Last week we talked about how to create a good password (or p1a2s3s4weobrady) and I mentioned that there are some programs out there that can help you manage all of your passwords.

For those of you who took my advice and are using Firefox (available on Windows, OSX and Linux) you may have noticed that there is a built-in password manager. It is even able to lock people out of your passwords if they don’t have the master password, but I’ve run into some glitches with it and it doesn’t help if you have to use InternetExplorer or Opera or the new browser that Google recently released.

KeePass

My suggestion, and the program that I use to manage all of my passwords is a program called KeePass. KeePass is available for just about anything you’re running – Windows, OSX, Linux, BlackBerry & PalmOS; you’re also able to put it on a USB thumb drive and take it with you to make sure you don’t run into a situation where you’re away from your computer and don’t have your bank password.

The creators describe the program this way:

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known…

I’ll describe it this way – it can make passwords, it can keep passwords, it can fill in password forms for you, it can let you take your passwords with you and it makes them easy and secure to copy and paste from the program itself. Also, the program doesn’t get all grabby, it lets you export all of your passwords and usernames to a file if you want to use a different program instead and it will import them from Firefox.

There are a full list of features here.

Using It

After you download and install it using your normal processes, you can get right to it. Let’s start with setting up your database and then we’ll talk through the options and more powerful uses.

First click the New Database button, or go to File -> New (or hit Ctrl-N for you shortcut fiends).

You’ll get this awesome little box up, you start by creating your password for the database. You can use a relatively simple one, but remember this database will have all of your passwords in it. I’d suggest using the techniques we talked about last week.

As you start typing it in, you will notice that it blocks it out (so people can’t read your password over your sholder. You can click the button on the right and see your password characters.

Also, the colored bar indicates the quality of your password and how complex it is (and how hard it will be to hack/guess it).

Good. Great. Secure.

Crap. Garbage. Poo.

Also, you have the option of tying it to a second file on your system. The added security feature is based on the fact that you hide this file in a random spot so that someone can’t just easily steal  your database and make off with your “life”. I would reccomend using this if you use this portably. I don’t use this feature, but I can see why you would. You can also use by placing the Key file on a portable drive so that it only works when you have that specific drive connected to the computer.

This is what the side of your main screen will look like now. As you see they expect that the KeePass application will be useful in a number of settings and for different reasons. Currently, I only use it for my internet passwords, but I am starting to input passwords for FTP servers and my home b anking program.

Now to create your first password file, hit this button (or Ctrl-Y).

You’ll get this window:

You’ll get an image like this. I have inserted the information for the example Johnny.Crusade@gmail.com account. Click on it to see what the data will look like. Make sure you read the Help file for more info on how to do this! (Hit F1.)

When you get your info entered, your database will show some of the filled in info like this image above.

Also, it provides security so that when you are walking away from your computer you can lock your database at the press of a button. (Or two Ctrl-L.)

As you set up things more, make sure you look at the options (Tools-> Options or Ctrl-M).

You don’t need to change much of anything if you don’t have specific preferences for what you want your user experience to look like. The only one that I would say that you NEED to change is the “Security” tab, make sure you check the one that says “Lock workspace when locking Windows, switching user or sleeping.” The other security feature of locking it after a few seconds is nice too.

I would suggest you look at this image and check the highlighted boxes (leave the dull ones alone):

Let me just say before I sign off, keeping your passwords secure is essential for your safety and security online – get to know this program and make sure you (and no one else) knows your password.

I’d also suggest taking the advice I shared in April about how to learn any program – and by that I mean: read the tutorials in the help menu – you can get to it by hitting F1.

Now, remember stay secure and don’t just let anyone near your passwords.

Last summer my email & eBay accounts were hacked. I don’t know who hacked into it, how they did it, or why they were inquiring into purchasing industrial water tanks on eBay. I had used the same 2 passwords for all of my online accounts for more than 10 years – one for personal stuff, one for work stuff. Let me just say – that is a bad idea, when someone gets one of your passwords they have all of them (or, in my case half of them).

When I was finally able to get back into my account I immediately changed all of my passwords on every online account I have. And, I changed them all to something different than every other one.

I know what you’re thinking – perhaps the water tanks were for a giant hot tub. You may be right, I’ve thought of that too, but that’s not what is important here. The question you should be asking is, “How do you remember a different password for every site?”

Creating a Password

Following the tips that I found at another tech-blog Lifehacker, I was able to create a password that is different from each other, but I can remember based on the site that I’m using it for.

I’d suggest reading Lifehacker’s full article, but here are the two basic tips:

1. Don’t use the same password for everything.
2. Remember hundreds of passwords by using 1 rule-set.
3. Use a base password and add onto it.

I used all of these tips to create my new password – obviously I had learned the danger of having one password for all of my sites. An example of using these rules can look like this:

Say your old password is “password” or “1234″ (always the worst passwords), first let’s improve it by putting the letters together with some numbers (or the other way around). You could use the digits in your phone number, your childhood address, your dad’s belt size, whatever. In our case we end up with:

password1234

You could improve it from here and scramble it creating something like this:

p1a2s3s4word

You’re still using your favorite number and your old password and you can remember it pretty easily. But, this would still leave you with using the same password on every site. The simple way to fix this is by somehow incorporating the name for the site into your password. You can add just the first letter, or the last few letters or whatever you choose (I had thought about using the first word on the page, but that can change far too easily).

So, if our imaginary password was going to be used at eBay, it could turn into any one of the following:

p1a2s3s4worde
ep1a2s3s4word
p1a2s3s4wordbay
ayp1a2s3s4word
ebp1a2s3s4worday

You could even scramble the word with the password and get the easy-to-remember monstrosity of:

p1a2s3s4weobrady

Variables

Some sites, like our email system, require you to also scramble in capital letters (which I just learned can also be called majuscules) while others may enforce adding special characters:

!@#$%^&*?><:”;’[],.+=_-♠♣♥™↑‡

All you need to do is make a rule for what you’re going to do when that’s the case and turn it into something like:

P1a2s3s4wordE!

Now, the only thing you need to remember is which site requires which… though you could use the special characters for all of your sites as well.

Password Managers

No, I will not suggest that you hire someone just to remember your passwords for you. These are programs that will keep them secure (behind a password of its own). Some of them can even auto-type the username and password in when you tell them to. Next week I’ll talk about one of those programs and I’ll show how useful (and secure) they can be.