Password Safes

Password safes are programs that store your passwords. In general they’re a good idea because:

• You have less reason to reuse passwords (having a unique password for every site is much safer)
• You can use more complicated passwords without risk of forgetting them
• If you forget a password you rarely use you can easily retrieve it
• In a business it’s easier to share passwords and control who has access to what (especially in IT departments)

Below are some examples of good password safes:

• Bruce Schneier’s Password Safe
• KeePass Password Safe

And this is an example of something that looks good but still isn’t a good idea:

• PasswordSafe.com

If you use a hosted service like this you’d be giving your passwords away to another organisation. They promise not to look at them. How comfortable would you be trusting someone you haven’t met to hold the password to your online banking?

This comes from their own web site and it should give you an idea (it’s in their FAQ page):

While we take every security precaution, we do not recomnmend storing sensitive information such as bank account passwords.

In summary:

• It’s ok to store your passwords on your own PC
• It’s not ok to let some other person or company store them for you
• Ideally if you store the passwords on your PC you should:

• Use a good password safe that encrypts them, like the ones above
• Use a good anti virus package to ensure you don’t have spyware on your PC
• Keep your PC in a safe place, like in your home or in a locked office
• Keep backups (in case your PC dies) and store the backups in a safe place
• Don’t do this on a shared computer, including some office computers

Side Note: The 3rd of May was the 30th anniversary of spam.