I have about 50 to 60 online / software accounts for which I have to remember my passwords. These include my Windows login, 5 e-mail accounts, website account, domain name account, FTP password, several online accounts for various websites, etc. I am sure I am not alone in this regard as most people using computer and Internet would be having a similar number of 
accounts for which they have to remember their passwords. Using a common password for all such accounts is not advisable at all since if it gets compromised on one site / account, it puts all your online accounts at risk. OpenID is one solution which allows you to use one common password at various sites / accounts that support OpenID while the password is checked only at one site from where your OpenID was issued initially (read OpenID – protect your password and online identity). However, OpenID is not supported by all sites and software applications. You can’t use it everywhere. For remaining accounts / sites, you have perhaps no option but to maintain different passwords for each such account. But, how to remember so many passwords, more so if you are using lengthy complicated passwords which include different combinations of small / capital alphabets, numerals, special characters (such as dollar-sign, percent-sign)?
A good password manager software is perhaps the answer. KeePass is one such password manager, which can help you to manage your passwords in a safe and secure manner. Moreover, it is a free and open-source software.
KeePass enables you to put all your passwords in one database file, which is then locked or encrypted with one master password or a key file. Therefore, you will have to remember only one master password or select the key file to lock or unlock the whole database which contains all your other passwords.
KeePass uses the industry-standard secure encryption algorithms, namely the Advanced Encryption Standard (AES, Rijndael) and the Twofish algorithms, to encrypt the contents of the database which contains your all passwords. These encryption algorithms are quite secure and if somebody tries to unauthorisedly break the encryption of the said password database, it would take a time longer than the age of the universe even if all computing power available in the world today was to be utilized for this purpose. As KeePass also stores your user names along with the respective passwords in the database file, even these user names are also similarly secure from attack.
For encrypting the password database file, KeePass will first use the 256-bit cryptographically secure one-way hash function SHA-256 to hash your master password and then its output is used as key for encrypting the password database. As a hash function is only a one-way function, i.e., you can use it to hash the master password but you cannot do the reverse process, it is not possible to obtain master password by the reverse process. This ensures that the traces of the master password, which was used to encrypt your password database, are not left. When you want to decrypt the password database, you’ll have to provide master password which will then be hashed again to open the database. This ensure double security. SHA-256 is a very secure hash function.
Moreover, KeePass uses security-enhanced password edit controls due to which none of the available password edit control spying applications will work against these controls. The passwords entered in these secure edit controls would not be visible even in the process memory of KeePass.
You can encrypt the password database by using either the master password or a key file or a combination of both for an enhanced security. KeePass also supports generation of strong random passwords as per the parameters set by you.
It is a portable program which means that you can copy it on an USB stick and it can run on Windows without being installed. It doesn’t store anything on your system and creates no new registry keys or any initialization files (INI files) in your Windows directory.
Being an open-source software, you can have full access to its source code which guarantees that there are no traps or backdoors for stealing your passwords. It also assures you about the security of the password database which you can yourself examine by viewing the source code if you have the requisite expertise. In view of these reasons, KeePass can be a good candidate for being used as a password manager for managing your passwords.
Did you like this article? To get all such articles from Tech Superb directly:
Related Articles:
If you would like to make a comment, please fill out the form below.
