Langa Letter: How To Safely Store And Manage Passwords - InformationWeek
03:30 PM
Fred Langa
Fred Langa

Langa Letter: How To Safely Store And Manage Passwords

We all struggle with keeping and securing passwords for the various accounts and systems we access. Here are 17 reader-recommended free and low-cost password-storage solutions, plus two more from Fred Langa.

Reader Suggestions

Under Win2k and later, the easiest no-software solution for safekeeping a list of passwords is a plain text file on a USB "drive": just format the medium as NTFS and create an encrypted folder on it. And for safety, use another removable medium (stored under lock and key) to backup the encryption certificate, so you can read the file on another PC in case disaster strikes. IT professional's motto: "Why make things simple when you can make them complicated?" ;-)
-- Pierre Szwarc

For a number of years, I've used a self-created Excel spreadsheet to store all of my passwords. The file itself is password-protected, so it cannot be opened unless you know the password. However, I have only one password I have to remember to access all of the others. Since MS Excel is typically authorized software, some of the readers might find this method useful. The Excel spreadsheet doesn't encrypt the actual data, but it is in a protected file.
-- Paul

I use a little program called Password Safe v1.7. All it does is store a title, user name, password, and you can add a note for your account. You can then double-click on an entry and paste it into the application that needs the password. You must keep Password Safe open until you have pasted it into the application, as closing Password Safe erases the password from Windows' clipboard. It keeps the listings alphabetically. The program allows you to have more than one database so that you can keep your work and personal passwords separate and also will generate an eight-character password for you if you choose. The great thing about Password Safe is that it will fit and run on a 1.44-MB floppy disk (password databases included). I have close to 200 passwords and have never had a problem with the program. Version 2.01 is out now and it is a little different but still has the same functionality. By the way, did I mention that it is freeware? You can find out more information about it and download a copy.
-- Bill Tone

Thought I'd pass on a link to a Windows password manager that does NOT need to be installed; i.e., it and its database would function from a USB storage key. It runs on all Windows operating systems and doesn't need to be installed... The KeePass development team provides you an installer which automates creating links in the start menu, etc., but you also can download the binary zip package which contains only the main executable, which runs fine without installing anything... KeePass doesn't store anything on your system. The program doesn't create any new registry keys and it doesn't create any initialization files (ini) in your Windows directory. Deleting the KeePass directory (in case you downloaded the binary zip package) or using the uninstaller (in case you downloaded the installer package) leaves no trace of KeePass on your system... . A 100% compatible version for the PocketPC is available (visit KeePass PocketPC page)... . This might be a nice option (and the price is right).
-- Peter

I use a [free] small (212K) program, Password Guardian to store all my passwords. It's storage only, not an auto-fill, but would easily fit on a floppy and run straight from there with no installation at all. The stored file is also tiny.
-- Shlomo Horwitz

Free Password Keeper is from Cor de Visser ... or try the direct download link Installation: unzip and run exe file from any directory, floppy disk, or pen drive. Uninstallation: Delete the directory where you unzipped the file. "freeware, small in size (smaller then 300 Kb), no use of external DLLs, no registry entries, very easy to use, store all of your password data in default personal file, the password files are encrypted and compressed, logon access protected by password, find function (very easy to use, can search in all fields), store E-mail address, store Web site address, activate E-mail from program, activate Web site from program, export to CSV file, which can be imported from Excel, export to html file, print data. Free password keeper can be run from a floppy disk or pen drive... ."
-- Tom Spindler

I use my Palm-OS based PDA (a Sony Clie) to store and retrieve passwords using password protection--not totally secure, but not bad (in my humble opinion) as a solution. I've used two methods to store them. First, I store passwords as memos in the Memo pad--I've created a category for passwords (named something other than "Passwords"), and I hide the records in that category, requiring a password to display them. Second, I have also used a PDA-based software program called SafeInHand, which allows me to store all of my passwords and password-protect them, hiding the password that you type to view the password list. I password-protect my PDA; every day at midnight, my PDA goes into security mode, requiring a password to turn it on (for this last protection, one can set up a Palm-OS based PDA to require a password every time you turn it on, if you want). I use both methods because SafeInHand doesn't automatically back up when I hot-sync, while the Memo pad does, ensuring that I never lose my passwords. If Sam were to use the Memo-pad method and not Hot Sync (or Hot Sync to some computer other than his company's computer), he'd be OK on the company rules, too.
-- Elaine Marmel

2 of 3
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Annual IT Salary Report 
Base pay for IT professionals has remained flat this year with a median annual salary of $88,000 for staff and $112,000 for management. However, 58% of staff and 62% of managers who responded to our survey say they're satisfied with their compensation. Download this report to find out which positions earn the highest compensation.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll