Ricmedia PC Help

Tech guides for everyone

  • Home
  • Browsers +
    • Chrome
    • Chromium
    • Firefox
    • Internet Explorer
    • Microsoft Edge
    • Safari
    • Opera
    • Browsers (all)
  • Windows +
    • Windows 10
    • Windows 8/8.1
    • Windows 7
    • Windows Vista
    • Windows XP
    • Windows (all)
  • Other OS +
    • Linux
    • MAC OS X
    • Raspbian
    • Other OS (all)
  • MS Office +
    • Office 2013
    • Office 2010
    • Office 2007
  • Raspberry Pi
  • More +
    • Software
    • Networking
    • Hardware
    • Builds
    • Tools & Apps
    • Miscellaneous
    • Support +
      • Help
      • About
      • Sitemap
      • Contact
    • Legal +
      • Privacy
      • Terms
      • Disclaimer
      • Copyright
You are here: Home / Other OS / Android / Password Manager guide

Password Manager guide

September 1, 2014 By Richie 2 Comments

Managing your passwords is messy and complicated however, making use of a Password Manager can free you from the mess while keeping a high degree of security. If you are still using the same password for everything (like sunshine, princess, monkey or god-forbid admin) then you are putting yourself in danger of being hacked, your personal data stolen, and possible financial ruin. It is more important than ever to secure your personal and financial data, and using a Password Manager is the best way to go. There are a few important points we must address first, so let’s get started!

Choosing a good password

Ok first up, let’s make sure your passwords are safe enough to not be easily guessed or cracked by a program, because a password manager is useless if your passwords are easy to guess. You also need to have a different password for every website or service you have, period (see this guide). I realize that is probably something you don’t want to hear, but it’s the single most important thing you can do to secure yourself against hackers, why? Well let’s take the following scenario…

Say you have the same password (such as) Gmail and ShadyWebsite.net. Who’s to say that ShadyWebsite.net is trustworthy or able to keep your details (stored on their web servers) secure? Who’s to say that ShadyWebsite.net isn’t a trolling operation specifically built to steal passwords and hack accounts? Unfortunately it is all too common.

There are many other reasons to have different passwords for every website, but I hope the above reason is enough.

Now there are a few simple rules to follow when choosing a new password, which we’ll go through now…

  • A good password uses a minimum of 8 characters (12 and up to 16 characters even better)
  • A good password consists of at least one of each of the following…
    • Lower-case letters (ie. abcdefg…)
    • Upper-case letters (ie. ABCDEFG…)
    • Numbers (ie. 123456…)
    • Special characters: “~!@#$%^&*?

Alternatively you can use my Password Generator below to generate a strong password 🙂

Password storage

The next important step is the master password file that holds all your usernames and passwords and stored on a portable memory device like an encrypted USB drive, in a very safe location (same place you would keep valuables like jewellery, gold, cash etc) or if you prefer, you can have a little black book with all your passwords hand written in it, same concept, but you should never store this file on your PC, laptop, phone or tablet! You must store this file in a very safe place outside of your PC and preferably encrypted. This master file is likely the most valuable possession you have, so be sure to guard it accordingly.

Most password managers will allow you to export all your passwords to a secure, encrypted file for safe keeping which is the preferred method, but if you prefer to make your own file, here are some suggestions for text file types, text editors, storage devices and locations.

  • Types of text files/editors
    • Windows: Notepad, Wordpad, Word
    • Linux: Vim, gEdit, Nano, gVim, Eclipse, Emacs
    • MAC: TextEdit, Brackets, TextMate, TextWrangler
    • Text File Types: .txt, csv, xml, or for more obscurity try .html, .htm, .php, .js, .css, .asp
  • Types of storage devices
    • USB flash drive (usually comes with built-in encryption software)
    • Compact Flash, SD Card, MMS
    • External hard drive
    • CD/DVD/Blu-Ray optical discs
    • Notebook, pad, diary, LBB
  • Good locations to keep your master password file
    • Wall safe/safe, locked cash box, locked filing cabinet
    • Safe deposit box at bank
    • Wherever you keep your valuables (gold, cash, jewelery)
USB flash drive
Typical USB flash drive storage device
3.5 inch external hard drive
USB3.0 external hard drive 3.5 inch 500GB capacity
Safe Deposit Box at Bank
Safe Deposit Box at Bank

Now just writing a bunch of usernames and passwords without some sort of formatting can make it very hard to read (and find) a given combo, so a good format to write them in, is like…

1
2
3
4
5
----------------------------------------
    www.somesite.com
    username: <span class="bold">JimJam2014</span>
    password: <span class="bold">P$a10Jia</span>
----------------------------------------

…or if you prefer a format that is readable by password managers, you will need to read up on the different formatting of password files which is beyond the scope of this article, but just a tip, these formats are not easy to read by humans, they’re designed for machines.

Password management methods

Master password

Most password managers use a master password system, which basically means that you enter your username and password into a given website, then click a “remember password” button. You then continue this process with any other websites you have login details for (passwords are safely stored on your computer via the password manager, usually encrypted) and then enter a master password in the settings/options of your password manager.

From this point on, when you visit a website that requires your login details, all you have to do is enter your master password and the password manager will auto fill/auto-type the username and password fields for you. The advantage of this system is that if someone steals your computer, unless they know the master password, they won’t able to login to any of your websites.

Browser password managers

Mozilla Firefox is the only browser that uses a master password right out of the box with no plugins needed, one of the reasons I use it. Other browsers all have a “remember password” function that appears after you have entered your login details on a given website, but offer no protection if your computer is stolen or snooped upon, so I don’t recommend using these types of password managers (except for Firefox).

Two-Factor authentication

This is an excellent method of authentication that generally only requires a mobile phone or landline and provides very good security without any investment in extra hardware or software (like a fingerprint reader or USB drive etc). Large internet companies (ie. Google and Yahoo) usually offer this as an option.

The way it works is like this
(example is Gmail)…

  1. You login to Gmail (having previously setup 2-step verification) and presented with a page asking for a special code that Google would have sent you seconds ago when you clicked the login button
  2. You receive this code on your phone and enter it into the webpage, click submit and enter your inbox as per normal

This way, even if your password is stolen, they won’t able to login to your Gmail account unless they also have your phone. It’s not foolproof but does offer a simple, and secure way to access your accounts.

Advanced authentication options

There are also many other, more secure methods of password management and authentication as outlined below. I favor fingerprint authentication but you will obviously need a fingerprint reader to use this method. I will briefly go through these options below but the focus of this guide is on password managers which are software based and easily obtained.

Fingerprint authentication

These used to be the stuff of James Bond movies, but today you can expect to see fingerprint readers on laptops (built-in) and desktops via an external USB device you simply plugin. Once you’ve setup the fingerprint reader (which only takes a few minutes) you simply run your index finger across the reader, it reads your unique fingerprint, and Windows will automatically log you in. You can also setup the fingerprint reader for all your website usernames and passwords along with the frequency at which it will need a re-swipe of your finger (aka: Paranoia Level) and all other settings.

USB key authentication

This is no different from having a key to unlock your car, you simply insert the USB key to authenticate (usually with a password too) and you’re good to go. One of the advantages of this method is that you can encrypt your entire hard drive (the USB drive holds the encryption key) so if anyone steals your computer and tries to hack into it, they’ll be faced with a bunch of scrambled data, not your personal data.

Smart Card authentication

Smart Cards are and excellent form of authentication and can use one, two or even three factors on top of the card itself as extra security. Smart Cards are generally the realm of medium to large corporate businesses but can just as easily be implemented at the home user level with a USB Smart Card reader.

Smart Card example
Smart Card example
Laptop fingerprint reader
Laptop fingerprint reader
USB fingerprint reader
USB fingerprint reader
USB Security Dongle
USB Security Dongle

Choosing a password manager

Now taking everything I have explained so far in this guide, let’s choose a password manager that suits your personal requirements. I have made a table below that shows the features, security, cost and my rating, as well as my top picks.

Password Managers – Last Revised 2014/08/29
NAME LICENSE & COST OS SUPPORT BROWSER INTEGRATION OVERALL RATING
1Password Proprietary / $35+ Windows, OS X, iOS, Android IE, Firefox, Chrome, Safari, Opera 7/10 Good program but needs better guidance/instructions for initial setup.
Dashlane Proprietary
Free & Premium $30+
Windows, OS X, iOS, Android IE, Firefox, Chrome, Safari 8.5/10 Very comprehensive app, excellent setup guide.
F-Secure Key Proprietary
Free & Premium $2.20mo
Windows, OS X, iOS, Android No, password vault only 6.5/10 Passwords need to be added manually, good for storage only.
iVault Proprietary / $8 per year Windows, OS X, iOS, Android No, password vault only 7/10 Good security, manual password entry, cloud-based, needs better instructions.
KeePass GNU Open Source / Free Windows (ports for Linux, OS X, iOS, Android, Windows Phone) Yes via Auto-Typing 8.5/10 Excellent features, dozens of plugins, easy install and setup.
Keeper Proprietary / From $10 per year Windows, OS X, iOS, Android IE, Firefox, Chrome, Safari 8/10 Great features & excellent security with easy install instructions.
iCloud Keychain APSL / part of OS X & iOS OS X, iOS Safari 7/10 Slick interface, great for Apple users
LastPass Proprietary
Free & Premium $12 per year
Windows, Linux, OS X, iOS, Android, Blackberry, Windows Phone, Firefox OS, Surface RT IE, Firefox, Chrome, Safari, Opera 9.5/10 Excellent and easy setup, they really have thought of everything, top marks.
Mitto Proprietary / Free service Cross-Platform (All OS) IE, Firefox, Chrome, Safari 8.5/10 Very good security, easy to use, good features, comprehensive setup.
Norton Identity Safe Proprietary / Free Windows, iOS, Android IE, Firefox, Chrome, Safari 8/10 Good product, easy setup & great security.
Password Box Proprietary
Limited Free & Unlimited $2.00+
Cross-Platform (All OS) IE, Firefox, Chrome, Safari, Opera 9/10 Very impressive, easy installation, great features.
Password Genie Proprietary
$15 per year
Windows, OS X, iOS, Android IE, Firefox, Chrome, Safari 6/10 Unable to test as purchase required before download, website needs overhaul.
Password Safe Artistic License (Open Source)
Free
Windows, Linux (ports for OS X, iOS, Android, Windows Phone) All 7.5/10 Good program but really needs full browser integration.
Pleasant Password Server Proprietary
$25 per user (packages available for more users)
Any OS, iOS, Android
(server requires Windows Vista, 7, 8, Server 2008, Server 2012)
All 8/10 Very comprehensive app, good features, suitable for SME to large corps.
RoboForm Proprietary
$10 to $40
Windows, Linux, Mac OS, Android, iOS, Windows Phone All 9/10 Excellent product, easy setup, great features.
More info: Proprietary Software, Open Source Software; Chrome, IE, Firefox, Safari, Opera
If you have any questions or want me to add some software to this table, just email me anytime

In conclusion

Moving your passwords from unorganized and high-risk, to organized and security conscious using a password manager is quite a task, and I hope I have helped you in that quest. It’s far easier and much more secure to have your passwords managed by good software instead of relying on your memory or scant bits of paper.

If you have any questions you’re welcome to email me anytime.

Cheers!, Richie

  • Password Manager at Wikipedia
  • List of Password Managers at Wikipedia
  • Smart Cards at SmartCardBasics.com
  • Fingerprint Reader at Wikipedia

Filed Under: Android, Blackberry, Browsers, Chrome, Chromium, Firefox, Firewalls & Security, Hardware, Internet Explorer, iOS, Linux, MAC OS X, Miscellaneous, Networking, Opera, Other OS, Safari, Software, System Tools, Web, Windows, Windows 8 Phone, Wireless Tagged With: computer security, infosec, manage passwords, password, password generator, password manager, security

Comments

  1. Bob mccord says

    January 5, 2015 at 7:41 am

    excellent review Richie. I’ve been using RoboForm for a few years now but I’ve found that it’s getting kind of quirky so I’ve been looking for something new. I see you didn’t review McAfees entry into the password management software. What I’m looking for is a fingerprint reader that would access the password data. So is there a combination between a password manager and a fingerprint reader? Any help you could give me would be most appreciated.

    Reply
    • Richie Brereton says

      January 5, 2015 at 8:36 am

      Hi Bob, thanks for the feedback mate. There are some very good fingerprint readers out there and with a cursory search I wasn’t able to determine if any actually manage passwords per se, but you might want to check out this review site which has all the latest FPR’s and a lot of info on each: http://fingerprint-scanner-review.toptenreviews.com/.

      McAfee do offer LiveSafe which has a built in password manager, but not as a stand alone product so that’s why I left it out, but it’s is an excellent product none-the-less.

      If I do find a FPR that actually manages passwords I will post back here for you.

      Cheers!
      Richie

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Help & Support • Legal, Terms & Privacy • Contact Details • Copyright ©2006- Ricmedia • Part of the Ricmedia group of websites   Part of the Ricmedia group of websites