Every information security professional will tell you to use different passwords for every site. This is because if one site gets compromised and your password is cracked then the attacker can log into every site you use. The biggest complaint consumers have with using different passwords is remembering them all; now you don’t have to. Reading 59 Open Source Tools That Can Replace Popular Comercial Software, they suggest three Password Management solutions. Only one of these suggestions will work across different platforms (operating systems). If you are unfamiliar with password management please review the basics of password management. We will be discussing the desktop solution. I am not focusing on hosted/web solutions like LastPass as I do not trust a single site with all my passwords however here is a great write up by Steve Gibson as to why you should trust LastPass.

This post will focus on using a password management system across multiple operating systems: Windows, Mac OS X, and Linux. I will be using KeePassX for password management and DropBox for syncing across multiple devices. If you only use Windows you can use KeePass or Password Safe with DropBox, the process is similar.

First, create a DropBox account (free for 2GB), and install the application on your computers. They have support for Windows, Mac OS X, Linux, and smart phones.  Make sure to note where you placed the DropBox folder. Inside the DropBox folder, create another folder and call it “Safe” or whatever you want for your password file.

Next download KeePassX for the operating system being used. Extract the directory to your Applications directory. On Windows this is most likely C:\Program Files\KeePassX. Open KeePassX and select File-New. You will be creating the new database file. You can select to use a master password and/or a key file. I suggest always using a master password that is a very complex password (or phrase) that you do not use ANYWHERE else. Retype the password when prompted. Now before adding anything to the file, select Save. Choose the folder within the DropBox folder you created.

The basic setup is complete, now repeat the step on all your systems. Ensure you can open the KeePassX file on all your systems. You can only write to the file on one system at a time, so if you try to open the file that is already open it will prompt you to open as read only.

Once all your systems have Dropbox and KeePassX installed you are ready to start filling the database. Take this time to change your passwords on all your sites and ensuring you are using unique passwords on each web site.

Till next time,
Jorge Orchilles