I wrote an article sometime ago about surviving the Internet today with the sheer volume of usernames and passwords that now govern our lives. It’s driving up the freaking wall. I know some people are really good and security conscious and somehow manage 50 trillion different user names and passwords.
In the last few years with the burgeoning number of accounts I seem to have, I have become lazier and lazier and am now down to a combo of about 4 passwords that revolve. Naughty I know. The user name has become and issue too. Once upon a time, a long time ago, I was the only fishgirl on the whole world wide web. Now I have been relegated to various derivations of fishgirl, fishgirl7, fishgirl07, fishgirl007, fishgirl_07 you get the picture. This then creates other issues of which password for which username. Almost endless permutations when you have a 3 strikes policy on an account 
[EvilSue however seems to be less popular, for which I am grateful].
A colleague at work the other day, Mike Nodding showed me an application called Password Safe. He uses this to encrypt and manage all his user names and passwords [and he seems to have as many as me]. Apparently it is so secure you can put your bank details and everything in there!
So I thought I would give it a try.
For the uber geeks amongst you:
Password Safe is freely available and distributable under the restrictions set forth in the standard Open Source Initiative (OSI) “Artistic License.” A copy of this license is included with the Password Safe installation package in the file named LICENSE.
Twofish is a fast, free alternative to the AES, DES and IDEA encryption algorithms. Details on the Twofish algorithm, including speed comparisons and an extensive list of products that use Twofish, are available at http://www.schneier.com/twofish.html.
Password Safe is now an open source project hosted at sourceforge.net. The latest program updates, documentation, and news can be located at http://passwordsafe.sourceforge.net.
Master Password
The authors/developers of Password Safe suggest that you must have a strong master password. Picking a spouse’s name, a birthday, or some other easily guessable combination leaves your data vulnerable. It is important that you pick a hard-to-guess master password that you can easily remember. As you can see from the above instructions I had to change mine. I made it alpha-numeric with caps and lower case and it is one that I can remember. Now in theory, it’s the only one I will ever have to remember.
Encrypting passwords
As you can see, for the purposes of testing I have so far only added my Twitter in formation, and used the existing password, which sort of defies the idea of encrypting and securing my unique passwords. After I have posted this to the blog, I will populate the database and write a post on how to use Password Safe for encrypting and managing passwords. Will keep you posted – pardon the pun!
