Keeping Your Passwords Safe and Secure

Here’s a three-part test we like to use when reviewing freeware:

* Does it work correctly, every time, without fail? (If not, go out and pay for something that does.)

* Can you download it, install it, and set it up in less time than it takes to read this review?

* Does it serve an actual business need? (If not, why bother?)
This brings us to KeePass, a nifty piece of password management freeware that scores well in all three areas.

How many passwords do you keep track of on a regular basis? Windows network logon, email, online banking, online shopping, regular Web browsing … the list seemingly never ends. And while it’s true that many sites today give you the option of storing your password for future use via the use of cookies and some browsers offer to recall and fill in passwords when you repeat a visit to a page, these helpful measures carry a certain security risk and are also highly unlikely to cover all of your password demands.

Many users are wary of such functions, and for good measure, especially in relation to sensitive information such as network access or financial transactions. Those who do use these automated features run an additional risk beyond the possibility of security breach — if the automated feature fails, will you be able to remember all the passwords?

KeePass will. An open-source „password safe,” this freeware app allows you to store all your passwords in a single database that is locked with a single user-defined key. As long as you remember that single master password, you’ll be able to unlock the database and access all passwords stored within. The KeePass databases themeselves are encrypted with the sophisticated AES and Twofish encryption algorithms.

The first question many users will have is in regards to the ease of entering and retrieving passwords in KeePass. First, simply run the application and open the self-created database file. Passwords in the file are quickly created and organized by category: network, internet, email, and so on. Passwords can then be accessed by category, or you can search the database to look for a particular password, username, site, or other text.

Users can also take advantage of KeePass’s random password generator to create new and ultra-secure passwords. The generator will accept random keystrokes and can also incorporate mouse movements into the password generation process to make the password even more difficult to crack.

KeePass’s database file can easily be moved from one computer to another, and the password lists can be exported in a number of formats, including TXT, HTML, XML, or CSV. And for those operating in the international space, KeePass can be translated into 12 languages.

But what about the three-part test?

KeePass works reliably and consistently. This is partly due to the bare-bones simplicity of the tool. It’s a lightweight application with a minimal graphic interface and few bells and whistles. It grabs no more memory than it needs to operate, and for those with a tinkering inclination, the open-source nature of the software makes it possible to peek inside at any time to ensure that all is running smoothly.

As for the installation process, it is not only quick and easy, but also potentially non-existent. That is, users have two download options. First, the traditional option: Download the .exe and set up the application from there. Alternately, one can download the binary .zip package, which contains only the main executable. This allows the application to run without the user having to go through further installation steps.

Before considering the final question, „Do you really need it?,” it is worth first considering the competitive landscape.

One alternate offering is Password Manager XP. For about $25 this application offers the same range of features, plus an interesting extra. Users can choose their own encryption algorithms, making it possible to apply several different encryption algorithms at one time. Is there such a thing as tighter than tight?

Another option is Password Saver, $30 for the personal version or $40 for the business edition. This program provides export/import features designed especially for corporate users and small- to mid-size teams, allowing users to easily and securely share passwords with co-workers. Sounds great if you need it, but, um, doesn’t sharing passwords kind of defeat the purpose?

Then there’s the popular RoboForm, a $30 app that not only manages all of your passwords but also integrates with your Web browser, automatically filling in Web logins and forms for you. It’s hard to compete against an app that streamlines and automates the password management and operation process so efficiently.

In any case, KeePass is hardly the only player on the market. On the plus side, it’s free and is open source, which advocates will say makes it probable that advances and improvements will come speedily and often.

Back to item #3: Do you need it? In this case the criteria are security and productivity. Will you be more productive if your passwords are gathered in a single, easy-to-access place? Will you feel more secure knowing that lost or forgotten passwords can always be recovered?

If so, KeePass provides an easy and elegant solution, and one that is simple to install, use, and manage.

Pros: Freeware (open source), reliable, easy to use

Cons: Lacks some functionality found in for-fee products, doesn’t offer the Web integration capabilities of an app like RoboForm