Sunday, January 08, 2012

How To: Save and Retrieve Passwords across multiple devices including Windows, Apple iPhone, iPad, Ipad 2, iPod Touch, and Android OS



Lately every single web site that I have been visiting has required a password. It is getting out of hand! Lots  of sites allow logon using a Facebook, Google or other common password service.  I do not like doing this at all! I try to use a different password for every site I visit and it is a good habit and practice that I reccomend for EVERY person on the Internet.

Back in the day, I used to reccomend to my staff members that if they really had a hard time remembering their many passwords, they could pick any base eight to ten character non dictionary word or phrase and than attach the name of the website to the front or the end of it. For example if your base password is dog8kitty, you would use yahoodog8kitty or dog8kittyyahoo for your yahoo password. That way they could have a different yet easy to remember password for each site. Just make sure no one gets ahold of your base password though! My users were notorious for still writing down the base password and posting it on a sticky note on their monitor. I never had a problem accessing their stuff...lol.

And still users are faced with the issue that not all sites let you set your own password type and require all sorts of stupid combinations for your password. How do you remember them all? The truth is, you can not!

My INEXPENSIVE solution to this problem(meaning free) is an open source program called Password Safe along with DropBox.  Now grant it, you STILL have to remember a single safe combination password for Password Safe in order to open up your safe and enter your DropBox credentials as necessary once to setup the programs with my solution, but it is far better than having to remember sometimes hundreds of passwords. Just make CERTAIN that you choose a strong safe combination to open your safe and strong dropbox password!

This quote is from the SourceForge website, "Password Safe allows you to manage your old passwords and to easily and quickly generate, store, organize, retrieve, and use complex new passwords, using password policies that you control. Once stored, your user names and passwords are just a few clicks away. "

"Using Password Safe you can organize your passwords using your own customizable references—for example, by user ID, category, web site, or location. You can choose to store all your passwords in a single encrypted master password list (an encrypted password database), or use multiple databases to further organize your passwords (work and home, for example). And with its intuitive interface you will be up and running in minutes."

Basically Password Safe will allow you to save all of your passwords into an encrypted "safe" file that is even very portable if you want it to be.  By portable I mean that you will be able to access your passwords from almost any computer or mobile device you own, including your iPhone, iPad, Android Phone, and computer! Further you can organize your passwords into file folders by type of password.  Is that not fabulous?

Read on and I will explain to you more about PasswordSafe, how to get it and a bit how to use it.
Windows
I'll start by explaining on how to find, download and install Password Safe for Windows. The freely available Open Source version of Password Safe can be downloaded from this web link.(you could also choose run and not download the file if you just want to automatically install the program.)  Once downloaded Password Safe, click  on the pwsafe-3.27.exe file to install the program.  If you receive a Windows security warning dialog click on the run button. Next choose a language from the next popup, English is the default, and click on the OK button. Click the I agree button to agree to the license agreement, and now a prompt with a dialogue box that asks what type of install you would like. A regular, (on your computer) or a disk on key, which will allow the ability to install and run the program and save your password database on a USB Key Drive to carry it with you and plug it in and use it on any other Windows Computer you want. To install it on your computer leave the regular choice ticked and click on the next button.

The next screen Choose Components, is to select additional languages, if you only want English click on the next button. The next screen, select the location to install the program to on your computer. You can use the default or change it if you want. Click on the install button to start the installation. Password Safe installs very quickly and will give you a completed screen that you can now close.

There will now be a Password Safe icon on your desktop you can click on to get started using Password Safe. If there is no icon look for the Password Safe folder in the start menu and run the program from there.

There are quick start instructions for the program on the website here.


When starting Password Safe for Windows, there will be a window like the picture above. Click on  theNew Database button and enter your chosen Safe Combination, twice.  The "safe combination" will be your KEY to open your safe and access all your passwords.  Do not write it down or give it out! Be sure you will not forget it either. It is the one password you need to remember always! Click OK.

By default Password Safe will create safes in your Documents/My Safes folder. The safe location can be changed after running the program from within the file menu by resaving the safe file elsewhere. All safe files end with a file extension of .psafe3.   

Entries can be added to the "Safe" by clicking on the + icon on the toolbar of the program to bring up the password entry window. The + icon is also in most of the apps and is used to add an entry in Password Safe.  The password entry window will allow the addition of a name of the site the password is for, username, password and more.  Password Safe will even generate a strong pasword for you. Advanced settings allow setting password policies for Password Safe to use. If  urls of the web sites login page are added then the user can click on the site entry within the program to go directly to the website. Password Safe can even auto enter in the passwords on some sites!

Portability - DropBoxI alluded to putting the Safe installation on a portable USB drive during installation above, but you can make your safe even more portable by placing it in the cloud (web or Internet for you old folk) in a (you got it) password protected PRIVATE folder with a website named DropBox. 

Dropbox is a very handy tool to use which gives the user the ability to access your files from just about any device. Many of the Apple App store apps use Dropbox so it is worth checking it out. In order to have the same database across all of your devices, go to the DropBox website at http://www.dropbox.com and click on the big blue Download Dropbox button.

Follow the instructions to install Dropbox. Note that Dropbox will create several folders on your computer in the Documents folder. Once you create a SECURE logon for the dropbox site, any files put in those folders will be uploaded to the DropBox site. MAKE CERTAIN that you only save your password and any personal files into the PRIVATE folder of Dropbox if you do not want anyone to be able to access them. Using the DropBox Private folder is how to access your passwords on all your devices anytime.  Remember your safe file is encrypted and has your personal KEY. The PUBLIC folder for DropBox means just that! Files in the PUBLIC folder will be seen by everyone on the Internet!! Don't ever put password files in this folder!

Apple iOS Apps for the iPhone iPad and iPod Touch
There are two programs that I personally have used that will open  Password Safe .pwsafe3 database files for Apple ios devices like the iPhone , iPad , iPad 2 or iPod Touch.

The programs are Password Touch by EMMA Multimedia and the one I strongly reccomend is called pwSafe Password Safe for iOS by App 777 Informatica.   

(DO NOT GET CONFUSED! There are several programs in the iTunes APP store called Password Safe. The below two are the only ones I have used and reccomend that work with the open source Password Safe program available on SourceForge described above.)
The pwSafe program by App 777 cost $1.99 but it is worth every penny in order to open Password Safe files on you iOS device.  This is MY choice as the best iOS app for the open source Password Safe! The added benefit of the App 777 version for PasswordSafe is that you can create and make local safes on your iPad , iPhone or iPod Touch. Further pwSafe can sync your safes in Apple's iCloud to use on all your iOS devices! However iCloud will not let you share the safe file seamlessly with your PC, so DropBox is a better choice to use.  PwSafe allows you to enter your DropBox.com credentials and connect to your safes in your PRIVATE folder and open them using your private KEY combination code specified for the safe. You can have multiple safes on your device local, on iCloud and those from DropBox.com.
The $4.99 Password Touch by EMMA is not only $3 more than the pwSafe app by APP 777, it is also not worth the addional amount because it lacks many of the features the APP 777 one does.  A DropBox account is required for the app and it must have internet available to link to the safe from your DropBox account.  I do not reccomend this product and it is overpriced in my opinion for what it does.

A third iOS program I have NOT used is the $1.99 DropSafe by Smith Surasmith available from here. However it appears to be very similar in functionality to the PW Touch program only using the database from DropBox so I would not bother with it.

Android
The port PasswordSafe for Android, reccomended by the developers, is available at https://market.android.com/details?id=com.jefftharris.passwdsafe
I played with this on a G2X and am very impressed. It doesn't look like  much until you press the bottom left menu key. Then you see the power of this port of PasswordSafe. It works flawless to make your own safe on your android device. DropBox can also used and available from http://www.dropbox.com

 Linux
 PasswordSafe for Linux is Beta software but versions can be downloaded from here. I'll have to admit again that I have not had a chance to even look at or test this version of Password Safe so I can not offer any reccomendations or insight on how well this works.



And for those brave souls who want to tinker there is even a version of PasswordSafe for Windows Mobile Phone Project going on at this link.

Different versions of PasswordSafe are constantly emerging. Check out the related project page at http://passwordsafe.sourceforge.net/relatedprojects.shtml to see if your OS is supported.

Password Safe and Dropbox have served me quite well over the last few years as a secure way to save my passwords and make them available across all my devices. I have found no other password wallet or utility that is so diverse. Give it a try today.

Disclaimer: There is really never any way of knowing if Dropbox, iCloud or any place else on the web or in the "cloud" where you store any of your files or email is ever 100% secure. *The fact is it probably isn't. There is also no guarantee your data is out there permantly. Always back up important data in at least 2 places.  This doesn't necessarily mean you can not store secure files out in the cloud, it just means you have to be very very careful HOW and WHERE you do it. Always use trustworthy web sites to store your files. Always encrypt personal information and password protect files if possible. Always use strong passwords with letters, numbers and special characters if possible.
 Follow Microsoft's Tips for Creating Passwords.

No comments: