Four Password Managers To Wrangle Those Pesky Passwords

By Scott Nesbitt - August 30, 2009

Passwords. They're a blessing and a curse, aren't they? In today's digital world, we all seem to have passwords for … well, for everything. And a lot of passwords. pull quoteFor online banking, Web mail, e-commerce sites, our favorite Web applications, and more.

As many of us have learned, though, it can be hard to remember all of those passwords. If you forget a password, the kinds of sites mentioned in the last paragraph can either send you a password or reset it. But that's takes a bit of time and just adds to the confusion.

While you can write down your passwords in a paper notebook (remember those?) or in a file on your external hard drive, what happens if you lose the notebook or delete the file? Or if someone else gets hold of them? The situation will end in tears.

Instead of relying on your memory or more traditional ways of storing passwords, why not turn to a password manager?

Enter the password manager

A password manager is a piece of software that, obviously, lets you securely store and organize your various passwords. The software is usually designed for a desktop computer or a notebook computers, but password managers are also available for smartphones. The BlackBerry, for example, comes with one called Password Keeper.

The principle behind the password manager is simple. It stores your login information in an encrypted database or in a file hidden somewhere on your external hard drive. You enter your information using a simple form. This information can include:

  • The name of the Web site or service with which the password is associated
  • A user name
  • The password (of course)

 

Optionally, there might be space for entering a URL and a note.

Whenever you need a password, you just dip into the password manager and pull it out. Some applications, like Apple's Keychain Access, enable you to log into a Web site using a single password.

The obvious advantage to using this kind of software is convenience – you don't need to try to remember multiple user names and passwords, or worry about confusing them. They're all in one secure place. But what's out there? Let's take a look at a few.

Universal Password Manager

Universal Password Manager

This is an interesting one. Universal Password Manager is an Open Source application that runs on Linux, Windows, and Mac OS. You'll need Java installed on your computer to run this application, but the three operating systems on which it runs usually have Java installed already.

To get set up, you create a database for your passwords. From there, you can add your passwords to the database using a simple form.

Universal Password Manager has a nifty feature that lets you copy a user name or a password from an entry in the database, without having to double click on the entry. This is useful when you remember one or the other (it happens!).

The database is encrypted with a scheme called AES (Advanced Encryption Standard). It's not the strongest encryption but it works. While you can create multiple databases – for example, one for our desktop computer and one for your cheap netbook – Universal Password Manager is Web enabled. You can save a database to a Web server and point the application there. No matter what computer you’re using, you can always access your password store.

KeePass Password Safe

KeePass is sort of like a supercharged version of Universal Password Manager, though only for Windows. It comes in two versions. The Classic version, which has more than just basics features, and the Pro version, which needs Microsoft's .NET to run. You can compare the features of the two versions here.

Remember what I said about KeePass being Windows only? That's not quite true. The Classic version also runs in Linux under Wine, although the toolbar buttons go AWOL. And the developer says that the Pro version will run under any operating system, like Linux or Mac OS, that supports Mono (an Open Source version of .NET).

KeePass Password Safe

KeePass stores all of its information in a database that's encrypted with AES (told you it was like Universal Password Manager). You can have multiple databases, and add multiple groups to a database. Groups enable you to collect similar Web sites, applications, services in separate folders -- one, say, for Web applications, one for e-commerce sites, and another for banking information. This makes it easier to manage your passwords.

You can also tell KeePass to protect certain fields of the database -- like password or user name -- while the application is running. While you're using a database, or before you save it, this keeps the information safe from other applications, like trojans, that may try to read your computer's memory. What really sets KeePass apart from other password managers is its collection of plugins. There are plugins for importing passwords from other applications, managing databases, integrating KeePass with other software, and more.

GNOME Password Manager

If you're running Linux with the GNOME desktop, you've got a password manager already installed. Called GPass, you can find it under Applications > Accessories. It's a simple application but one that gets the job done.

To use it, you click the Add button on the toolbar. From there, enter whatever information you need. At the very least, you should specify a name to identify the information, a user name, and a password. Click OK and you're done. It's that simple.

GNOME Password Manager

Passwords are stored in a file, encrypted with the Blowfish encryption scheme, somewhere on your computer. I'll be darned if I can find that file ...

GPass lacks a lot of frills. But one useful feature that it shares with Universal Password Manager is the ability to copy user IDs and passwords by right clicking on an entry – you don't need to open it. GPass also has a decent search feature, which is useful if you have a lot of passwords.

Passpack

Passpack is a Web-based password manager. It's said to be quite secure. The login procedure itself is in three steps: enter your user name and password, then click a security image, then enter a passphrase.

Once you're in, it's easy to use. As with desktop password managers, Passpack has a form for entering a user name, a password, and a link to a Web site (if necessary). On top of that, Passpack shows you the strength of the password while you're typing it. I can't vouch for the accuracy of this. If you enter the entire alphabet and numbers from 0 to 9, the password will be considered fairly strong.

Passpack also has some useful tools. You can import and export password files to and from another password manager. There's an Adobe AIR application that lets you access your passwords from your desktop. On top of that, Passpack supports a feature that lets you specify sites to which you can login with a single click.

Passpack

A few words of advice

If you're using an online password manager like PassPack, it's probably best not to add passwords for online banking, credit cards, or services like PayPal to it. The application might be secure, but you can never be 100% confident. The convenience could wind up costing you.

If your password manager has a feature that automatically generates password, don't use it. A good password is random. These applications generate passwords that aren't truly random. Instead, they're what's call pseudo random. You get a complex password, but there are tools available that can detect a pattern in the password and break it. It may not happen to you, but you never can tell.

And never, ever forget the password to get into your password manager. That seems like simple advice, but far too often people have let that password slip their minds. It's embarrassing, and I'm speaking from experience.

Conclusion

Wrangling your many and varied passwords isn't an art. It can be tough, but with the good password manager the job is a lot easier. You don't have to worry about potentially fallible human memory, and you'll eliminate the chaos that all of your passwords are causing you.