How to keep your passwords safe

In lieu of the recent security accidents happening around the world due to poor user-created passwords, it is essential for everyone to have at least a 12 character long complex password for the sake of decent protection of one’s account.

But how do we manage so many long passwords across multiple accounts? If we use the same password for all accounts, it only takes one of them to compromise every single account that you actually own! https://www.cisecurity.org/newsletter/why-strong-unique-passwords-matter/

This is where a password manager comes into the picture, there are popular ones like LastPass and 1Password etc. However, if you are a paranoid man like me who do not believe that all the risk should be pooled to a single cloud hosted password management provider, you could hear me out.

Introducing KeePass

KeePass Password Safe is a free and open-source password manager that could be installed on any platform, with an encrypted database file which can only be unlocked either by a secret key file or/and with a secret passphrase that as a master password.

You can check out this link for even more features, https://keepass.info/features.html

In summary, to keep it short and simple, you would need software on your machine that could read the KeePass database file and a place to store the key file required to decrypt the database file.

Setup for iOS and MacOS

As I personally use a MacBook at home, I have installed the MacPass, OSX port for the KeePass software. https://macpassapp.org/

As for iOS, I use the KeePass Touch app which could be linked to Dropbox within the app itself to load the database file. https://itunes.apple.com/sg/app/keepass-touch/id966759076

In order to reduce the maximum amount of risk, just like buying stocks, I spread my sensitive files across different cloud file-hosting providers where each file is useless without another. Furthermore, each of these cloud providers is used with accounts with different email addresses and different passwords.

For e.g. by storing my key file in Google Drive or iCloud, then storing the database file in Dropbox or Box. We then use the software on the application either on the laptop or the mobile device, to load the database file and fetch from the cloud source to unlock the database as required.

When you make changes to the passwords or details in the database file, make sure that the file is then saved back to the cloud provider to ensure that each device reading the database file are having the latest and newest file from it was last updated.

The Secure Flow

The MacPass application can be used as a password generator to create passwords of varying strength and complexity.

When I create a new account on a new service or platform, these are the following steps I follow:

1. Create an entry on the MacPass application or KeePass Touch.
2. Generate a password of minimal 12 characters but usually, I go for 16 characters.
3. Save the entry and update the database in the cloud provider.
4. With the details that I have just generated, create the account on the service.

When I log into an online service anywhere:

1. Enter the Master password on the MacPass application (for iOS KeePass Touch you can set up in the app to enable Touch ID or Face ID)
2. Input the key file into the MacPass application to further unlock the database
3. Search for the service entry
4. Copy and Paste credentials to the clipboard and proceed to sign in

And there you go, storing your passwords in the safest and most convenient way ever. Although the setup will take some effort, I assure the effort will be definitely worth to protect yourself in this modern world of leaks.

(Sorry that I am unable to provide any guide for Windows and Android as I don’t own those as personal devices.)