Blog: Using a Password Safe (2012-10-11)

I'm probably kind-of a crypto nerd, but with regular reports about stolen passwords (a quick search turned up for instance the security breach at LinkedIn which I still remember reading about in the news when it happened) and the increasing interest in tracking user behaviour (which is not the subject of this post) this may not seem that paranoid anymore. Thus I personally use a password safe: This is a piece of software which stores a list of passwords for all my accounts on my computer, and protects it with encryption. Thus I only have to remember a single password (corresponding to the decryption key), which then gives me access to all the "real" passwords used on the web and elsewhere. There are of course free software password safes available, one of the commonly used ones being KeePass, which is available for all major platforms—note however that I personally use my own version built from scripts and GnuPG, so I can't really speak out for any of the existing ones. (As I'm in favour of free software and open access to knowledge in general, I'll gladly provide my scripts if anyone is interested—just contact me.)

Everyone knows that passwords "should" be strong enough (not easy to guess and not too short), not reused between accounts and regularly changed, but it is also clear that all those guidelines don't make it easy to manage ones passwords when followed. Thus, most people disregard them. A good compromise, instead of simply using a weak password for all the accounts, is thus a password safe (which is also advocated by the EFF).

Of course, this again introduces a single point of failure, since you also shouldn't write down your passwords (which using a password safe effectively is). However, I still believe this is not really a valid concern. First of all, by using encryption and a master password, all the data is still protected by a password which is (ideally) only in the user's mind. Since this password is never used anywhere "online", it doesn't need to be changed that often, and as it is only a single one, it is easier to remember one strong password than multiple weak ones. Secondly, in order to try breaking this password and gain access to the stored ones, an attacker has to steal the storage file first, which usually means breaking into the victim's computer—which is at least more difficult than trying common passwords online against a web service, or brute-forcing passwords from a long list of stolen hashes. Also, since most websites allow to reset your password with an email sent to your address, access to one's email account is already such a single point of failure in a lot of cases!

Thus, in my opinion, I can recommend using a password safe so that one can easily use strong (randomly generated) passwords, used only once per account, and regularly changed. As a side effect, I like that for changing the passwords regularly, I have to log into all of my accounts from time to time—that way, I also don't forget about some of those I do not need everyday. Just (as usual), don't forget to make a backup of the password storage if you don't want to loose access to all your accounts—for instance, on an old memory stick whose capacity is already low compared to modern ones.