As a professional freelance writer, I do a lot of reviews and write-ups of various software for an array of clients. Sometimes, when I’m doing an evaluation and white paper project for a company, they’ll provide me with a copy of the software. Usually, it is a fully functioning demo from the vendor. Other times, I’ll get a website that I can log into to download the software with a temporary username and password. Lately, a lot of software comes in demo versions direct from the source, whether it’s a web-based application or a fully installed disk-based application. In order to get these demos, you often have to register for the site. This is especially true for web-based apps.
For a long time, I had an email account that I only used for registering for these kinds of sites. I used one or two different passwords that I had created for them as well. This is pretty dangerous, because if someone were to get a hold of my username and password, that combo would work in dozens of places. The reason I never really worried about it was that the email doesn’t tie back to me, and those aren’t any of the “real” passwords I use. Then, one day, I logged into an application that I use on a regular basis, and is very much connected to me and my business as well as full of private information. The application asked me to change my password. No problem. Except, I had to input my old password in order to complete the change. I tried the usual “real” passwords and their variants to no avail. Finally, I dug through old emails and articles until I found my registration. And there, staring me in the face was the username and password combination of one of my most frequently used “temporary” identities. I about soiled my pants. I changed the password as quickly as I could, then exported all the data to my PC, deleted the account and re-setup an account using a real username and password. All of this time, I had been using an easily compromised password on a very important web application! Stupid, stupid, stupid.
In the fast paced world we live in, everyone either has trouble keeping track of their usernames and passwords, or they use the same ones again and again. This is no way to run a railroad. So, I hit the Internet in search of the solution.The answer is a small, free, utility called KeePass. Before we get into how KeePass works, let’s talk about why use KeePass. First, it is Open Source. Yes, that means it is free, but more importantly it means that anyone who wants can examine the source code. That means that you don’t have to trust the author of the program. It can be verified that it is safe, non-virus, non-sneaky, software that does what it says it does.Second, KeePass is small. Without the help file and uninstall files, it takes up less than 750KB on the hard drive (plus your database file - mine is just 4.9KB). Process Explorer shows KeePass taking up less than 4MB of RAM when running in the tray. This is important because if you are going to regularly use a password tool, then you are going to want to run it all of the time. I use no less than 3 utilities plus manual scans of ini files, services, and more to make sure nothing and I mean nothing runs at startup except for essential programs and services. KeePass has an honored spot on this list.
How It Works
The great thing about KeePass is that the database that stores your passwords is completely encrypted, so you don’t have to worry about the file. That means you can put it on a USB drive. Since the program itself is so small and doesn’t write anywhere except its own .ini file, you can put your passwords on a key drive and have them with you all the time. Even better, I use synchronization software to make sure that the database is always up to date on my home PC, my laptop, and any computer that I use at a client’s location. (Sure they can see the file and have access to it…so what? It’s encrypted!)
KeePass has tons of options, but I only use the basics. I log in with a master password and then I’m in business. Don’t want to type passwords? No problem, you can copy username to the clipboard or the password, and paste it from there. KeePass will go out in a few seconds and delete it so you don’t have to worry about it sitting out there. Even better, double clicking can fill in both for you. And yes, you can even setup shortcuts. For added security, you can set it to ask you for your master password again either every time, or on an interval. I set mine to ask me every time when I’m at a client site, and never after the first time when I’m at home.
Now, you’re thinking, great, I can save passwords, but I still have to think of them. Nope, KeePass will randomly generate passwords for you using whatever length and character set you want. You don’t even have to know what the password is, so it might well be impossible to crack.
If you need extra functionality or even tighter integration with your software, it has plug-ins that you can use as well.
Recommendation (5 out of 5)
5 stars out of 5 stars