by Bryan Sampsel
Date: 17 December 2015
A prevalent problem in today's world is the sheer number of accounts and passwords needed to manage one's affairs. Most of us have at least one bank or credit union, credit cards, mortgage company, doctor office, car loan, student loan, social networking site, etc, each with its own account and password. Many security professionals have touted the concept of the Single Sign On (think, "One account to rule them all") in corporate settings. Following that concept of "if Single Sign On works for companies, why not regular folks," some companies have put out services to let a regular person set up a single account to remember that logs into other accounts.
The elephant in the room here is that a Single Sign On service could be compromised in and of itself. Then, all of your accounts are compromised, not just the ones you use the same account and password on.
Wait, you don't use the same password and username on all your sites do you? If you do, you're effectively making it trivial to compromise your life. Using the same account on certain categories of sites is a slightly better solution, so that if your social networking site account gets stolen, only your social networking accounts are at risk, not your bank account(s).
The idea behind the Single Sign On site is a good one. You make one password and username you have to remember and use it to manage the army of usernames and passwords you have to manage your life. However, you're putting a lot of trust into a company to safeguard that information.
The better answer? Or possibly best of what can be handled at this point in time?
Get a program, such as KeePass or Password Safe, to safely encrypt your account information on your very own thumbdrive or hard drive (or both). You could even safely back that file up however you see fit. KeePass has a version that runs from a thumb drive (Windows PCs only) that's part of the Portable Apps suite of software.
How KeePass works is that you create a password safe, creating a password to protect it. Make it a strong password, but make it so you can remember it. Most experts recommend 15 or more characters in the password, using numbers, upper case, lower case, and special characters (such as the !,@,#,$, etc). If that scares you, 10 characters that you can remember is better than 20 characters you have to write down.
With the safecreated, you can then folders (categories): E-mail, Utilities, Banking, Social Networking, etc. Inside each folder, you can create an entry for each account. Each entry holds a title (for you to remember in plain english what this entry is, such as "Po Folks Bank"), user name, password, URL (website address), and notes where you can enter the special questions and answers you need to recover your account if need be. One REALLY cool thing about the password: KeePass can generate your password for this account. You tell it how long you want it, how complex you want it, and it tells you how complex it is when generated. Remember, you don't have to remember this one, it's in KeePass.
Now, when you need to log into your bank, email, or whatever other accounts you're storing, you open KeePass, enter the password for your password safe, go to the account. Now, you can use your mouse to right-click on the account to open the website, enter the username, and password. No fuss, no muss.
You no longer have to remember 15 different accounts, websites, etc. You don't have to write down your accounts and passwords in a notebook. You no longer store the same list in an easily stolen file on your hard drive.
The password safe that KeePass generates can be copied to your thumbdrive, your portable hard drive, your DropBox, or other computers you have and your passwords will be safe.