CorvettePower.COM
6Nov/06

Password Security – Solution

Thank you everyone for your input on my Password Security question. For history, here is what I requested from everyone.

The original request

I can no longer handle all the passwords I must keep in my head. I'm tired of going to my 3rd banking web site, and figuring out I've entered the password for my first bank into it, 3 times and now I'm locked out of my bank, and have to reset my password... again, which makes the problem even worse, since I can't repeat passwords.

I know that I can use Firefox to store my password for web sites, but this is insecure, as a couple clicks of the buttons in preferences, and it will display in clear text all my passwords. , and IE has an API to extract your passwords. I should note that both IE and Firefox do not store your files in the clear, and there is some level of security protecting these passwords... but I will never use those solutions ever again, and will be disabling it on all my computers.

What I want is a web browser centric password vault, that will not only save my website passwords for me, but also allow me to use it to autopopulate password fields upon request or automatically. I also have a Pocket PC Phone that I need to sync to as well.

Features

  1. Web Browser password filling (Firefox, and IE)
  2. Keep multiple computers in sync. (Laptop, Work, Home)
  3. Sync to the Pocket PC

The Winning Solution

RoboForm + FolderShare = TJ's Password happiness

The Long Answer

I initially started looking at KeePass, as its Open Source, runs on alot of platforms, is Free, and has alot of utilities that go with it. Sadly the Firefox requirement ruled out KeePass as my password vault, as it only has an IE pluggin. I started looking through the Firefox Add-Ons for password plugins, and found RoboForm has a really good plugin for Firefox.

In addition RoboForm keeps each of the passwords in individually encrypted files. This helps with the 2nd issue all of these solutions fall into... how do I keep my house and work, and laptop all in sync. Since RoboForm uses individual files, it makes it really easy to use sync products to keep everything upto date, with "last edit wins". For this I used a solution called FolderShare, which utilizes encrypted p2p technology to keep computers and folders you specify in sync. This has additional benefits outside of this project, but works great as I put the installer in the share, and have it sync right to the "My Documents" folder and the installer picks up the profiles and everything upon install. You do have to periodically tell RoboForm to refresh its folder list, so it sees the new files. This features is built right in and is easy, I was worried I would have to restart the client.

In addition to passwords, I am also able to create encrypted notes, that are synced to the computers. For this I have put in super useful things, like what size trashbags I need at home, what razor blades, and a list of what perscription drugs I take and their dosages.

I currently have 3 computers and one pocket pc (Moto Q) syncing right now.

Oh yeah, FolderShare has a mac client to, incase your one of those people caught up in the hype. :o)

 

Feedback from everyone...

Brian

KeePass + FolderShare

Doug

I use SplashId by SplashData. I have a local copy on my computer and it syncs up to my phone. It is customizable, and works well. As far as I know, it is not web based. I can update phone and it updates computer and vice-versa. Using the phone to enter data is trickier since keyboard limits etc.

Mike

I have a phone repository, but it's Palm.

Ted

I use eWallet from Ilium Software. I’ve been using it on Palm and Windows Mobile devices for years. It won’t help with populating web forms, but it’s AES encrypted and convenient since I always have my Smartphone on me.

BARD

The Password Vault – PPC (not sure about my Q though) and Desktop, 128bit encryption, access MDB files.

Password Vault – FREE, windows only, DES encryption:

Acerose Password Vault – SH-1 encryption, flat file, no DB, backup to network, no pocket PC, FREE.

Lava Software PasswordVault – 3 editions, auto import/export to web shares (I like that, but only on pro and have to buy 5 licenses at $50 each!)

Data Vis Passwords Plus – desktop and pocket PC.

KeePass Password Safe: open source, windows, no install needed, Pocket PC version.

KeePass is looking good, however the PPC version is not getting much attention – though it looks like it had some action in August.

   

Sig of the Week

Butters go buy World of Warcraft, install it on your computer, and join the online sensation before we all murder you.

Previous Posts

Blogroll