Langa Letter: How To Safely Store And Manage Passwords - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

03:30 PM
Fred Langa
Fred Langa

Langa Letter: How To Safely Store And Manage Passwords

We all struggle with keeping and securing passwords for the various accounts and systems we access. Here are 17 reader-recommended free and low-cost password-storage solutions, plus two more from Fred Langa.

Every so often, a topic emerges that hits an unexpected hot button among readers and generates a flood of responses.

One such hot button was the seemingly innocuous "Safe Storage For Passwords" discussed in a recent newsletter. A huge number of readers responded to that item. Apparently, we're all juggling so many passwords at work and at home that safe and secure password storage has become a real issue.

For example, look at the reader note below--the one that started the discussion: He travels for business and must access numerous password-protected accounts from various PCs at his main office, at remote locations, and at home:

"Hi Fred, I have a question about password security. As you know, most people (at least the ones I know) have several locations at work and at home that require you to logon. I happen to have 142 places that require my login ID/password. These range from the company ERP database, to my online banking account, to the Pizza Hut online order. Most of my coworkers try to use the same password for everything. This way they can remember it. That is a security disaster. They use things like birthdays or their pet's names as passwords, which is also a security risk.

"I have been using a Login ID and Password storage/retrieval software for about 3-4 years. It was previously called Passwords Plus and is now called Passwords Max (shareware; $20).

"[My employer] has turned its head and not yet given me any problems for installing Passwords Max on my work PC, however the hard-line company policy is that we aren't allowed to install unauthorized software on any company asset.

"Passwords Max is great and stores your password database in encrypted format. It has lots of neat features and works just fine as long as you can work at one PC and do not need portability.

"But my job has recently changed and I now travel. Last week, I had to print out a hard copy of my passwords to carry in my briefcase while working at a company site in Mexico. I am guilty of poor security practices, too, and realize this is also extremely poor security because all my passwords were in plain text. Had I lost that 8-page booklet of passwords, anyone could have gotten into my checking or retirement accounts and cleaned me out. I do not yet have a laptop PC so I used a visitor PC while in Mexico.

"Can you or any of the other readers tell me if there is a password storage/retrieval tool that I can install on something like a USB pen drive? I would like to find one that encrypts my password database so no one could access it if I accidentally left it plugged in the USB port. I am looking for something that doesn't require software to be installed on the [PC] so I can stay in good graces with the company. Any ideas? Thanks, Sam"

My initial reply to Sam was brief:

All the auto-fill-in password tools I know of (I personally prefer RoboForm) require at least some minimal level of installation so the software can watch for places that require a login or password. I suppose you could put the setup files and data files for the form-filler of your choice on a pen drive, install it at the start of the business day, and uninstall it at the end of the day. This would violate the "no installed software" policy, but at least would make no permanent changes to the company's PC, and thus might be granted an exemption.

"We've actually covered using a pen drive for encrypted storage of Roboform data. But this still requires that at least a little software be installed.

"A simpler, no-software solution might be to store your passwords in an encrypted text file on a USB pen drive; or even on a plain old floppy disk. You can use 256-bit AES encryption with WinZip, for example, and there are plenty of 100% free encryption tools out there. Cryptomathic's free File2File provides nearly effortless 128-bit AES encryption, for example. An encrypted file wouldn't automatically fill in login/password boxes for you, but would at least serve the same purpose as your paper printout did, but with much less risk and with no software installation required. A floppy version (as opposed to a USB drive version) also has the benefit of being nearly universally supported, as almost all systems have at least a floppy drive."

I thought that was that--but I was dead wrong. Soon, a veritable flood of great suggestions poured in from other readers. Here are the most recommended additional solutions, ranging from ultra simple to the more complex; and from the free to the commercial. No matter what your security needs or your company's restrictions on external software, there's bound to be a solution here you can use:

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 3
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Northwestern Mutual CIO: Riding Out the Pandemic
Jessica Davis, Senior Editor, Enterprise Apps,  10/7/2020
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll