I have too many passwords; I can't remember them all!

It's impossible these days to keep track of all the passwords for all the different web sites we use. More seriously: Passwords that are easy to remember are a security threat. Fortunately, there's an easy solution to the problem.

The Problem

At some point or another you will have too many web and other services that you need to access. For each service you have a password or some other security-related information that you need to keep track of.

Many sites these days will ask you for a Security Question (the answer to which you must remember,) and various other bits of personal information. If you honestly answer these questions too often you create a personal security risk - but it's impossible to remember special answers that you might invent for each different web site.

The Solution

ImageEverybody is having these same problems now. As a result, there are several free and easy-to-use software packages that have appeared on the web. In general, these programs are called Password Safes - they allow you to securely store your passwords in a file that you can unlock using a secure pass-phrase.

ImageThese programs generally provide you with the ability to collect the information you want into a small file. Then they encrypt the file to ensure that the contents remain your secret.

ImageOnce you have created your password safe file, most password safe programs provide you with the ability to organize your secrets into groups or categories. For example: you might want to store some secret information under the heading hotmail for your hotmail account. You can create a group of records called Email. Under that group, you can create a record called hotmail and put any information you like under that heading. Many of the new password safes will also generate long, highly secure and random passwords for you.

The best thing about these programs is that they often include features to allow you to copy your passwords into the clipboard. This way you don't have to type the password at all. Whenever you need it, just open your safe file, find the record you need (such as the information associated with your hotmail account,) and copy the password directly to the clipboard. Finally, you can paste the password from the clipboard into the password box that you need to fill. While this sounds like too much effort - in fact it goes very quickly because the software is usually designed to help you in small ways.

Many of the available password safe programs will operate easily from a USB key. You can often save a copy of your password file to the USB key along with a copy of the program. Then, when you need a password and are away from your computer - just insert the USB key into any nearby computer and run the program. You don't have to worry about people making copies of your files - the encryption is strong enough that it would be a big problem for them to get any useful information out without knowing your pass-phrase.

Here are links to a couple of the most popular Password Safe programs:

ImagePassword Safe

Password Safe is a super-simple utility with just enough bells and whistles to satisfy the power user. The main web site is here:

http://passwordsafe.sourceforge.net/

You can download two versions of Password Safe: one for Microsoft Windows and a separate Java version that will run on a variety of operating systems. Password Safe is one of the oldest and best known programs of its' type. It was originally written by Bruce Schnier. Many of the other programs available now are able to read the files produced by Password Safe.

ImageKee Pass

Kee Pass is a somewhat more sophisticated program than Password Safe. It has a more polished appearance and comes with a few bells and whistles that are nice to have. Related projects, such as Kee Pass X for X Windows on Linux computers, allow you to work with your Kee Pass secrets on various operating systems. Kee Pass can be found here:

http://www.keepass.info/