Password management with KeyPass

Password management sounds really dull, and to be honest it is; right up until you have a password disaster or security breach!  In the recent past people had just a few passwords perhaps an email password and maybe one or two online shop passwords and their account password.  Most people can remember four or five different passwords, especially if they use them regularly during the week.

The problem comes when you require more and more passwords for online services.  This can lead to slipping into bad password habits.

Bad password habits

1.    Password re-use.
2.    Short passwords.
3.    Dictionary passwords.
4.    Never changing passwords.
5.    Storing passwords in an insecure manner.

Password disaster scenarios

Friend posts as you on Facebook after reading passwords.txt on your laptop
Hopefully not such a big deal as you gave them your laptop to use, but it could have been worse if someone who wasn’t your friend found the file, like password hunting malware…

Home Wi-Fi compromised after short dictionary password brute forced
Having a weak Wi-Fi password can open your connection up to all sorts of misuse, all in your name!  Routers generally don’t block incorrect attempts to register a new client so make good targets for huge dictionary attacks…

Site hacked, password stolen and email account wiped using same password
News stories about big sites such as ABC Australia, Sony PS3 network, LinkedIn, eHarmony, Yahoo and Gawker getting hacked is worrying regular.  If you use the same password across all sites then once your account at one site is compromised then ALL your online accounts are compromised, it’s just a matter of when they are accessed.  Plus given the attackers will have your email address what’s the first thing they are going to try?  If you only do one thing, please, change your email password to be something unique.

KeePass offers a solution

KeePass is a digital password safe, it’s not the only one of its kind but it is free and open source.  Open source is good because it’s open for public scrutiny of the code and the implementation of security features and does not follow the danger of security via obscurity.

Securely storing your passwords inside KeePass you can overcome bad password habits.

1.    Unique passwords for every site / service.
2.    Longer passwords with higher entropy.
3.    Non dictionary passwords (You don’t need to remember them).
4.    Expiring passwords requiring you to change them.
5.    Stored inside a secure container with 2 step authentication.

Securing KeePass with multi factor authentication

Given that KeePass now holds the details to your digital life online I recommend using its multi factor authentication methods similar to Google’s 2-step verification.
Your options for securing your KeePass vault are a mix of:

  • A Master Password. (Hopefully the only one you really need to remember!)
  • A Key file.
  • A Windows User account.

Personally I would recommend using both a Master Password and a Key file.  Make sure you use a strong master password that is of a suitable length and choose a suitable key file that contains lots of random data.  Details on the choices can be found on the KeePass site here:

By separating your Key file on a USB flash drive from the KeePass database file you create an additional action that an attacker must achieve to gain access to your passwords.  Given that you will keep your USB flash drive containing the Key file offline, in a safe environment, it is extremely unlikely that an attacker online could guess / re-create or otherwise obtain your Key file AND guess your password.

Multi factor authentication does require an additional step from you to access your passwords but adds massive increases the difficulty for attackers.  Here is a diagram explaining how best to employ multi factor authentication easily for day-to-day life.

KeePass multi factor authentication

Backing up your KeePass Password and Key

Now you have created a valuable KeePass resource to assist you with better password practices you need to keep a backup of both the KeePass database and the keys you use to access it.

  • KeePass database file – Keep an up to date copy in SkyDrive / Google Drive and as part of your larger backup set.
  • Master Password – Record it somewhere safe offline, if you really must.
  • Key file – Use another, separate, USB flash drive, or as part of an encrypted backup.

Never, ever store your ‘Key’ file in the same location as your KeePass database file!  This effectively nullifies the security benefit of having multi factor authentication

Good password management is the start of better security

Right now go download KeePass, setup your Key file and Master Password then next time you log into a service change your password and store the details in KeePass.  Before long you’ll have updated all your passwords and be much more secure online as a result.

Take a minute to explore the other features of KeePass like password generation, set expiry dates for passwords to remind you to change them and make regular backups of your KeePass file; you can even sync to your backup KeePass file via the App.

Posted in Security | Leave a comment

64GB SDXC SD Card in a Dell e6510 for Windows 8 File History

Technical summary: Yes, SDXC SD Cards work in the Dell Latitude E6xxx laptops.

I’ve been using Windows 8 for a good few months now and I really like it. There is one feature I really missed when looking over the OS details and that was previous versions.

Previous Versions used a snapshot technology taken from the Server line of Microsoft operating systems. It worked by regularly taking a snapshot of the files and their state so if you accidently deleted one or incorrectly edited it you could get it back. The best part was it was transparent and worked seamlessly behind the scenes, it was also very easy to use and worked well for non-technical users too.

Windows 8 evolution of Previous Versions is called File History, and it works very well. It’s only niggle for a laptop user is that it requires a separate disk to store the snapshotted information (Although this addresses the negative point of Previous Versions that if your main disk died, you couldn’t use that technology to recover files, they were gone! Requiring File History to use a different disk to your operating system makes it a more robust tool in your backup regime)

A feature of nearly every laptop I’ve owned or used that has been overlooked by me has been the SD Card slot. This is probably because until recently SD Cards were small in size (less than 32GB) and expensive in terms of price per GB, especially compared to USB flash drives. Thankfully this has changed with SD Card technology moving on from SDHC for cards 4GB -> 32GB to SDXC for cards up to 2TB!

So, why not use a large (64GB+) SD Card as my Windows 8 File History drive in my laptop? It seemed to offer great benefits: dedicated drive, large space for my working files, easy to implement and easy to transfer to a different machine if my laptop died. The only negative concern was compatibility.

My current laptop is a Dell Latitude E6510 and nowhere could I find reports of people using a 64GB SDXC card in the machines built in card reader. In the end I took a chance and ordered a 64GB SanDisk Ultra SDXC UHS-I Card.

I’m pleased to say it works very well and offers me a good deal of historical versioning from the Windows 8 File History feature.

Windows8 File History Restore Dialogue

I would presume that newer models like the e6520 and e6530 with SD Card readers will also support the larger SDXC cards.

Posted in Backups, Hardware, Microsoft, Windows | 1 Comment