I finally spent some time the other day setting up two-factor authentication on all the account I have which have the option. I feel that I’ve always had quite a good password strategy, and so far haven’t had any serious issues with people getting into any of my accounts. I say serious here, as I don’t know if it has happened somewhere, but I’ve never had anything noticeable happen, such as money disappearing.
Firstly though, I want to go over my password strategy before today, it still remains the same, but with two-factor authentication, I need to remember to always have my phone by my side, and hopefully with signal, which where I live with EE is awful.
I, like many others, started off by having the same password for everything, or slight differences, like a different number at the end of each password. I never got broken into, but it was bound to happen sooner or later, so I went on a hunt for a better way.
What came about was KeePass, an open source, easy to use password manager. There are loads out there like 1Password, LastPass and RoboForm. They all offer great features, yet KeePass took my interest the most, mainly due to it being free and open source.
With the addition of DropBox I could install KeePass on each of my computers and devices and access all my passwords from anywhere.
Not only did this mean that I don’t have to actually remember any passwords, but it has made them much more secure, as I randomly generate all of them and make sure they are as long and complication as the website I’m signing up for allows (why do some website still only want between 6-8 characters is beyond me – although this looks into it a bit).
The ability on any website to ctrl-alt-a to autofill and auto-login seems to save time, although it doesn’t work on some websites, which I think is more down to how I have saved some passwords more than anything.
For sites I sign-up to randomly which I don’t think I’ll use again, but need a password, I tend to use the trick of making up a sentence and then using the first letter from each word in that sentence and finally adding some numbers to the end of it. With this method I have a strong password (according to most site password strength meters) and one which never leaves me head.
Two websites which I still use a password I can remember are Steam and PayPal, I’m not sure why, I’ve just never felt the need to change them. They are easy to remember passwords for me which are about 26 characters long, so quite strong.
Installing and starting to use KeePass isn’t a complicated matter, but I would like to go over it.
First of all you need to download the version you would like to use. For most I recommend going straight for the 2.x version, which is a much more advanced version. Although in the grand scheme of things I hardly use any of the features, it is nice to have them there, and with the ability to use version 2.x as a portable piece of software, it allows the extra convenience of taking it with you on a PenDrive, or sticking the whole program on DropBox, allowing you to access your passwords from anywhere.
Once you have downloaded the version you would like, start the installation and go through the necessary steps. You shouldn’t have to change anything during this installation process, there aren’t any sneaky other programs it tries to install, and if you aren’t using the portable version, then where it installs is fine.
This is where you need to take a bit of time and concentrate.
The next step is to create a database to store your passwords in. This is quite simple, just click on File -> New Database and locate the place you would like to store the passwords. This is where I would select a cloud service, so you can access it on the go on your phone. You may want to keep it on a portable drive to do the same thing, or a safe place on your computer if you don’t quite trust cloud services yet!
Once the location and name has been chosen – although in the example I have chosen the file name ‘passwords’ I’m inclined to so have it as something less obvious, just in case someone is snooping around your computer at any point – you need to create a Master Key. This is used to encrypt the database and stop intruders in their tracks.
There are a couple of options here;
I tend to just go for a Master Password. Obviously there is the issue of if someone found this password, then they are straight in, but with either of the other options selected, I feel I would easily lose access to my passwords.
Once you have a really strong password written in and remembered, you can select continue. Don’t write this one down, unless you really have to, and if you do have to, write it in a code you know somewhere, such as the sentence example I used above. Think of a story, write it in a word document and save that on your computer, then use some sort of code from that story to remember your password.
For Example. – Mrs Turner went to the gym every wednesday to make sure that she was ready for the swimming meet on Thursdays.
Looks complicated, but remembering that initial sentence becomes very easy.
A dialog comes up next with Database Settings, these can be kept as default for the most part. If you do feel like giving the database a name and a description, go ahead, but for most users I would imagine that only one database is required, so why do you need to explain it?
Next is to add all your passwords. The default database comes with some folders, but right clicking can delete these, add your own or just edit the pre-existing.
Within a folder, to add a password you must right click and go on ‘Add Entry’. This will popup a dialog which is quite simple to follow. Add the title of the website you want to save a password for, the username and password and then the URL. In notes I tend to put the email I used (if it isn’t the username) and any two-factor authentication codes which I may have.
On the password box the small icon to the right is a password generator. When you add an entry a password is automatically generated, but this icon allows you to choose some others options, for example how long the password should be and what characters should be used. Useful for when you have those annoying websites which insist on your weird characters, even if you password is very strong!
After you’ve added some passwords and got the hang of that I recommend going into Tools -> Options and making sure you are happy with the options selected, such as what the X button does and how long KeePass will stay open before automatically locking again. Depending on how you use your computer, the time will need to change.
You also have the option to have KeePass always open when the computer is unlocked. This is a good route to go down on your own private computer, I don’t have it like that only due to being so used to using shared computers.
Apart from that, everything is pretty straightforward. Unlock the program when you need it, add passwords and ctrl-alt-a when you want to autofill on a website.
Tt makes passwords easy, no worrying about poor passwords or when an account gets hacked, you don’t need to worry about the same thing happening to the rest of your accounts.
The only issue I have is that the Android app is good, but not fantastic, and it meant when logging into everything on a new phone, it took a while, but I think the advantages it brings makes the time setting it up worth it.
if you have any questions, please use the comments section, or contact me.
Have a project idea? Feel free to contact me and find out how we can work together.