Should You Use Password Management Software? Yes. But Which One?
When I tell our clients about the incredibly large number of passwords that I use on a daily basis in the course of my work, they are always flabbergasted, befuddled, and flopshpungled. I made that last word up, but I think you know what I mean.
It is Rocket Lift’s policy to use a unique randomly generated password for each and every one of our logins, both for our internal systems and for client accounts. That means we have hundreds of passwords, each full of the kind of random gobbledygook that only a computer could love.
Inevitably they ask how I keep track of them all, and I tell them about our password management software. We use and recommend KeePassX, but there are more than a few other systems out there—1Password, Dashlane, LastPass, etc.
The basics of password management software
Password management software is a secure database for passwords and all the associated data you need to use them, like usernames, login URL’s, security questions and more. The idea is that the database is a vault, openable by a single password—the only password you’ll need to remember. They also include a random password generator help you pick secure passwords.
The password management software available differs in some important ways—some sync across multiple devices or platforms, some auto-complete online logins through browser extensions, some are open source, some are not.
When it comes to security, simple is good
We recommend KeePassX because it’s simple. We don’t mean just that it’s simple to use. KeePass is as simple to use as other password managers, but more importantly, we mean that the code itself is simple.
This is a good thing because there are no mysterious “black boxes” that we have to trust but can’t verify with the open source community. KeePass creates a single file stored on your local computer, keeps your passwords safe behind the locked door, and that’s pretty much it. It doesn’t sync across multiple devices, nor does it auto-complete your passwords through a browser extension. We’re happy to trade the extra features for the peace of mind that comes with a simple tool that performs its intended task well.
However, syncing across several devices is a helpful feature, and we’ve chosen to use Bit Torrent Sync to do this for us instead. (You can read more about my personal struggles with this tool, and my eventual pheonix-like rise from the ashes of digital buffoonery.) This helps us to cut down on the possible points of failure by using seperate tools for the seperate functions of password management and syncing. We’ve created different KeePass databases for different sets of credentials so we can share the passwords we need without compromising the security of our clients data.
Learn more about password management software
This review from Tim Ferrill of infoworld.com was a great resource that we’ll forward to clients who want to keep their data more secure.
Its definitely a Long Read, but we feel the in-depth review of the concept in general, and of each software in particular, will answer a lot of questions about which password manager will work for you and your business. However, the article focuses more on features than on the details of safety and security and the tradeoffs inherent to the various software choices. That’s why we wanted to add our thoughts on this issue. We Rocketeers have a soft spot for the nitty gritty details of security. (And here’s another post to prove it.)
No matter which option you choose, using any reputable password management software is a big improvement over using ABC123 for all your passwords, right? Right.
Be safe out there!