Skip to content. | Skip to navigation

Personal tools
You are here: Home TBSI Technology Blog Topics Security

Security

May 11, 2011

Using KeePass to store passwords

by Eric Smith — last modified May 12, 2011 07:00 PM
Filed Under:

I'm now using KeePass to store all of my passwords. It also helps me avoid broadcasting private information about myself.

I have at least 100 accounts in my personal and professional life. It's gotten to the point where I just can't remember them all and their associated passwords and other account information. And using a single password everywhere is just a horrible idea. Just one breach at any site stupid enough to store my password in clear text and all of my accounts would be compromised.

So I've started using KeePass to store my passwords. There are two versions of KeePass: I use the 1.x version so I can share my password database among all of my computers: Windows, Linux, and Macs. KeePass stores everything in a database encrypted with a single password. For that password I use a very long, complicated string that includes all of the usual "good things": upper and lower case, numbers, and symbols. But hey, it's the only password I need to remember anymore, so I don't mind!

All of my account passwords are unique and randomly generated, since I never type them anymore. There are some tricks to doing this successfully. Some web sites make random passwords particularly difficult to work with: they disallow long passwords, they don't like some symbols, they require all passwords be a specific length (a truly horrible idea), etc. Some even let you enter long passwords, but then don't let you log in with them. I guess they truncate them at some point, but never tell you about it. But eventually you can figure it out for even the most user-hostile sites.

I also store other account information. I keep vendor phone numbers, account numbers, and answers to security questions. I've decided that I'm never going to give a truthful answer to a security question ever again. My mother's maiden name? For Visa, maybe it's "ptdTpX?mdSY9C". My first pet? For my bank it might be "SMtw*3X8L". They don't care, they just want me to use something that is easy for me to remember. With KeePass, all of these are easy to remember! I believe that eventually every one of my vendors will experience a breach that exposes my private information. The less they know about me, the better.

Of course it's critical that I have good backups of my KeePass database. I use a variety of backup schemes to ensure that I always have at least 5 or 6 copies of the database on geographically diverse machines. More on that another time.