Password Management with KeePass
Guest Blogger Paul Kenny shares his enthusiasm for the password manager called KeePass:
We all know the importance of network and data security. No matter what industry we work in, whether it be medical, financial, retail or other, we maintain data that is sensitive and must be protected. This became most apparent to me when I moved into the financial industry.
On my first day I received entry codes and keys, registered my fingerprint scanner for easier access to my desktop, and received a pile of about a dozen logins and passwords. By the end of my first week I had accumulated more than 40 different passwords that I needed to remember. Some allowed access to internal servers, others allowed me to gain access to various financial websites—which also required a physical device such as an RSA token or an encrypted Flash drive or a…well you get the idea. My head was spinning by the end of the week! How was I going to remember all of these logins and passwords? How did anyone else here remember their logins and passwords?
It turned out that the most important tool used to remember all of these security measures (and ensure they didn’t become sticky notes on the computer monitor) was a simple, free and easy to use piece of software called KeePass. (There are other similar password managers or password safes available, but we’ll examine KeePass in this article.) KeePass like other password managers helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key (password) or a key file. So you only have to remember one single master password.
KeePass offers some unique and useful features in addition to storing passwords. For example, if you wanted to store your home or business banking account you can store your login and password as well as the URL to the website. After opening KeePass with your master password you can click on the URL link which will open your browser to your banks login page. Then you can can copy/paste your username and password into the login page…and you’re connected.
Keepass, like other Password Managers, encrypts the password database so that all data is secure, not just the passwords. KeePass addresses other security concerns, for example after 15 seconds the login and password are automatically deleted from the clipboard which prevents someone else, a fellow employee or the kids at home from accessing the computer later on and pasting the password back into the website through the browser history.
This Password Manager has become a vital piece of our internal security measures for our financial institution, in fact it is now a requirement because it offers employees a safe and secure way to store their dozens of passwords without being tempted to write them down and leave them on their desks or keep them on their person where such sensitive information could be easily compromised. In a business environment, it’s recommended that employees store their unique and encrypted database files on a file server rather then on their local hard drives. If their computer itself is compromised or suffers from a hard drive failure the data is safely maintained. It also becomes very useful in cases where employees must be moved to a disaster recovery site where they may be setup on a redundant system. The KeePass application can be quickly installed and their database can be accessed through a server or restored through backups.
So, with all of the various and expensive methods that are used to require users to enter logins and passwords and other physical security devices, those methods are only as safe as the security of the logins and passwords themselves. Encrypted password managers like KeePass add that additional layer of security to your business. It’s simple and free. Why would any business not want that?
Want to learn more about how to set up a comprehensive security plan for your company? Watch this 15 minute webinar with Fandotech’s “Security Guru,” Dan Kaupp.
KeePass is good. I’ve tried several password managers like KeePass, LastPass,and 1Password. I still use RoboForm though I think its the best one and worth the money I pay for it.
I agree with Morgan, I still use RoboForm as well and with the RoboForm Everywhere license released last year I can use it with my phone, iPad and laptop as well as home computer which is great. Their phone support is incredibly helpful, something not offered by KeePass or any other password manager on the market. I have also never had an issue with security.
Both KeePass and RoboForm are great. We were using KeePass, but eventually found we needed the ability to give restricted access to data, and KeePass couldn’t do that. Sure, it is multi-user, but it’s an all-or-nothing affair when it comes to access.
So because we’re a software developer, we customized KeePass and developed a Password Server that works hand in hand with KeePass… called the Pleasant Password Server. If anyone is interested, you can download the demo and give it a test drive. Would love to get all feedback… peggy at pleasantsolutions.com
I too have heard great things about RoboForm. It was something that offered more then we needed in the case of our office mainly because we don’t allow most users to access secure sites from multiple devices, but for many it may be the perfect solution. Peggy, I’m intrigued with your product! I can see it being useful within the members of the IT department for shared administrator passwords. I may check out the demo and see how it works. Thanks for the contribution!
Thanks for your interest Paul. Please do have a look at Pleasant Password Serve, and if you have any questions whatsoever, send them my way.