D. asked me to recommend a good password manager.
Everyone who uses the Internet absolutely must have a password manager. Without one, you’ll forget some of your passwords. Or you’ll use the same password for different sites, which allows a thief who’s hacked one password to know them all. Or you’ll use simple passwords that are easy to remember but also easy to hack.
A password manager program stores your passwords and other login information in an encrypted database. If you need to log into a website or a secure application, you open the password manager, type the password to your password manager (which is the only password you’ll ever have to memorize), and get the information that you need.
But which password manager should you use?
[Have a tech question? Ask PCWorld Contributing Editor Lincoln Spector. Send your query to email@example.com.]
I use KeePass Password Safe, which is both free and open source. (Of course, there are plenty of other options.) Thanks to the recent Heartbleed and Truecrypt vulnerabilities, I’m not as big a fan of open-source security software as I used to be. But I’ve seen nothing to convince me that open source is less safe than closed source–which could have a backdoor that we’d never learn about.
Popular open-source programs tend to be cross-platform, because anyone with the skills can create a compatible program. I use Android and iOS password managers that are compatible with KeePass, and use the same database file with them and my Windows PC.
You can set up a KeePass database to be opened with a password, a keyfile, or both. A keyfile can be any sort of file, but if that file changes in any way–even a single flipped bit–the database will become inaccessible and you’ll lose all of your passwords.
If you go the password route, you’ll need a password that you can remember, but is too long and complex for anyone else to hack. If you forget your password, you’ll lose access to all of your other passwords (that’s the disadvantage of not having a backdoor). And if it’s too short or simple (such as a single word), it can be hacked.
KeePass has other useful features. You can organize your passwords into folders–like files on a drive. It can generate long, complex, and random passwords of any length. And with the click of an icon, it can automatically insert the appropriate name and password into a web page.