Langa Letter: How To Safely Store And Manage Passwords
We all struggle with keeping and securing passwords for the various accounts and systems we access. Here are 17 reader-recommended free and low-cost password-storage solutions, plus two more from Fred Langa.
Under Win2k and later, the easiest no-software solution for safekeeping a list of passwords is a plain text file on a USB "drive": just format the medium as NTFS and create an encrypted folder on it. And for safety, use another removable medium (stored under lock and key) to backup the encryption certificate, so you can read the file on another PC in case disaster strikes. IT professional's motto: "Why make things simple when you can make them complicated?" ;-) -- Pierre Szwarc
For a number of years, I've used a self-created Excel spreadsheet to store all of my passwords. The file itself is password-protected, so it cannot be opened unless you know the password. However, I have only one password I have to remember to access all of the others. Since MS Excel is typically authorized software, some of the readers might find this method useful. The Excel spreadsheet doesn't encrypt the actual data, but it is in a protected file. -- Paul
I use a little program called Password Safe v1.7. All it does is store a title, user name, password, and you can add a note for your account. You can then double-click on an entry and paste it into the application that needs the password. You must keep Password Safe open until you have pasted it into the application, as closing Password Safe erases the password from Windows' clipboard. It keeps the listings alphabetically. The program allows you to have more than one database so that you can keep your work and personal passwords separate and also will generate an eight-character password for you if you choose. The great thing about Password Safe is that it will fit and run on a 1.44-MB floppy disk (password databases included). I have close to 200 passwords and have never had a problem with the program. Version 2.01 is out now and it is a little different but still has the same functionality. By the way, did I mention that it is freeware? You can find out more information about it and download a copy. -- Bill Tone
Thought I'd pass on a link to a Windows password manager that does NOT need to be installed; i.e., it and its database would function from a USB storage key. It runs on all Windows operating systems and doesn't need to be installed... The KeePass development team provides you an installer which automates creating links in the start menu, etc., but you also can download the binary zip package which contains only the main executable, which runs fine without installing anything... KeePass doesn't store anything on your system. The program doesn't create any new registry keys and it doesn't create any initialization files (ini) in your Windows directory. Deleting the KeePass directory (in case you downloaded the binary zip package) or using the uninstaller (in case you downloaded the installer package) leaves no trace of KeePass on your system... . A 100% compatible version for the PocketPC is available (visit KeePass PocketPC page)... . This might be a nice option (and the price is right). -- Peter
I use a [free] small (212K) program, Password Guardian to store all my passwords. It's storage only, not an auto-fill, but would easily fit on a floppy and run straight from there with no installation at all. The stored file is also tiny. -- Shlomo Horwitz
Free Password Keeper is from Cor de Visser ... or try the direct download link Installation: unzip and run exe file from any directory, floppy disk, or pen drive. Uninstallation: Delete the directory where you unzipped the file. "freeware, small in size (smaller then 300 Kb), no use of external DLLs, no registry entries, very easy to use, store all of your password data in default personal file, the password files are encrypted and compressed, logon access protected by password, find function (very easy to use, can search in all fields), store E-mail address, store Web site address, activate E-mail from program, activate Web site from program, export to CSV file, which can be imported from Excel, export to html file, print data. Free password keeper can be run from a floppy disk or pen drive... ." -- Tom Spindler
I use my Palm-OS based PDA (a Sony Clie) to store and retrieve passwords using password protection--not totally secure, but not bad (in my humble opinion) as a solution. I've used two methods to store them. First, I store passwords as memos in the Memo pad--I've created a category for passwords (named something other than "Passwords"), and I hide the records in that category, requiring a password to display them. Second, I have also used a PDA-based software program called SafeInHand, which allows me to store all of my passwords and password-protect them, hiding the password that you type to view the password list. I password-protect my PDA; every day at midnight, my PDA goes into security mode, requiring a password to turn it on (for this last protection, one can set up a Palm-OS based PDA to require a password every time you turn it on, if you want). I use both methods because SafeInHand doesn't automatically back up when I hot-sync, while the Memo pad does, ensuring that I never lose my passwords. If Sam were to use the Memo-pad method and not Hot Sync (or Hot Sync to some computer other than his company's computer), he'd be OK on the company rules, too. -- Elaine Marmel
IT's Reputation: What the Data SaysInformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.