Each month, the editor of our downloads section recommends the security freeware that he finds most valuable. This week, Scott Sidel reviews the benefits of KeePass.
Do you have a lot of computer-related passwords to remember? I certainly do -- I have one for login, another for email, several for voicemail, vendor support, shopping online and banking, with more sprouting up all the time. If you're like me and have a lot of passwords to remember but wouldn't store passwords in one place unless it was as secure as Fort Knox, consider KeePass Password Safe.
KeePass is an easy-to-use open source password manager that is incredibly secure. It stores usernames and passwords, along with a URL and site descriptor, in a self-contained 256-bit AES- (and/or Twofish-) encrypted file that requires a master password to unlock the information stored inside. The master password is in turn hashed using SHA-256 (and a random salt) to prevent attacks using pre-computed tables.
While I enjoy the master password feature because it means I only have to remember one password to access others, it may make some of you feel paranoid. To that end, KeePass may be configured to require an optional key file, adding a second factor for authentication. Additionally, it has a password-strength meter whenever a new password is created and has the ability to create tough random passwords.
Inside the program, you'll find a clean interface where you have the ability to sort and store IDs and passwords by category (such as Work, Internet, Financial, and Email). Passwords or groups of passwords can be sorted or dragged and dropped. Information stored in KeePass can't be "shoulder-surfed" because, by default, passwords are obscured by asterisks. Double-clicking securely pops the password into protected memory, which is then automatically wiped (even overwritten) after a few seconds. Leave KeePass idle and it can be set to automatically lock. With plug-ins, KeePass supports automatic form completion and a secure onscreen keyboard.
And after all that, if you still aren't convinced, the beauty of open source is that you can always review the source code yourself.
About the Author:
Scott Sidel is an ISSO with Lockheed Martin.
Read Sidel's previous edition: Nessus can spot monster security problems.
Can't wait for next month's installment? Check out SearchSecurity.com's Information Security IT Downloads section, and learn what other valuable security freeware solutions are available.
This was first published in December 2006