Ricmedia PC Help

Tech guides for everyone.

Password Manager guide

By 2 Comments

Managing your passwords can be messy and complicated however, making use of a Password Manager can free you from the mess while keeping a high degree of security. If you are still using the same password for everything (like sunshine, princess, monkey or god-forbid admin) then you are putting yourself in danger of being hacked, your personal data stolen, and possible financial ruin. It is more important than ever to secure your personal and financial data, and using a Password Manager is the best way to go. There are a few important points we must address first, so let’s get started!

Choosing a good password

Ok first up, let’s make sure your passwords are safe enough not to be easily guessed or cracked by a program, because a password manager is useless if your passwords are easy to guess. You also need to have a different password for every website or service you have, period. I realize that is probably something you don’t want to hear, but it’s the single most important thing you can do to secure yourself against hackers, why? Well let’s take the following scenario…

Say you have the same password (for example) Gmail and ShadyWebsite.net. Who’s to say that ShadyWebsite.net is trustworthy or able to keep your details (which are stored on their web servers) secure? Who’s to say that ShadyWebsite.net isn’t a trolling operation specifically built to steal passwords and hack accounts? Unfortunately it is all too common.

There are many other reasons to have a different password for every website, but I hope the above reason is enough.

Now there are a few simple rules to follow when choosing a new password, which we’ll go through now…

  • A good password uses a minimum of 8 characters (12 and up to 16 characters even better)
  • A good password consists of at least one of each of the following…
    • Lower-case letters (ie. abcdefg…)
    • Upper-case letters (ie. ABCDEFG…)
    • Numbers (ie. 123456…)
    • Special characters: "~!@#$%^&*?

Alternatively you can use my Password Generator below to generate a strong password 🙂

Password storage

The next important step is the master password file that holds all your usernames and passwords and is stored on a portable memory device like an encrypted USB drive, in a very safe location (same place you would keep valuables like jewellery, gold, cash etc) or if you prefer, you can have a little black book with all your passwords hand written in it, same concept, but you should never store this file on your PC, laptop, phone or tablet! You must store this file in a very safe place outside of your PC and preferably encrypted. This master file is likely the most valuable possession you have, so be sure to guard it accordingly.

Most password managers will allow you to export all your passwords to a secure, encrypted file for safe keeping which is the preferred method, but if you prefer to make your own file, here are some suggestions for text file types, text editors, storage devices and locations.

  • Types of text files/editors
    • Windows: Notepad, Wordpad, Word
    • Linux: Vim, gEdit, Nano, gVim, Eclipse, Emacs
    • MAC: TextEdit, Brackets, TextMate, TextWrangler
    • Text File Types: .txt, csv, xml, or for more obscurity try .html, .htm, .php, .js, .css, .asp
  • Types of storage devices
    • USB flash drive (usually comes with built-in encryption software)
    • Compact Flash, SD Card, MMS
    • External hard drive
    • CD/DVD/Blu-Ray optical discs
    • Notebook, pad, diary, LBB
  • Good locations to keep your master password file
    • Wall safe/safe, locked cash box, locked filing cabinet
    • Safe deposit box at bank
    • Wherever you keep your valuables (gold, cash, jewelery)
USB flash drive
Typical USB flash drive storage device
3.5 inch external hard drive
USB3.0 external hard drive 3.5 inch 500GB capacity
Safe Deposit Box at Bank
Safe Deposit Box at Bank

Now just writing a bunch of usernames and passwords without some sort of formatting can make it very hard to read (and find) a given combo, so a good format to write them in, is along the lines of…

----------------------------------------
    www.somesite.com
    username: JimJam2014
    password: P$a10Jia
----------------------------------------

…or if you prefer a format that is readable by password managers, you will need to read up on the different formatting of password files which is beyond the scope of this article, but just a tip, these formats are not easy to read by humans, they are designed for machines.

Password management methods

Master password

Most password managers employ a master password system, which basically means that you enter your username and password into a given website, then click a "remember password" button. You then continue this process with any other websites you have login details for (passwords are safely stored on your computer via the password manager, usually encrypted) and then enter a master password in the settings/options of your password manager.

From this point on, when you visit a website that requires your login details, all you have to do is enter your master password and the password manager will autofill/auto-type the username and password fields for you. The advantage of this system is that if someone steals your computer, unless they know the master password, they will not be able to login to any of your websites.

Browser password managers

Mozilla Firefox is the only browser that uses a master password right out of the box with no plugins needed, one of the reasons I use it. Other browsers all have a "remember password" function that appears after you have entered your login details on a given website, but offer no protection if your computer is stolen or snooped upon, so I don’t recommened using these types of password managers (with the exception of Firefox).

Two-Factor authentication

This is an excellent method of authentication that generally only requires a mobile phone or landline and provides very good security without any investment in extra hardware or software (like a fingerprint reader or USB drive etc). Large internet companies (ie. Google and Yahoo) usually offer this as an option.

The way it works is like this
(example is Gmail)…

  1. You login to Gmail (having previously setup 2-step verification) and are presented with a page asking for a special code that Google would have sent you seconds ago when you clicked the login button
  2. You recieve this code on your phone and enter it into the webpage, click submit and enter your inbox as per normal

This way, even if your password is stolen, they will not be able to login to your Gmail account unless they also have your phone. It’s not foolproof but does offer a simple, and quite secure way to access your accounts.

Advanced authentication options

There are also many other, more secure methods of password management and authentication as outlined below. I personally favor fingerprint authentication but you will obviously need a fingerprint reader to use this method. I will briefly go through these options below but the focus of this guide is on password managers which are software based and easily obtained.

Fingerprint authentication

These used to be the stuff of James Bond movies, but nowadays you can expect to see fingerprint readers on laptops (built-in) and desktops via an external USB device you simply plugin. Once you have setup the fingerprint reader (which only takes a few minutes) you simply run your index finger across the reader, it reads your unique fingerprint, and Windows will automatically log you in. You can also setup the fingerprint reader for all your website usernames and passwords along with the frequency at which it will require a re-swipe of your finger (aka: Paranoia Level) and all other settings.

USB key authentication

This is no different than having a key to unlock your car, you simply insert the USB key to authenticate (usually with a password too) and you’re good to go. One of the advantages of this method is that you can encrypt your entire hard drive (the USB drive holds the encryption key) so if anyone steals your computer and tries to hack into it, they will be faced with a bunch of scrambled data, not your personal data.

Smart Card authentication

Smart Cards are and excellent form of authentication and can use one, two or even three factors on top of the card itself as extra security. Smart Cards are generally the realm of medium to large coporate businesses but can just as easily be implimented at the home user level with a USB Smart Card reader.

Smart Card example
Smart Card example
Laptop fingerprint reader
Laptop fingerprint reader
USB fingerprint reader
USB fingerprint reader
USB Security Dongle
USB Security Dongle

Choosing a password manager

Now taking everything I have explained so far in this guide, let’s choose a password manager that suits your personal requirements. I have made a table below that shows the features, security, cost and my rating, as well as my top picks.

Password Managers – Last Revised 2014/08/29
NAME LICENSE & COST OS SUPPORT BROWSER INTEGRATION OVERALL RATING
1Password Proprietary / $35+ Windows, OS X, iOS, Android IE, Firefox, Chrome, Safari, Opera 7/10 Good program but needs better guidance/instructions for initial setup.
Dashlane Proprietary
Free & Premium $30+		 Windows, OS X, iOS, Android IE, Firefox, Chrome, Safari 8.5/10 Very comprehensive app, excellent setup guide.
F-Secure Key Proprietary
Free & Premium $2.20mo		 Windows, OS X, iOS, Android No, password vault only 6.5/10 Passwords need to be added manually, good for storage only.
iVault Proprietary / $8 per year Windows, OS X, iOS, Android No, password vault only 7/10 Good security, manual password entry, cloud-based, needs better instructions.
KeePass GNU Open Source / Free Windows (ports for Linux, OS X, iOS, Android, Windows Phone) Yes via Auto-Typing 8.5/10 Excellent features, dozens of plugins, easy install and setup.
Keeper Proprietary / From $10 per year Windows, OS X, iOS, Android IE, Firefox, Chrome, Safari 8/10 Great features & excellent security with easy install instructions.
iCloud Keychain APSL / part of OS X & iOS OS X, iOS Safari 7/10 Slick interface, great for Apple users
LastPass Proprietary
Free & Premium $12 per year		 Windows, Linux, OS X, iOS, Android, Blackberry, Windows Phone, Firefox OS, Surface RT IE, Firefox, Chrome, Safari, Opera 9.5/10 Excellent and easy setup, they really have thought of everything, top marks.
Mitto Proprietary / Free service Cross-Platform (All OS) IE, Firefox, Chrome, Safari 8.5/10 Very good security, easy to use, good features, comprehensive setup.
Norton Identity Safe Proprietary / Free Windows, iOS, Android IE, Firefox, Chrome, Safari 8/10 Good product, easy setup & great security.
Password Box Proprietary
Limited Free & Unlimited $2.00+		 Cross-Platform (All OS) IE, Firefox, Chrome, Safari, Opera 9/10 Very impressive, easy installation, great features.
Password Genie Proprietary
$15 per year		 Windows, OS X, iOS, Android IE, Firefox, Chrome, Safari 6/10 Unable to test as purchase required before download, website needs overhaul.
Password Safe Artistic License (Open Source)
Free		 Windows, Linux (ports for OS X, iOS, Android, Windows Phone) All 7.5/10 Good program but really needs full browser integration.
Pleasant Password Server Proprietary
$25 per user (packages available for more users)		 Any OS, iOS, Android
(server requires Windows Vista, 7, 8, Server 2008, Server 2012)		 All 8/10 Very comprehensive app, good features, suitable for SME to large corps.
RoboForm Proprietary
$10 to $40		 Windows, Linux, Mac OS, Android, iOS, Windows Phone All 9/10 Excellent product, easy setup, great features.
More info: Proprietary Software, Open Source Software; Chrome, IE, Firefox, Safari, Opera
If you have any questions or want me to add some software to this table, just email me anytime

In conclusion

Moving your passwords from unorganized and high-risk, to organized and security conscious using a password manager can be quite a task, and I hope I have helped you in that quest. It’s far easier and much more secure to have your passwords managed by good software instead of relying on your memory or scant bits of paper.

If you have any questions you’re welcome to email me anytime.

Cheers!, Richie

Comments

  1. excellent review Richie. I’ve been using RoboForm for a few years now but I’ve found that it’s getting kind of quirky so I’ve been looking for something new. I see you didn’t review McAfees entry into the password management software. What I’m looking for is a fingerprint reader that would access the password data. So is there a combination between a password manager and a fingerprint reader? Any help you could give me would be most appreciated.

    Reply

    • Hi Bob, thanks for the feedback mate. There are some very good fingerprint readers out there and with a cursory search I wasn’t able to determine if any actually manage passwords per se, but you might want to check out this review site which has all the latest FPR’s and a lot of info on each: http://fingerprint-scanner-review.toptenreviews.com/.

      McAfee do offer LiveSafe which has a built in password manager, but not as a stand alone product so that’s why I left it out, but it’s is an excellent product none-the-less.

      If I do find a FPR that actually manages passwords I will post back here for you.

      Cheers!
      Richie

      Reply

Leave a comment

HELP

NEWS & FEED

SOCIAL