Saturday, February 04, 2006

How To Safely Store And Manage Passwords Part II

Sometimes I'm slow but I'll usually figure it out. Back in August 2004, I wrote about my search for a program to run from a USB key to store my passwords and automatically type them in. At that time, I looked at KeePass and KeyPass. KeePass is open source and KeyPass is free for up to 10 userid/password combinations.

I played with KeyPass some and it worked fine but I was still limited to 10 userid/password combinations and there was that problem with autorun on a USB key.

I had found the Hagiwara USB key that lies to Windows Plug-N-Play and presents 2 drives - a CD-ROM (there's the autorun) and a normal USB drive.

Since the autorun drive was a CD-ROM I couldn't just put the KeyPass program on that drive and it be able to write to it's database so the search continued.

In some of my surfing last week, I came across KeePass again. This time the authors had really improved it. Now it too, like KeyPass, will automatically type the userid/passwords and it supports way more than 10 userid/password combinations.

Now there was just that nagging problem of being able to write to the database. I posted my dilemma on the KeyPass forums and got a response back from one of the developers in less than 2 hours. Awesome! He wrote a small batch file that will run as part of the autorun.inf and search for the keepass.exe on other drives. When it is found, it starts it. Simple.

So, all that works great. I can just plug the Hagiwara USB drive into any Windows PC. It will autorun, start KeePass, ask me for my master password, and minimize to the system tray. Then when I need a userid/password entered, I just press CTRL and / and off it goes.

Unlike KeyPass, KeePass doesn't automatically backup the database but there's a plug-in available that does so I'm using that.

Now all that's left is to let KeePass start building me strong passwords and switch my habits to depending on KeePass. I'm still not that brave.

No comments: