No one is supposed to use passwords in more than one place, but even techs that should know better sometimes break this rule. Is password management software a good solution?


Confession time.

Hi. My name is Will, and I reuse passwords.

I know, I know. I’m breaking one of the first tenets of data security. Using each password in only one place limits one’s exposure if that password ever falls into malicious hands. Not reusing passwords is one of the most basic ways to protect one’s data. I should know better. I do know better.

And yet…I reuse some of them anyway.

Frankly, I have no good excuse for doing so, other than the fact that, like most humans, I am sometimes lazy, and reusing passwords makes life easier. I try to be smart about this dumb thing I do, though. The passwords to the mission-critical systems I use at work are unique and complex. My personal financial accounts and e-mail accounts are also protected by individual passwords that aren’t used anywhere else.

Where my laziness overcame my good sense was in setting up my accounts on systems that are less critical. There are a few Web services that I’ve signed up for that don’t have any personal information attached to my account on their systems. Frankly, I don’t think I’m putting my safety at risk by using the same password to comment on two different technology blogs.

But rules are rules. I feel like I try should practice what I preach. That’s what people call credibility, right?

So in hopes of turning over a new leaf, I’m investigating setting up some password management software for my personal use. If I find something that works well during my tests, I’ll probably recommend it to some of my users as well. A few have inquired after my recommendations on this topic already.

Right now, I’m looking at getting started with KeePassX. This application is open source and cross-platform (two of my favorite things). I also like that it’s portable; I could carry my password file and the KeePassX binaries on a USB key and have my saved passwords accessible on all the computers I need to interact with.

If you use password management software, which package do you like? Maybe you’ve decided that such programs aren’t a good idea. Either way, I’d like to hear your thoughts in the comments.