Not Really a Blog

February 6, 2011

Using a password manager with Dropbox

Filed under: Computers, Internet — Tags: , — jesus @ 18:10

If you follow recommended practices you should have a strong and unique password on every single website (or service) you visit or use, so that access to the rest of the other services is limited if one of your password is guessed or captured in some way . While this all very well, it’s quite hard to do in practice.

We are either lazy and tend to repeat same passwords all over again in different websites or we just try to use variations of a few passwords so that we can keep them in our memory . I confess I have been using this method with the not so important websites that I use, reserving some strong password (and memorizing them) for some of the most important websites. I have even written about different ways in which you can have a strong password based on a pattern and some specific bits of information.

Up until a few months ago I was using this method but then I became more security concious and started using a password manager to store all my passwords, having updated the passwords on most of the websites I use. The way a password manager works is by storing all your passwords on an encrypted database file on disk so you can access all of them if you provide the master password. Thus, this master password needs to be strong enough. Now, this is all very well, but it’s useless if you keep your database at home and you are on the move or at work, etc.

So, what I’ve found useful is that keeping my encrypted file in a private folder on Dropbox works best, as that means that I can have that file everywhere on my computers giving me the flexibility of accessing it anywhere. You can even choose a password manager that works in all major operating systems so you are not limited by OS.

And before you tell me that this could be insecure if there are key loggers in action or any other kind of compromised system, yes, there’s a risk of handing in all your passwords. but, well, you need to find a compromise between being totally paranoid and keeping your passwords in a fire-proof safe and having all the websites sharing the same password :-). I’m a bit paranoid, so I don’t store really important passwords there, like my Gmail accounts, bank accounts, etc. Your mileage may vary, so use with caution.

If you have any other suggestions, please let me know as I’m interested in other ways in which you guys have solved this problem, if solved at all ;-)

About these ads

3 Comments »

  1. So what password manager are you using?

    PD: It still amazes me how revolutionary is the cryptography that we have available in our days.

    Comment by teoruiz — February 12, 2011 @ 14:41

  2. KeePassX: http://www.keepassx.org/

    Mind you that you can, as Chewie uses, use gnupg and encrypt a simple text file. Depends on how geek you are! :D

    Comment by jroncero — February 12, 2011 @ 14:50

  3. Hi Jesús! Have a look at https://spideroak.com/. What I love about it is that it is the client who actually does the encryption before sending the data, so the servers cannot even decrypt the information, as the private key resides in your computer. They have a pretty comprehensive explanation on how the whole thing works.

    Comment by David Bosque — August 4, 2011 @ 12:29


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Shocking Blue Green Theme. Create a free website or blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 2,869 other followers

%d bloggers like this: