Langa Letter: How To Safely Store And Manage Passwords
We all struggle with keeping and securing passwords for the various accounts and systems we access. Here are 17 reader-recommended free and low-cost password-storage solutions, plus two more from Fred Langa.
Under Win2k and later, the easiest no-software solution for safekeeping a list of passwords is a plain text file on a USB "drive": just format the medium as NTFS and create an encrypted folder on it. And for safety, use another removable medium (stored under lock and key) to backup the encryption certificate, so you can read the file on another PC in case disaster strikes. IT professional's motto: "Why make things simple when you can make them complicated?" ;-) -- Pierre Szwarc
For a number of years, I've used a self-created Excel spreadsheet to store all of my passwords. The file itself is password-protected, so it cannot be opened unless you know the password. However, I have only one password I have to remember to access all of the others. Since MS Excel is typically authorized software, some of the readers might find this method useful. The Excel spreadsheet doesn't encrypt the actual data, but it is in a protected file. -- Paul
I use a little program called Password Safe v1.7. All it does is store a title, user name, password, and you can add a note for your account. You can then double-click on an entry and paste it into the application that needs the password. You must keep Password Safe open until you have pasted it into the application, as closing Password Safe erases the password from Windows' clipboard. It keeps the listings alphabetically. The program allows you to have more than one database so that you can keep your work and personal passwords separate and also will generate an eight-character password for you if you choose. The great thing about Password Safe is that it will fit and run on a 1.44-MB floppy disk (password databases included). I have close to 200 passwords and have never had a problem with the program. Version 2.01 is out now and it is a little different but still has the same functionality. By the way, did I mention that it is freeware? You can find out more information about it and download a copy. -- Bill Tone
Thought I'd pass on a link to a Windows password manager that does NOT need to be installed; i.e., it and its database would function from a USB storage key. It runs on all Windows operating systems and doesn't need to be installed... The KeePass development team provides you an installer which automates creating links in the start menu, etc., but you also can download the binary zip package which contains only the main executable, which runs fine without installing anything... KeePass doesn't store anything on your system. The program doesn't create any new registry keys and it doesn't create any initialization files (ini) in your Windows directory. Deleting the KeePass directory (in case you downloaded the binary zip package) or using the uninstaller (in case you downloaded the installer package) leaves no trace of KeePass on your system... . A 100% compatible version for the PocketPC is available (visit KeePass PocketPC page)... . This might be a nice option (and the price is right). -- Peter
I use a [free] small (212K) program, Password Guardian to store all my passwords. It's storage only, not an auto-fill, but would easily fit on a floppy and run straight from there with no installation at all. The stored file is also tiny. -- Shlomo Horwitz
Free Password Keeper is from Cor de Visser ... or try the direct download link Installation: unzip and run exe file from any directory, floppy disk, or pen drive. Uninstallation: Delete the directory where you unzipped the file. "freeware, small in size (smaller then 300 Kb), no use of external DLLs, no registry entries, very easy to use, store all of your password data in default personal file, the password files are encrypted and compressed, logon access protected by password, find function (very easy to use, can search in all fields), store E-mail address, store Web site address, activate E-mail from program, activate Web site from program, export to CSV file, which can be imported from Excel, export to html file, print data. Free password keeper can be run from a floppy disk or pen drive... ." -- Tom Spindler
I use my Palm-OS based PDA (a Sony Clie) to store and retrieve passwords using password protection--not totally secure, but not bad (in my humble opinion) as a solution. I've used two methods to store them. First, I store passwords as memos in the Memo pad--I've created a category for passwords (named something other than "Passwords"), and I hide the records in that category, requiring a password to display them. Second, I have also used a PDA-based software program called SafeInHand, which allows me to store all of my passwords and password-protect them, hiding the password that you type to view the password list. I password-protect my PDA; every day at midnight, my PDA goes into security mode, requiring a password to turn it on (for this last protection, one can set up a Palm-OS based PDA to require a password every time you turn it on, if you want). I use both methods because SafeInHand doesn't automatically back up when I hot-sync, while the Memo pad does, ensuring that I never lose my passwords. If Sam were to use the Memo-pad method and not Hot Sync (or Hot Sync to some computer other than his company's computer), he'd be OK on the company rules, too. -- Elaine Marmel
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.