Keepass + Dropbox = Simple, Accessible, and Secure

20
Jun 2011

Keepass + Dropbox = Simple, Accessible, and Secure

comment icon5 comment(s) |

The Problem.

You might think you have too many, but in this day an age you can never have too many passwords. The problem most of us face is managing the credentials for each of the online services we sign up for. It has become more and more common for the average person to simply use the same username and password for many, if not all, of their online accounts. If that's you, please read this entire post. Your financial and social reputation could depend on it. I say that because in the past couple weeks, anonymous groups of hackers have been exploiting websites with poor security practices. They then collect things like usernames and passwords, and share them in huge lists with anyone that has internet access. Your username and password could be in one of such lists from a leak that happened last week. You can find out using the simple form on this page: http://gizmodo.com/5812545/find-out-if-your-passwords-were-leaked-by-lulzsec-right-here.

Let me ask you this. Do you have an online banking account or PayPal? What about facebook and twitter? Do you have 1-click checkout turned on in your Amazon account? Now think about the usernames and passwords you use for those sites. How many other sites do you use the exact same username and password combination? Do you value those other sites as much as your bank account information, your social networks, or any other private/personal information? Then why would you use the same username and password to protect things that have completely different value? It really does not make sense, but sometimes we sacrifice security for simplicity. No one wants to have to remember 20 different passwords, and I'm not suggesting that you memorize 20 unique passwords. I'd like to offer a suggestion that has simplicity, accessibility, and security.

A Simple Solution.

Use a password management software. I would suggest Keepass. It's free, easy to manage, and it's my password manager of choice. With Keepass you can organize and store all your usernames and passwords in one password protected, encrypted file. That encrypted file is protected with a master password which gives you access to your database of passwords. So one password to access all the rest of your passwords. Make sure you pick a secure master password!

An Accessible Solution.

Some would argue against password managers because of accessibility. A person may want to keep track of passwords at work as well as home, and be able to access those passwords from any location. You can put your keepass file on any storage device such as a thumb drive, external hard drive, or even your smart phone. I've gone one step further with making my Keepass file accessible. I use Dropbox which is a free online storage service that can effortlessly sync and backup 2gb of data between your computers and smart phones. Dropbox transfers and stores data securely, so you can feel safe putting a file like this in one of your private Dropbox folders. You could also use the mobile Dropbox and Keepass apps to securely access your passwords from your iPhone, Android, or Blackberry device.

Secure Passwords

If I've convinced you to use a password manager, perhaps I can convince you to start using secure passwords as well. Keepass has a great feature for generating complex, unique passwords of any length. Passwords like "3ef#4f!@" are much harder to crack than passwords like "baconman". The annoying part is coming up with a secure password that you can remember. But now that you are using a password manager you can make your passwords as long and complex as you like. Keepass' password generation works great for this. Another one I recommend is this website: https://www.grc.com/passwords.htm. You don't have to generate a crazy secure password for every account you setup. If it's a junk site that you don't really care about, go ahead and use one junk account that you don't really care about. Just use common sense. If the website is going to be holding financial or private personal information, always generate a secure password. If it's just a dumb forum or site that required you to sign up so you could access one piece of information, use your junk account.

Simple. Accessible. Secure.

It's a secure and simple solution, but it requires changes in habit. Be proactive and share these concepts with others. You don't want to be reacting to your Amazon.com account getting compromised and having some joker send you or your grandmother a box of condoms with your own money.

Comments

June 21, 2011

dmurray

Thanks

Tim....I don't remember any of my passwords....somehow my fingers do. Thanks for this.

DGM885

June 23, 2011

Daniel

Dropbox + KeePass

I've been using this method myself, but with one more level of security.

I protect the KeePass DB with a long password (unique), but also use an encryption key which is stored only on the PCs on which I use KeePass. If you were really paranoid, you could instead store the key on a USB drive and plug it in every time.

October 25, 2012

kerry livermore

Dropbox

Thanks, i like the idea of using keepass and dropbox and have now joined.

October 25, 2012

trhymer

Secure with Key

Great, make sure you secure it with a key file as mentioned in the comment above.

January 8, 2013

mschuemie

How?

This already an old post, but I would like to get this working. I have Dropbox and KeePass (V2) installed on my BlackBerry, and have created a .kdbx file in a Dropbox folder. I have no clue how to point KeePass to this file. Help?

Search