Langa Letter: How To Safely Store And Manage Passwords - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

03:30 PM
Fred Langa
Fred Langa

Langa Letter: How To Safely Store And Manage Passwords

We all struggle with keeping and securing passwords for the various accounts and systems we access. Here are 17 reader-recommended free and low-cost password-storage solutions, plus two more from Fred Langa.

Every so often, a topic emerges that hits an unexpected hot button among readers and generates a flood of responses.

One such hot button was the seemingly innocuous "Safe Storage For Passwords" discussed in a recent newsletter. A huge number of readers responded to that item. Apparently, we're all juggling so many passwords at work and at home that safe and secure password storage has become a real issue.

For example, look at the reader note below--the one that started the discussion: He travels for business and must access numerous password-protected accounts from various PCs at his main office, at remote locations, and at home:

"Hi Fred, I have a question about password security. As you know, most people (at least the ones I know) have several locations at work and at home that require you to logon. I happen to have 142 places that require my login ID/password. These range from the company ERP database, to my online banking account, to the Pizza Hut online order. Most of my coworkers try to use the same password for everything. This way they can remember it. That is a security disaster. They use things like birthdays or their pet's names as passwords, which is also a security risk.

"I have been using a Login ID and Password storage/retrieval software for about 3-4 years. It was previously called Passwords Plus and is now called Passwords Max (shareware; $20).

"[My employer] has turned its head and not yet given me any problems for installing Passwords Max on my work PC, however the hard-line company policy is that we aren't allowed to install unauthorized software on any company asset.

"Passwords Max is great and stores your password database in encrypted format. It has lots of neat features and works just fine as long as you can work at one PC and do not need portability.

"But my job has recently changed and I now travel. Last week, I had to print out a hard copy of my passwords to carry in my briefcase while working at a company site in Mexico. I am guilty of poor security practices, too, and realize this is also extremely poor security because all my passwords were in plain text. Had I lost that 8-page booklet of passwords, anyone could have gotten into my checking or retirement accounts and cleaned me out. I do not yet have a laptop PC so I used a visitor PC while in Mexico.

"Can you or any of the other readers tell me if there is a password storage/retrieval tool that I can install on something like a USB pen drive? I would like to find one that encrypts my password database so no one could access it if I accidentally left it plugged in the USB port. I am looking for something that doesn't require software to be installed on the [PC] so I can stay in good graces with the company. Any ideas? Thanks, Sam"

My initial reply to Sam was brief:

All the auto-fill-in password tools I know of (I personally prefer RoboForm) require at least some minimal level of installation so the software can watch for places that require a login or password. I suppose you could put the setup files and data files for the form-filler of your choice on a pen drive, install it at the start of the business day, and uninstall it at the end of the day. This would violate the "no installed software" policy, but at least would make no permanent changes to the company's PC, and thus might be granted an exemption.

"We've actually covered using a pen drive for encrypted storage of Roboform data. But this still requires that at least a little software be installed.

"A simpler, no-software solution might be to store your passwords in an encrypted text file on a USB pen drive; or even on a plain old floppy disk. You can use 256-bit AES encryption with WinZip, for example, and there are plenty of 100% free encryption tools out there. Cryptomathic's free File2File provides nearly effortless 128-bit AES encryption, for example. An encrypted file wouldn't automatically fill in login/password boxes for you, but would at least serve the same purpose as your paper printout did, but with much less risk and with no software installation required. A floppy version (as opposed to a USB drive version) also has the benefit of being nearly universally supported, as almost all systems have at least a floppy drive."

I thought that was that--but I was dead wrong. Soon, a veritable flood of great suggestions poured in from other readers. Here are the most recommended additional solutions, ranging from ultra simple to the more complex; and from the free to the commercial. No matter what your security needs or your company's restrictions on external software, there's bound to be a solution here you can use:

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 3
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Future IT Teams Will Include More Non-Traditional Members
Lisa Morgan, Freelance Writer,  4/1/2020
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll