Password Managers. What is a Password Manager?. A tool that stores logon names, passwords, PINs other items related to Web and program logons. This data is stored in an encrypted file and is accessed with a "master" password.
A tool that stores logon names, passwords, PINs other items related to Web and program logons.
This data is stored in an encrypted file and is accessed with a "master" password.
Program and database can be portable – some can be run from a USB flash disk or CD.
Create an encrypted database file to hold the logons and passwords.
Accept entry of logons/passwords for each web page or program for which you need a logon.
Allow either manual or automated retrieval of logon data.
Logon data can be "auto-typed" into the entry boxes on a web page.
Desk top – installs on hard drive, database on hard drive.
Portable – resides on smart phone, tablet, PDA or flash drive.
Web based – database is stored on the providers server on the web.
Integrated – web browsers that contain the capability of gathering, storing and retrieving logons and passwords.
Open Internet Explorer.
Open the Internet Options screen.
Select the Content tab.
In the AutoComplete section, click the Settings button.
Check the boxes for "User names and passwords on forms" and "Ask me before saving passwords".
Whenever you enter the same user name on the same web page, the password will automatically be entered into the password box.
If the password is auto-filled into the box and you change it, you will be prompted to save the new one or not.
These passwords are saved in the windows registry files and are NOT SECURE.
Click open the FireFox menu, upper left.
Click Options, right column.
Click on Tools from the menu bar.
Click on Options.
Select Security tab.
Check "Remember passwords for sites".
Check "Use a master password".
Enter a master password for the file (twice), click OK.
When you open a web page that requires a logon and password:
If you have previously saved these, they will automatically be entered into the appropriate fields, and you will be logged on.
If you have not previous saved these, you will be prompted to do so. You will be required to enter the "master password" you entered when you created the database file.
To change your master password, click on the "Change Master Password..." button.
Enter the current password.
Enter the new password (twice).
If, while adding a password, you selected "Never Remember Password for This Site", that site will be listed when you click "Exceptions..." button.
You can remove these from that list.
To disable saving of passwords, in Firefox, navigate to the Options/Security screen as before.
"Remove All" from both the Exceptions... and Saved Passwords... screens.
Uncheck "Remember passwords for sites". You will not be asked to save passwords again.
Examples of recommended free password managers:
LastPass LastPass Corp. https://lastpass.com/
LockCrypt open source http://www.lockcrypt.com/
1Password AgileBits https://agilebits.com/
Password Safe open source http://passwordsafe.sourceforge.net/
KeePass open source http://keepass.info/
Some references on how to choose safe passwords:
Add UPPER CASE, numbers, special characters
Character replacement – Leet (for elite):
The following table shows possible substitution characters that “look” like the letters they are to replace. Any, or none, of these can be used, but it's probably better to be consistent with which characters you use.
Those in red in the table are more obvious.
Create an account and enter a master password.
This password is not transmitted to the LastPass web site, it is used to encrypt the transmissions to/from LastPass. LastPass DOES NOT KNOW YOUR PASSWORD. You must keep it.
LastPass looks for saved passwords on your system and allows you to select (or de-select) them for inclusion in the encryption.
LastPass puts an icon on your browser showing if you are logged on or not.LastPass
If you are logged on, when you enter a logon/password to a web page, LastPass will prompt you to save it or not.
If you have saved the logon/password, whenever you open that page again, the logon name and password will be filled in.
You may elect to have LastPass "auto-logon" whenever you go to that page.
Import/export from/to other password managers.LastPass
To install KeePass:
Open the web page: http://keepass.info/download.html
To install on your Windows machine:
Click on the first link on the right column (KeePass 2.nn (Installer EXE for Windows)).
Download and install program.
To load the stand alone version that can be run from a USB flash drive or CD:
Click on the second link on right column (Portable KeePass 2.nn (ZIP Package)).
Download and unZIP files to appropriate location.
Run KeePass for the first time:
Click OK on the "...file could not be found" message.
Blank KeePass screen comes up.
Name and locate new KeePass database file.
Enter Master password (twice).
Master Key: (cont.)
Check Key file.
Click "Create" button:
Name/locate key file. Same name and location as KeePass database file (that's the default).
Left pane – move cursor around box until bits = 256.
Right pane – fill with random characters.
DON'T use Windows user account.
Let's accept the defaults for now.
Select Edit/Add Entry...
Title – your name for the web site.
User name –logon user name or email.
Password – password you will use.
Enter the existing password for the logon or use:
Password generator to create a new one:
Add entries: (cont.)
URL – copy URL of web page that has logon.
Note – additional info: questions/answers, PINs.
To use KeePass:
Drag and Drop process:
Select an entry.
Double click on URL field in that entry – web site will open.
Drag User Name and Password to appropriate boxes.
Press <Enter>or click the logon button.
If there are additional prompts/questions, find their answers in the Notes section of the KeePass item.
Auto type process:
Select an entry:
Double click on URL field in that entry – web site will open.
This should fill the logon name and password fields and enter a <Enter>.
If it does not auto-fill:
Check to see that the cursor is positioned on the Logon name If not, put it there.
Check that words in the Title are contained inthe URL.
Check to see that there are any other fields/pages involved in the logon process of that site. If so, try to build auto-type sequence that will work.
Move to new location – portable installation only:
Move or copy all the files in the KeePass directory to the new location.
You can keep the two databases synchronized by using:
File / Synchronize... / Synchronize with file... and selecting the destination file to synchronize to. That is, data in the currently open file will be copied to and overwrite data in the destination file.
Synchronization will allow you to run your primary KeePass database on your computer and have a portable copy on a flash drive to which you synchronize periodically.
Regularly backup the database and key files:
xxx.kdbx (or possibly xxx.kbd for older versions).
xxx.key (if you have created a key file when entering the master password).
By default these will be located:
For installed version of KeePass:
For portable (not-installed) versions:
In the same directory where KeePass was unZipped.