Free Password Management Tools

May 9, 2013 | Blog

In recent blog posts, I’ve written about methods you can use keep your information secure. I also wrote about the importance of keeping your passwords safe. However, I haven’t given any practical tools one can use to protect their data. Several utilities exist for such a purpose, but I’m only going to cover 3 tools you can use.

So without further ado, and in no particular order, here’s that list.

KeePass
My favorite password management tool is KeePass. KeePass is an open source program that you can freely download and that runs on your computer locally. It keeps your passwords safe by requiring a “master password” that then decrypts the file and allows you to view, add and edit your other passwords. (Note, however, that KeePass is useless if you don’t use a secure password for your master password). Once you’ve loaded the KeePass file with the correct master password, you are able to organize your passwords (as an “entry”) with a title (to help you remember which website the account belongs to) and a username. You can copy passwords with ease, so that when you go to login somewhere you don’t have to manually type the password. Note that once a password is pasted once, though, it no longer remains in memory (i.e. if you have to type the password more than once, you have to copy it again).

You can also create different groups and subgroups of entries to better organize them. In my primary KeePass file, I have a group for all accounts related to the operation of Barred Owl Web, another group for my clients’ & volunteer data, and yet another group for all of my personal accounts. KeePass allows you to add new entries with either an autogenerated (secure) password or using a password you manually type. I normally stick with the auto generated password. Keep in mind, however, that since KeePass lives locally on a computer, the data isn’t stored anywhere else. As a result, you should regularly back up your data. I keep a local computer in my house (whose hard disk is fully encrypted) that I use to store backups. You could just as easily backup your encrypted KeePass file onto a USB stick or an external hard drive. I personally don’t let any of my password backups anywhere on the internet (such as in an email or on “the cloud” somewhere).

LastPass
[Note added in 2017: A lot can change over the years, as can security. LastPass is currently my number 1 recommended Password Manager, and Barred Owl Web uses it internally. The paragraph below reflects my thoughts from when this blog post was originally published in 2013.]

Although I personally never, under any circumstances allow my passwords to be stored online (using a cloud service or email or something else, as I said earlier), LastPass is widely used and a popular option for managing your passwords. Like KeePass, LastPass is a free program that you download. The data that you enter into it, however, is (securely) uploaded (in an encrypted format) to the LastPass servers, so that you can then sync multiple computers, phones, and other devices to the same LastPass data. All encryption and decryption happens offline, though, and the decryption keys are never stored anywhere except your local devices. LastPass is a trusted option, although I personally do not use it.

TrueCrypt
[Note: At the time this blog post was published, TrueCrypt was a respected encryption utility. The project has closed, and this software is no longer considered by the original maintainers as secure.]

TrueCrypt is not necessarily a password management utility. Instead, it is a disk (or file) encryption program. It is well received in the security community, and is my favorite disk encryption program. Though it isn’t built to necessarily handle passwords, you can use it for that! Before I started using KeePass, my typical method of managing passwords was to keep them in a spreadsheet which I then stored in an encrypted TrueCrypt container. Note that encryption built into Microsoft Excel is actually weak and useless. It isn’t safe, and you shouldn’t rely on that feature to keep your Excel data safe. This is obviously not an elegant solution, and is a bit clunky. But it worked and was safe.


I hope that this information is helpful and helps you as an organization or individual better protect your user accounts. Remember: Security is a lifestyle. It is not a one-off solution that you do once and then forget about. Be safe and be secure.

To learn more about our services, visit our home page, or read about our services.

0 Comments

Why Choose Barred Owl Web?

The Barred Owl Web team is technically proficient, extremely responsive and provides a high level of customer satisfaction.  We highly recommend Barred Owl Web for web development, technical, and customer support.
– Enrique Fiallo, Director of Technology, NET Institute

Barred Owl Web is the hosting company to call first for nonprofits. Their solutions-oriented, customer – and client – focused approach to web hosting provides agencies the ability to consistently and reliably get their messages out to those who need to hear it. You can count on Barred Owl Web to be responsive to the unique needs of your agency. Barred Owl Web’s customer service is exceptional, and it is kind. Contact them and see for yourself!
Rebecca Whelchel, Executive Director, Metropolitan Ministries (MetMin)

Barred Owl Web has always been responsive to our needs as a small nonprofit. They have helped us immensely with issues like Web server security updates and PCI compliance.
Evan Donovan, Web Developer, Tech Mission

Contact Us

423.693.4234
info@barredowlweb.com

P.O. Box 21514
Chattanooga, TN 37424

9 + 1 =