This is how I Manage my Passwords

So, everybody is talking about password management these days. Password management has become such a big deal in recent years because of the explosion of online services, which means people literally have hundreds of passwords. As the number of passwords has grown, the biggest limitation of this form of authentication has become very clear. The simple fact is, people are very bad at creating and managing passwords. This, VERY famous comic by xkcd explains it better than I can:

---

While fingerprint authentication is gaining ground, passwords will primarily be the main form of authentication for the foreseeable future.I think I have a pretty good system for managing passwords. My passwords are available on both my computer and my phone. They are available offline, so I don't need an internet connection to manage my passwords, and I have a system that basically works on every OS out there. So in this post, I'll show you how I manage my passwords.

ELI5 Password Managers

Password Managers are apps designed to manage passwords. Basically the idea is that you just have to remember a single master password, and the password manager stores your passwords in a file, and then encrypts that file with your master password. Popular password managers are LastPass, KeePass, and 1Password.

On the Desktop: KeeWeb

KeePass is an open source password manager. It has it's own password file format. If you ever see a file with a .kdbx extension out there in the wild, that's a KeePass password file.KeePass's is a completely open protocol and it has graphical applications for every OS out there. Additionally, thre are a LOT of third-party apps out there that use the KeePass file format.

One of those apps, is KeeWeb(available on Windows,macOS and Linux!).

What makes KeeWeb really hot, is the cloud sync

So, you can use a cloud service, or even your own server, to keep the passwords file synchronised across multiple devices. KeeWeb supports Google Drive(which is what I use), Dropbox, OneDrive, or even your own WebDav server. So you can keep your encrypted passwords file in the cloud, so it stays backed up. All decryption is done client-side. So the cloud provider never has access to the decrypted file..

Of course, this means that I also have to remember the password to that Google account. But that google account is my main account, so i have it memorised.KeeWeb also is open-source.

On My Phone: Keepass2Android

Keepass2Android is a third-party KeePass app for Android. Keepass2Android also has an option to sync the file to Google Drive. So even on my phone, I can keep the passwords updated. So, that means that I don't have to move the file from my laptop to my phone every time I change something in the file on my laptop.

Keepass2Android also has a great feature called QuickUnlock, in which, instead of putting in your long master password, you can just enter the last 5 characters to unlock and access your passwords quickly. Of course, if you are paranoid, you can turn this feature off.

Another great feature about Keepass2Android that I discovered just right now, is that you can't actually take screenshots of the app. Obviously this means people can't hack your device,remotely take screenshots, and then transfer them over the internet to get your passwords. I just wanted to take a screenshot for this post, but I guess that's not happening, lol.

So overall, the 2 things I always have to remember:

1. My KeePass master password.

2. The password to my primary google account.This is not strictly necessary, since both of the apps mentioned above keep a cached copy of the passwords file, and I also take local backups of that file. But I have that password remembered anyway.

---

Why I Love this System

1. I don't have to keep track of the passwords file, and synchronise any changes that I make on any device. So, if I add a new password to that file on my laptop, I don't have to manually transfer that file over to my phone to get the new password. It automatically gets synchronised over the cloud.But at the same time, all decryption is client-side, so Google can't see my passwords.

2. KeePass is an open-source protocol. So it's not like other systems, where if the company suddenly shuts down, you're royally screwed. The underlying protocol will always be publicly available, which means there will always be third party apps that can decrypt your passwords file(assuming you have the master password, of course)

3. Accessing my passwords on a new device is very easy. So if I get a new phone or laptop, I just have to download the relevant app, then sign in to my Google account, and I get all my passwords!

---

A Few More Tips for Password Management:

1. Never make your own passwords. Don't mess around with "dogsname+phoneno" or some other combination like that. Most password managers(this includes both the apps mentioned above) can generate strong, random character passwords for you. They'll probably be better than the passwords you make. Make it generate 12 or more-character long passwords.

2. NEVER,EVER FORGET YOUR MASTER PASSWORD.Seriously. Not even the company that makes your password manager app will help you if you lose your master password.Write the password down on paper, and store it in your locker.

3. Backup the password of your most important accounts.For things like your primary email, or your primary social media or banking website accounts, it's recommended that you keep that password in more than one place. So along with storing them in your password manager,maybe keep those passwords in written form in your locker too.

---

Thanks for reading this post.If you have any other tips for password management, drop them in the comments below! And if you love my shit, follow me!!!!

Sources

• Header Image from Pixabay

• XKCD comic

• Footer animation by @malos10