Password managers

“If you’re not using a password manager, you should be.” You’ve heard the refrain, and you’re probably tired of hearing it. But we won’t stop saying it until people get the message.

Rule #1 in online security is “Don’t re-use passwords for multiple web sites and services.” Rule #2 is “Use long, complex passwords.” Following those two rules means you have to remember multiple, long, complex passwords. This is not something humans are particularly good at, which is why we need password management software.

I use Password Corral, free Windows software from Cygnus Productions. It’s not limited to storing passwords, so you can use it for bank accounts, license information, and so on. It can generate strong passwords according to customizable rules. It won’t fill in web forms for you, and it can’t be accessed on the cloud, but I don’t actually want either of those features.

I also recommend Bruce Schneier’s Password Safe.

When deciding on a password management solution, there are several factors to consider. There’s a useful comparison of password management tools (PDF) over at the SANS InfoSec Reading Room. It doesn’t include Password Corral or Password Safe, preferring to concentrate on the more mainstream and popular services, but it’s worth reading.

About jrivett

Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.