We recently updated our
Terms and Conditions for TechRepublic Premium.
By clicking continue, you agree to these updated terms.
Invalid email/username and password combination supplied.
An email has been sent to you with instructions on how to reset your password.
Welcome to TechRepublic!
Username must be unique. Password must be a minimum of 6 characters and have any 3 of the 4 items: a number (0 through 9), a special character (such as !, $, #, %), an uppercase character (A through Z) or a lowercase (a through z) character (no spaces).
Put all of your ids and passwords into a text file. Don’t name it password.txt. Put it in a password protected zip file. Don’t name it password.zip. Make sure its in a directory with other zip files. Hide in plain sight.
If you are afraid of “back doors”, you can look at the source code. (I haven’t found any.) If you find a vunerability, you can (and SHOULD) post it to the group so it gets fixed.
PasswordSafe uses the Blowfish encryption algorithm developed by Dr. Bruce Schneier. It is a relatively fast and resilient algorithm.
PasswordSafe was originally developed by Schneier and his colleagues at CounterPane Labs. They released the source code as Open Source and turned development over to a volunteer group at SourceForge so that (A) enhancements could be continued, and (B) security vetting could be made public. To my knowledge, no one on the volunteer group is employed with CounterPane.
PasswordSafe is, to me, the LEAST SPOOKY of any password repository, both because of Open Source and due to its history. I store HUNDREDS of passwords in it. And (although I strive to maintain strict access control to my repository files), I would not be particularly worried if, for example, an attacker were to find a floppy with one of my repositories on it. It would take FAR more effort to crack it than it is worth.
If you decide you don’t like (or don’t trust) PasswordSafe, try something else. The basic idea is a sound one…
* you should have a UNIQUE password or passphrase for EVERY system or website;
* it is easier to keep ONE (or a few) encrypted files secured than it is a whole system (such as your workstation);
* a secure password management facility such as PasswordSafe helps out because each of those passwords can be LONG and (cryptographically) RANDOM;
* let the password management software also manage: keeping the clipboard securely clear of passwords, keeping passwords from being stored in the swap file, etc.