How to Manage Your Passwords
Many people use a different password for different online resources. This is good practice, but you may struggle with the best and safest way to keep track of your passwords.
Storing your passwords in a regular text document on your computer is unsafe. It places them at risk of being harvested in a compromise or attack situation. If your machine is stolen, remotely compromised, or you visit a malicious Web site or open a malicious e-mail attachment, you could unknowingly be giving away passwords for all of the other systems that you access, including financial systems, work systems and consumer sites. Passwords that are written down are safe from online threats, but can easily be lost or stolen.
This document shows you how to use a free online tool called “Password Safe” to securely manage all of your passwords online and improve the strength of your passwords in the process.
Step 1: Install Password Safe
To install Password Safe:
- Go to http://passwordsafe.sourceforge.net.
- Click the Secure your passwords now! link to download the software.
Note: The next two steps may not happen depending on your version of Internet Explorer (IE) and how it is configured. There may also be some time delay between steps.
- You may get a dialog informing you about the Information Bar. If so, click Close.
- If IE is configured to prompt before downloading files, click the Information Bar and select Download File to allow the download to proceed:
- Run the installation program from the Internet rather than saving it. Click Run.
- You may be presented with another Internet Explorer-Security Warning since the program is not signed. If so, click Run:
- During the installation program, select all the default options:
- Page 1: Read and Accept the license agreement.
- Page 2: Click Next to select the “Regular” installation.
- Page 3: Click Next to select the default components to install.
- Page 3: Click Install to accept the default install location.
- Click Close.
Step 2: Create a Password Database
To create the password database:
- After the installation is complete, launch Password Safe from your desktop by double-clicking the icon.
- Click Create new database to hold your passwords.
- To protect your password database, type a password in the Safe Combination text box. Password Safe refers to this initial password as a “Safe Combination.” It must be a strong password (mixed case, include numbers and letters) or pass-phrase (ex. Rudolph is my favorite reindeer) and it is the one password you must remember since it is the key to all of your other passwords.
- Type the password again in the Verify text box and click OK.
Step 3: Add Passwords to the Database
After supplying a Safe Combination (password) for the initial password database, begin adding the passwords for all the different systems you access.
- From the Edit menu, select Add Entry, or click the Add New Entry button from the Password Safe tool bar.
- Fill in the account fields:
Choose a name for the database. The default location is My Documents. To launch Password Safe, double-click the Password Safe icon on your desktop and use your password.
- You can organize passwords into any type of Group that you want. In the example above, the passwords have been categorized into “Work” passwords and “Personal” passwords. Nested groups are supported.
- Type a Title. It’s typically the name of a system, application or environment for which the password is being recorded. In the example above, the user has stored passwords for Amazon.com, a Human Subject Database, a Voice Mail Web site, etc.
- The Username is not required, but if it is entered, it appears in brackets next to the “Title” on the main window. In the example above, the username for Amazon.com is “kirk.”
- You can type in the Password or have Password Safe randomly generate a strong password for you. While these randomly generated passwords would normally be difficult to remember, Password Safe can, in many cases, easily recall them. In fact, you may never even need to know what the password is for a given system.
- The URL field allows you to specify a Web site that you can later jump to from the Password Safe main window.
- Click OK to save.
Step 4: Retrieve Stored Passwords
There are several options for retrieving passwords from a Password Safe database. You can:
- Copy and Paste a password from the Password Safe database into a logon screen.
- Visually display a password in the Password Safe database so that you can manually type it.
- Use Autotype to “playback” a Username and password into an appropriately formatted site.
Options A and B are demonstrated below.
Option A: Copy a password to the clipboard
All of the following methods will “copy” the password to the system clipboard:
- Double-click an entry, –OR–
- Select an entry, then press CTRL+C, –OR–
- Right-click an entry and select Copy Password to Clipboard –OR–
- Select an entry then click the Copy Password icon from the toolbar.
After you’ve copied the password to the clipboard using one of the four methods described above, you may be able to paste that password into a logon screen by pressing CTRL+V. It is entirely possible that you may never know the password for a given system. You simply generate the initial password randomly, then use Password Safe to copy and paste it from that point on.
Option B: View a stored password
In many cases, you will not be able to copy and paste the password into a logon screen. If you need to type in a password, you can have Password Safe show you the password. To do so, follow the steps below.
- Right-click the desired entry.
- Select Edit/View Entry.
- Click Show.