Mac OSX, and Linux, these include PocketPC, Windows Mobile 5/6, Blackberry, and PalmOS platforms. However, if you want to share the password safe between devices, be aware that there is no incremental updating between copies. That is, you probably need to assign one location as your master and another as your backup copy, and always make updates on your master copy and periodically refresh your backup copy.
KeePass has a number of features that one might expect in a password safe. You can copy passwords to the clipboard and have then auto-erased after a few seconds; you can use the auto-type feature to automatically fill in web forms; you can even print a password list to put in your wallet, if you’re so inclined!
Whether or not you use KeePass is a personal choice, but employing some method of cryptographically safeguarding your valuable information should not be something you think long and hard about — just do it! 🙂