Tuesday, 1 September 2015

Password Storage Done Right

Storing & managing passwords is really hard these days. Passwords are easier to crack. Breaches to one system mean other accounts can be exposed. Even the FBI's most wanted can't get it right.

Even the systems you might depend on break.

Best Practices for Passwords


Lets just review best practices for passwords:
  1. Use a complex password. A complex password is one that doesn't include dictionary words or common phrases that might be used in a dictionary attack. This is getting hard as previously uncommon phrases can become part of a new dictionary. Ideally use a random password.
  2. Use a long password. This will help defend against dictionary attacks.
  3. Don't use the same password. Ever. This is because if the password is broken in one system, it can be used to log into the other systems.

It needs to...


Just to make things easier, I personally use a range of platforms so I'm looking for something that runs on:
  • Windows
  • OSX
  • iOS
I also need to be able to retrieve, add and edit passwords on any platform. Changes on any one platform should sync to all other others.

It doesn't need to...


I'm not looking for something that integrates directly into the browser. I'm concerned that something that is directly integrated into the browser is too much of a target for attack. This knocks out using something like Chrome to store passwords, aside from the issue that it can only store web based passwords.

Password based services like LastPass are also an issue, given that someone cracking LastPass can then access your entire set of passwords. These systems are a huge target.

Solution


Best practices are to use a password manager. Syncing was once a challenge, but now with platforms like google drive and dropbox are far easier.

So I use:

  1. KeePass2 - works on Windows
  2. MacPass - works on OSX
  3. KyPass3 - works on iOS
  4. Dropbox - to sync them everywhere
KyPass 3 supports syncing with a dropbox folder and the other apps just talk to the filesystem. It's an awesome solution that lets you view / edit your passwords anywhere.

5 comments:

  1. Hi, i believe that i saw you visited my web site thus i got here to ?go back the want?.I?m trying to in finding things to enhance my web site!I guess its good enough to use some of your ideas!! 250gb USB 3.0 External Hard Drive

    ReplyDelete
  2. Thanks for an interesting blog. What else may I get that sort of info written in such a perfect approach? I have an undertaking that I am just now operating on, and I have been on the lookout for such info. Folder Lock With regard to PC Windows 7 Free of charge Download - Don't Hang Around Seeking, Read Almost all About Cellular Desktops With this page password protect iphone folder

    ReplyDelete
  3. Hi, my name is Rupel and I present beautiful girls for London at World Beauty Escort. I agree with you to provide the London escort service you can contact every time I have a complete appointment with you in Escort Service in London Ready to contact us for the London Scott Service would be best for you
    London Escorts
    London Escorts Service
    Escort Service in London
    Escorts In London
    Escort Agency in London
    London Escort Agency

    ReplyDelete
  4. then I tell you that we have fully agreed girls who wish to have VIP escort service independent call girls in Mumbai, our Escort agency fully agreed in Mumbai Have provided to girls Mumbai Escorts
    Mumbai Escorts Service
    Escorts Service In Mumbai

    ReplyDelete