![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Making secure passwords not a pain
Apr. 17th, 2019 07:52 pmDon't use the same password on more than one site. That won't be news to the more security conscious of the people that read this (if it is news to you, read the link) but even for my more techie friends, the practical management of secure passwords can be an issue. I occasionally get asked how I do this, so here's a blog post...
For avoidance of doubt, this is very much just how I do things. It's by no means the one and only one correct way to do it, but it works for me. The other slightly "odd" (although maybe less odd among people that read this) requirement that I have is that it needs to provide a solution for when my laptop is running Linux. Anyway, what I do is:
The only gotcha I've found with this system is that I have to be careful not to have the password database open on device A and editing it on device B, or the syncing understandably gets confused. There aren't many valid use cases for having the database open on more than one device at once anyway, so this just encourages good practice :-)
Historical note: until March 2019, I used Dropbox for the sync rather than Google Drive, mostly because Dropbox provided a free Linux client. However, Dropbox now restrict their free accounts to three devices which broke all that. If you pay for Dropbox already for other reasons, you can use that and not pay for Insync.
For avoidance of doubt, this is very much just how I do things. It's by no means the one and only one correct way to do it, but it works for me. The other slightly "odd" (although maybe less odd among people that read this) requirement that I have is that it needs to provide a solution for when my laptop is running Linux. Anyway, what I do is:
- Create a password database with KeePass. Use something really strong as your master passphrase.
- Use KeePass to generate every new password you ever create. Use secure settings for this - my default settings are 32 characters and all the character classes KeePass allows except "High ANSI characters".
- Occasionally this breaks a website which doesn't like that kind of password. This is annoying, especially when they don't tell you why they don't like your password. Not much that can be done about that though.
- Put the password database onto my Google Drive.
- On Windows, install Google Backup and Sync to ensure that I always have the latest version of the database.
- On Linux, install Insync to sync Google Drive to my local machine. Yes, this involves paying money but as a one-off payment I think £30 (or $30 if you're lucky enough to be in the US) is a worthwhile investment.
- On Android, the Google Drive app gives you sync automatically. (This assumes you're running full blown Android, rather than AOSP as you get on e.g. Kindle Fire tablets. I haven't tried to solve that problem)
- On Android, install Keepass2Android Password Safe to access the database.
The only gotcha I've found with this system is that I have to be careful not to have the password database open on device A and editing it on device B, or the syncing understandably gets confused. There aren't many valid use cases for having the database open on more than one device at once anyway, so this just encourages good practice :-)
Historical note: until March 2019, I used Dropbox for the sync rather than Google Drive, mostly because Dropbox provided a free Linux client. However, Dropbox now restrict their free accounts to three devices which broke all that. If you pay for Dropbox already for other reasons, you can use that and not pay for Insync.
