Password Safes

rusty key lost in sand Password safes are programs that store your passwords. In general they’re a good idea because:

  • You have less reason to reuse passwords (having a unique password for every site is much safer)
  • You can use more complicated passwords without risk of forgetting them
  • If you forget a password you rarely use you can easily retrieve it
  • In a business it’s easier to share passwords and control who has access to what (especially in IT departments)

Below are some examples of good password safes:

And this is an example of something that looks good but still isn’t a good idea:

If you use a hosted service like this you’d be giving your passwords away to another organisation. They promise not to look at them. How comfortable would you be trusting someone you haven’t met to hold the password to your online banking?

This comes from their own web site and it should give you an idea (it’s in their FAQ page):

While we take every security precaution, we do not recomnmend storing sensitive information such as bank account passwords.

In summary:

  • It’s ok to store your passwords on your own PC
  • It’s not ok to let some other person or company store them for you
  • Ideally if you store the passwords on your PC you should:
  • Use a good password safe that encrypts them, like the ones above
  • Use a good anti virus package to ensure you don’t have spyware on your PC
  • Keep your PC in a safe place, like in your home or in a locked office
  • Keep backups (in case your PC dies) and store the backups in a safe place
  • Don’t do this on a shared computer, including some office computers

Side Note: The 3rd of May was the 30th anniversary of spam.

One thought on “Password Safes”

  1. >>It’s not ok to give a person or a company your passwords to store them for you<< but this is only true if they can read your passwords.

    I work for PassPack, which is an online password manager that uses technology called host-proof hosting:

    It encrypts your data on your browser itself, making it possible for only the user to read the info in his/her account. Not even PassPack can read it.


Leave a Reply

Your email address will not be published. Required fields are marked *