I keep reading reviews about this Sourceforge Project and was thinking
of
buying a cheap USB stick for it. Between the forums and other various
sites, these passwords add up. Someone once told me that he uses only
one
password for everything he's not concerned about (forums, etc), and
another
one for his private info. Personally, I find that to be the easy,
non-
secure route.
Keepass is here - any comments?
http://keepass.info/
Anyone have long-term experience with it?
If you actually use strong passwords, the type that look scrambled and
contain no word strings, then these type of utilities are handy. Who
wants to remember dr4.utWW_xR9.4.5yyQ$v9d0Tx? However, I use a scheme
that lets me use a unique password at every site without having to save
it in some utility. By using a scheme then you can always figure out
what you would've used at that site.
As an example, use a couple of nonadjacent digits from your birthyear,
the first or last 2 initials of you 3-character initials of your first,
last, and middle name, and the first or last 3 to 5 characters of the
domain (if the domain is shorter than what you decide for the standard
length then include the TLD part of the domain, too, like you use 4
character but at buy.com you would use buyc or ycom). Then decide on
the order of these substrings which is always the same, like
<LINITS2><fdomain4><midbyear2> (which you can record as your hint to
remind you although if you use the same scheme then you don't need to
have hints). In this case, the scheme is the last 2 initials of your
3-initial name (and both are capitalized as indicated in the hint),
first 4 characters of the domain name, and the middle 2 digits of your
4-digit birthyear. Every site would have a different and unique
password. I usually don't include special characters (-,_,$,.,etc.)
because too many sites don't let you use them. Although longer
passwords are better, many sites don't accept more than 8 characters but
many want 6, 7, or more so 8 usually works most places. If one site
wants longer passwords then use one where the hint is
<LINITS3><fdomain5><byear4rev> (where the last is the reverse order of
the digits in your 4-year birthyear). Just come up with a scheme that
you can remember but generates garbage looking passwords. Eventually
you will be without your USB stick with the keepass on it, the stick
goes bad, the computer you want to use doesn't have USB ports or they
have been deliberately disabled, the drive crashes and takes the
database file with it that you haven't backed up yet, and so on. A
scheme in your head that is fixed but provides variable results goes
everywhere you do. Generating strong passwords doesn't mean that you
can't use a common scheme to produce them all.
One reason I started doing this was, well, I didn't bother checking
around for such software. When I tried it then I realized that the
software, USB stick, or whatnot might not be with me at the time. I
also used to use Password Safe (also at sourceforge.net) and thought the
horror stories about the database getting corrupted (by Password Safe
itself) or file system corruption or drive defects and no backups was
just peculiar to some users - until I lost my database TWICE. I'm not
going to waste time looking for backups to restore an old copy of the
database which might not have my most recent stored password when I
immediately need to login into an account to transfer funds NOW or do
something immediate. You might have a thumb drive on your keychain and
tote around a cellphone but that doesn't preclude them from getting lost
or breaking. In fact, losing files on thumb drives isn't really an
unusual problem.
(This is the second year KeePass has been on the