Password Security

SOME WAYS TO KEEP YOUR SENSITIVE INFORMATION SECURE

Review by Peren Bjork

During the question and answer session at the February general meeting there was a discussion about passwords and keeping them safe. I came to the realization that my own current password setup wasn’t as secure as I’d like it to be. First of all, since my memory is so wretched, almost all of my passwords were the same. On top of that, because a few passwords were different and my logins were more varied, I had them printed out on sheet of paper on my desk right next to my computer. I might as well have put them on a Stickie on my desktop. Paranoia finally pushed me over the edge, so I began looking into different options for storing passwords, and other sensitive data, securely.

Keychain was the first, obvious choice. It works well with Safari for web logins and requires a master password to get into it. There is even a secure notes component that allows you to keep other sensitive information such as credit card or serial number information behind Keychain’s lock and key. Well, I use Firefox and for some reason I’ve always been uncomfortable with Keychain. Furthermore, as one online article I read pointed out, if someone gets into my computer the first place they’ll probably head is to Keychain. So I went in search of an alternative.

One solution would be to put the information in a spreadsheet or database file and then encrypt that file with a program such as Puzzle Palace, $15 shareware. What I was looking for was a little more robust stand-alone program. A quick search of VersionTracker for “password” dealt me my first obstacle. There were six pages of results. The short list I came up with was generally based in the criteria of user ratings in VersionTracker’s feedback, how recently and how often the app has been updated, and cost. Users had good things to say about programs like Data Guardian, an app that evolved from an older app called Password Retriever,$19.95 from Koingo Software; Password Wallet, $20 from Selznick Scientific Software; and Steel, $9 by Gabriele de Simone. Another nice freeware/ donationware option I tried out was Pastor by Markus Mehlau.

Different people have different types of security needs, as well as different ways they like to access their information. The apps listed above have polished interfaces and allow you to store not only login information but also serial numbers, credit card info and bank account info, among others. Steel even has a pre-defined category for paint colors, to store information about which paint formula you have used in which room of your house. Why this warrants encryption is beyond me, but to each his own. Each program uses strong encryption, most commonly a 448-bit “military grade” type called Blowfish, which locks your file down pretty tight when it’s closed. Some use different encryption; Pastor uses something called RC-4 and another called Safe Sphere lets you choose between 5 different types.

I started with Pastor, mainly because it was free, but settled on Password Wallet because it had more features and just seemed to work more the way I wanted it to. What most of these programs let you do is store your login information and allow you to copy the information with one click to your clipboard so you can paste it into the login field of a website, program or whatever. Many of them have preferences that will purge the clipboard contents after a specified time so sensitive information isn’t laying around for someone to pick up. Password Wallet has a few features that made it my choice. First, when it generates random passwords, which all of these programs do, it doesn’t just give you one password, it gives you a list of about 30 passwords of varying length to choose from. Second, the auto type function is an incredible time-saver. Password Wallet will either visit a URL in the browser of your choice and auto type your login and password so you don’t have to, or just auto type into the login fields of a different program such as First Class or the iTunes Music Store. Password Wallet also has more options in terms of sorting and organizing data by category.

All in all, I feel much more secure with my logins now. All of my passwords are different. They are random alphanumeric so they are very hard to guess. I can auto type them to log in wherever without having to remember, or even see my password which leads to a troubling downside. I have no idea what any of my passwords are, save the one I need to get into the Password Wallet file, which is the idea I guess, but you know, what if I get hit by a bus or something. Well, most of these programs allow for exporting the data to a text file that can be dumped into a spreadsheet or imported into a different password management program. Password Wallet even has the option to export to a file formatted for your iPod. This leaves the information unscrambled and out in the open which kind of defeats the purpose, but the point is you can, and I have, make a printout of the info and put it in a safe deposit box to access in case of an emergency. Also, in the case of the iPod file, if you’re on the road without your computer you can take the passwords you need with you on your iPod to log in at the library or your mother-in-law’s computer if you need to.

It sure feels a lot more secure than having all my logins on a Stickie note.

Peren Bjork is a stay-at-home dad and occasional freelance graphic artist. Oh yeah, he’s also PMUG’s president.