KeePass for password management

Fri, 30 Sep 2011

I have a simple password policy: every account gets its own password. To manage this I store them in a password manager.

When switching to Windows one of the most painful things was replacing that password manager for which I had used the Mac Keychain. It’s a password storage, secured with either the login or a separate password. It integrates extremely well into the system. Apple even ships pre-installed Subversion clients and SSH agents that store their passwords in the Keychain. And for non-integrated applications, getting a password out is relatively easy using a simple keyboard shortcut. That is topped off with secure notes for credit card information and similar.

Since Windows XP Microsoft now ships a Credential Manager. But when comparing it to the Mac Keychain it fares very poorly. It doesn’t have a flexible way to enter your own passwords, doesn’t have a search, nor an option to manually get access to a password again and — worst of all — no program except the Windows Explorer and VPN software seem to integrate with it. Not even Internet Explorer. So I looked for a good password manager on Windows. I’m still not comfortable with cloud-based password managers such as Passpack or LastPass (which might actually have had a security breach a few months ago).

I ended up with KeePass, an open source software for storing passwords and other sensitive information.

Using it is very simple. When creating a password I enter a title and the username I chose on the site. Then I copy out the password that was automatically generated and paste it into the web site signup form.

For accounts that have some sensitive data in it I set an expiry date, usually one year in the future. When opening KeePass it shows a list with all expired entries so I can go and change those passwords.

When it comes to logging in on that web site again, I use the Auto-Type feature. So I navigate to the web site and press the global hot key (defaulting to Ctrl+Alt+A). This will find the right user name and password and enter it in the currently active window. If I have multiple accounts on a site as often happens for business vs. private accounts, KeePass presents me with a small prompt to ask me for which account I’d like to use. Auto-Type can also be heavily customized to work for web sites that don’t have a typical username and password login form.

On the iPhone I have access to the same password database using MiniKeePass.

So overall I’m pretty happy with KeePass. But there are some web sites where the default Auto-Type doesn’t work well. One culprit is Google. For the initial login they ask for the username and password. Then a few days later — for security reasons — they ask for just the password. But in those cases quickly searching for the password in KeePass and copying it using a keyboard shortcut works well enough.

Switching to Windows

Tue, 06 Sep 2011

A few months ago I switched from Mac to Windows. The reason was work. At Memonic we develop a consumer application which should work well for non-geeks and average consumers. But a while ago I noticed that at our office every single one of us was either on Mac or Linux. While you can test Windows apps well enough using VMWare that just didn’t happen in practive — not least because of the heavy memory tax of running Mac and Windows side to side.

So I decided to switch to Windows full time. Not only that, I vowed to make Internet Explorer my main browser. That of course means that my IQ is below average (or not).

The switch wasn’t nearly as painful as I had expected. Here’s a list of tools I need to make it worth the while.

  • TotalCommander — TotalCommander is a magical file browser. It’s the very first thing I installed and the app I missed most on Mac and Linux.
  • Launchy — An application and document launcher like Mac’s Quicksilver. I’m not 100% happy with Launchy and from time to time look at alternatives.
  • Vim — Finding a good TextMate replacement wasn’t easy. With most editors I tried it came down to project support that just wasn’t to my style. If I remember correctly that’s also why I ditched E. But with Vim and the Project plugin I’m happy for for now. The individual vimprojects files are index by Launchy so I can easily open a project.
  • PuTTY — Every server I use is set up as a bookmark and indexed by Launchy.
  • Console — A proper console for Windows. Using Tabs you can run Windows’ own shell, Cygwin bash or the Powershell. I even have tabs for various Python versions and for a tail command I use often.
  • VirtualBox — For those times I need an old Windows version or want to try something on Linux I use VirtualBox.

If there is any important app that I should be checking out, please tell me.