Encrypting your account passwords with Password Safe

My recent post will have showed you how to set up your password database and get started with adding your user names and passwords. As promised I am now looking closer at the functionality of Password Safe with regards to using it to encrypt and secure the multitude of passwords that rule your life.

Before you get started, there are a number of options that you should configure. Go to Tools>Options to bring up a dialogue box with a range of tabs. You need to first tweak the settings of your Password Policy

Password Policy

A password policy describes the rules that are used to create a password—the letters, letter cases, length, and any special characters that are required. You can see the settings to the left here that can be configured.

If you are using Password Safe for work passwords for example, they may have certain criteria that you need to consider when configuring your password. You will need to set them appropriately.

The password history, also accessed through Manage>Options is worth looking at. You can configure it to remember the last however many passwords you want (ie you can set it to remember 3, 5 and so on). It will also record the date the password was changed. Some organisations may require this sort of information to be kept for audit purposes.

While the actual encryption part doesn’t look too difficult, it seems to be a bit buggy – will actually ask Mike Nodding at work on Monday what I am doing wrong – but as far as I can figure out, these are the steps you follow (I tested on something I wasn’t worried about losing).

Instructions for encrypting passwords

If you also check out the Auto Type entry function which is pretty cool – open your web page you want to update your password with and use Auto Type and it will automatically populate  your username and password.  I have also tried this at the front of a site, to login and it works like a charm 🙂

Manage your propagating passwords safely

SecurityI wrote an article sometime ago about surviving the Internet today with the sheer volume of usernames and passwords that now govern our lives. It’s driving up the freaking wall. I know some people are really good and security conscious and somehow manage 50 trillion different user names and passwords.

In the last few years with the burgeoning number of accounts I seem to have, I have become lazier and lazier and am now down to a combo of about 4 passwords that revolve. Naughty I know. The user name has become and issue too. Once upon a time, a long time ago, I was the only fishgirl on the whole world wide web. Now I have been relegated to various derivations of fishgirl, fishgirl7, fishgirl07, fishgirl007, fishgirl_07 you get the picture. This then creates other issues of which password for which username. Almost endless permutations when you have a 3 strikes policy on an account 🙁 [EvilSue however seems to be less popular, for which I am grateful].

A colleague at work the other day, Mike Nodding showed me an application called Password Safe. He uses this to encrypt and manage all his user names and passwords [and he seems to have as many as me]. Apparently it is so secure you can put your bank details and everything in there!

So I thought I would give it a try.

Using Password Safe

For the uber geeks amongst you:

Password Safe is freely available and distributable under the restrictions set forth in the standard Open Source Initiative (OSI) “Artistic License.” A copy of this license is included with the Password Safe installation package in the file named LICENSE.

Twofish is a fast, free alternative to the AES, DES and IDEA encryption algorithms. Details on the Twofish algorithm, including speed comparisons and an extensive list of products that use Twofish, are available at http://www.schneier.com/twofish.html.

Password Safe is now an open source project hosted at sourceforge.net. The latest program updates, documentation, and news can be located at http://passwordsafe.sourceforge.net.

Master Password

The authors/developers of Password Safe suggest that you must have a strong master password. Picking a spouse’s name, a birthday, or some other easily guessable combination leaves your data vulnerable. It is important that you pick a hard-to-guess master password that you can easily remember. As you can see from the above instructions I had to change mine. I made it alpha-numeric with caps and lower case and it is one that I can remember. Now in theory, it’s the only one I will ever have to remember.

Encrypting passwords

As you can see, for the purposes of testing I have so far only added my Twitter in formation, and used the existing password, which sort of defies the idea of encrypting and securing my unique passwords. After I have posted this to the blog, I will populate the database and write a post on how to use Password Safe for encrypting and managing passwords. Will keep you posted – pardon the pun!