Password Safe
An issue that has become an increasing concern is the loss of data when laptops or hard drives are stolen. This is particularly of concern if the drive in question is a government computer that has lots of names, addresses, phone numbers, social security numbers, and other such.
We ourselves avoid this problem by a combination of tools. The first is using encryption with our e-mail program, The Bat! (see the January 2005 issue of ÆGIS) on our desktop and The Bat! Voyager (see the July 2006 issue of ÆGIS). Then we store all data on an encrypted virtual drive using Private Disk (see the November 2006 issue of ÆGIS). The third piece is storing passwords, for which we use Bruce Schneier’s Password Safe.
Passwords are a tricky issue. On the one hand, you should have a different password for each program or access, and it should really be random, so that it can’t be guessed or cracked using standard procedures. This is, at best, a pain in the neck (or lower), and so onerous that most people choose to either use one password (generally “god,” “password,” or someone’s name) or simply write the passwords on a Post-It which is stuck on the monitor or under the keyboard. This is a less than ideal approach.
Password Safe eliminates the need for this. This free program, downloadable at http://passwordsafe.sourceforge.net/, gives you the ability to store entries, or groups of entries, including a group name (like travel, or credit cards), a title, a user name, a password, a URL, and notes. It will automatically generate passwords for you, based on several criteria. This means you can automatically generate passwords like “mcNL9y(H2}xa]0fGWrmg<Z}t” that we don’t think can be discovered. If you have a standard user ID, it can automatically set that. This means that all you need to remember is one single strong, easy to remember but hard to guess phrase for Password Safe. Even if you recite a lot in public, most people wouldn’t guess, for example, “The sun burns sere and the rain dishevels one gaunt bleak blossom of scentless breath.”
Once you open Password Safe, you are saved a lot of effort. To enter a password on the Internet, for example, you go to the entry in Password Safe, click on the Browse to URL button, and place the cursor in the userid field. Then click on the Perform Autotype button, which will fill in the userid and password, and add a return so you are signed in. The autotype function can be customized for more complex situations.
Password Safe can be set to become inactive after a specified time, requiring re-entry of the password. This means you can’t wander off, leaving your passwords exposed to anyone who walks by.
Password Safe is available for a number of platforms, and can be installed on portable drives with no calls to drivers that would require administrative privileges. This makes it ideal for travelers, and allows backup copies to be stored on-line for download as needed.
As always, be sure to back up the encrypted database. We consider Password Safe to be a must-have program.