When is a password cache safe?
Tricky isn't it? You have an ever growing number of passwords and nowhere to store them. If you just put them on your desktop and the machine is stolen, lost or compromised they will all be open to everyone. If you put them in Excel and protect the sheet you obviously haven't searched the Net recently for MS Office security crackers. (There are many - most Office applications are easily cracked). So what does that leave - the old stalwart of paper and pen perhaps? To me that's vulnerable to physical issues such as fire, burglary flood and just plain mislaying the list. You can actually back up paper if you really want to go that way. ...It's called a photocopier. Online storage then - but who's servers do you trust? I did actually use an old Hotmail account for storing passports at oen point. It worked but I need a net connection all teh time and it became abit clunky finding things.
This leaves password cache programs. You know what worries me about them irrespective fo whether they are paid for or free? Who the hell wrote them and what are they potentially doing with the information? What if the program lay dormant for years sucking up my ID and then spilled it's guts back to its master one 1st April (fools day in the UK).
You know... I think at last I have found the answer. It's here: http://sourceforge.net/projects/keepass Sourceforge is a well respected open source software server where people collaborate and share code behind their software. The great thing about KeePass is not that its better than other password caches, but that you can see the code and if you are that paranoid take it away and read it to see in detail what the program is capable of doing. While I'm not paranoid enough to do that myself I am very sure "the community" as mass gatherings of open source developers are called most probably has (so I don't need to?).
It's enough for me to trust this little desktop application and benefit from the single password opening up multiple others that it offers, together of course with the ability to safely back up copies of the database so I need never lose a code again. I've even put in some other things, like the number of a combination lock we have in the office. If somebody does steal my PC the passwords are safe because they would need to know the master code first. Just having my code database is not enough.
So is that where I keep my bank numbers? Nope - They are solely in my head. Good though KeePass looks it's still IT and if this blog is about anything it's about my deep mistrust of such things despite working in the industry.
On the other hand there is no backup for my brain. Guess I'll just have to keep the one copy in my possession very safe from extreme sports, bar fights and London traffic!
Regards
Vivamex Limited
IT Recruitment by people who know IT
www.vivamex.co.uk
This leaves password cache programs. You know what worries me about them irrespective fo whether they are paid for or free? Who the hell wrote them and what are they potentially doing with the information? What if the program lay dormant for years sucking up my ID and then spilled it's guts back to its master one 1st April (fools day in the UK).
You know... I think at last I have found the answer. It's here: http://sourceforge.net/projects/keepass Sourceforge is a well respected open source software server where people collaborate and share code behind their software. The great thing about KeePass is not that its better than other password caches, but that you can see the code and if you are that paranoid take it away and read it to see in detail what the program is capable of doing. While I'm not paranoid enough to do that myself I am very sure "the community" as mass gatherings of open source developers are called most probably has (so I don't need to?).
It's enough for me to trust this little desktop application and benefit from the single password opening up multiple others that it offers, together of course with the ability to safely back up copies of the database so I need never lose a code again. I've even put in some other things, like the number of a combination lock we have in the office. If somebody does steal my PC the passwords are safe because they would need to know the master code first. Just having my code database is not enough.
So is that where I keep my bank numbers? Nope - They are solely in my head. Good though KeePass looks it's still IT and if this blog is about anything it's about my deep mistrust of such things despite working in the industry.
On the other hand there is no backup for my brain. Guess I'll just have to keep the one copy in my possession very safe from extreme sports, bar fights and London traffic!
Regards
Vivamex Limited
IT Recruitment by people who know IT
www.vivamex.co.uk
posted by Vivamex at 4:10 AM
0 Comments:
Post a Comment
<< Home