My method for secure passwords

Password security is a big deal. This has been said a lot, but it seems to fall on deaf ears. Whenever a password breach occurs, a vast majority of passwords gets cracked within the first few hours. This is because people use too common passwords and reuse the same passwords on multiple sites.

My method for secure passwords consists of the following:

  • Password manager, KeePass2 is my choice, with a strong master password

  • Dropbox, where I store the keystore file that KeePass2 creates

  • Gmail account to which I also have a strong password that I have to remember. This is where sites would send the “Forgot password?” emails.

In total, there are really only two passwords I have to remember: the master password of the password manager, and password for my Gmail account in case I lose access to the Dropbox account. Passwords to everywhere else are randomly generated, 25+ characters long and stored safely in KeePass.

Why KeePass2

There are a few good alternatives, like LastPass and 1Password. I chose KeePass because it’s free, open source, and available for linux and Android. It also has auto-type feature that makes logins really easy.

Why Dropbox

The cloud service you choose is not really important – the password manager’s keystore file is encrypted, so even if the cloud storage is compromised, your passwords would still be safe. Dropbox is the most popular, so it’s not likely it will go down anytime soon. It’s also available for all major platforms.

Why Gmail

Most sites offer a way to recover your account in case you lose your password. This is typically done by sending a confirmation email to the address you used upon registration. Gmail was the obvious choice for me, but you can use whatever email provider you find trustworthy.

The setup

To set this up as I have, register for a Gmail account if you haven’t already (and make sure you enable two factor authentication), and also register a Dropbox account. Then go ahead and download KeePass2 (it’s available for Windows, Mac, and Linux). After installing KeePass, launch it and create a new keystore, and choose to save in inside your Dropbox folder. Now, you need to pick a strong master password that you can also remember. I recommend you to write this down as well, on a piece of paper, and store it in a secure location. Not in a post-it note next to your computer – treat it like your banking credentials. For picking the password, I suggest using diceware – a few random words combined is better than traditional, short passwords (see the related xkcd comic).

Now, create an entry to your new KeePass keystore for every website you use, and let it generate a strong password for you. It will take a bit of work to change your passwords in all the sites you use, but it’s worth it. At the end, you will have practically uncrackable passwords on every website.

Leave a Reply

Your email address will not be published. Required fields are marked *