Personal software review: Password Safe.
|
Category: Security | Application: Password manager | Usage: Open source | Download: Password Safe website |
Security starts with you, the user. Keeping written lists of passwords on scraps of paper, or in a text document on your desktop is unsafe and is easily viewed by prying eyes (both cyber-based and human). Using the same password over and over again across a wide spectrum of systems and web sites creates the nightmare scenario where once someone has figured out one password, they have figured out all your passwords and now have access to every part of your life (system, e-mail, retail, financial, work) [text copied from the Password Safe website]. These issues may be solved by using a password manager, an application, that stores a list of all your passwords in a vault (encrypted file), that you can access by a master-password, the only one, you'll have to remember. There are lots of password manager applications available, commercial, as well as partially or entirely free. Password managers are also often included in computer security or maintenance software packages. I personally use Password Free (pwsafe) and it's just what I was looking for: a simple, easy to use application, that allows to store a list of all my passwords in an organized way. With Password Safe, you can organize your list as a tree with groups, sub-groups (both as many as you need) and the corresponding user/password entry (list item), with optional URL, email and notes. Each entry may have its specific password policy, expiration date and history settings. Considered as unbreakable, using Password Safe makes sure, that you will not forget any of your passwords and that nobody can steal them. But, be aware that if you forget the master-password, access to all your other passwords is no more possible (and there is no possibility to recover the master-password). Password Safe is very well quoted in several major software reviews. In the article Password Safe Reviews on the Best Reviews website, you can read: "Password Safe is on par with commercially-sold solutions and, in certain cases, even manages to surpass them. The simplistic interface ensures hassle-free password management, including such features as auto-fill and auto-login, the option to create and manage multiple vaults, and database backup. if you need nothing more than a simple, free password manager to keep your login credentials in a secure vault, then downloading Password Safe is definitely the choice for you." Here some of the great features of Password Safe:
- Unbreakable password manager, using local encryption, the Twofish algorithm with a 256-bit key, and can be paired with two-factor authenticators.
- Possibility to create several vaults, organized as trees with as many groups, sub-groups and entries as you want, and this free of any costs.
- Limited to the essential, Password Safe is incredibly simple to use, delivering exactly the sort of secure ease-of-use that Schneier (the top-security expert, who designed the application) wanted to achieve.
- Possibility to install the whole software onto a USB-drive and to backup the current state of the entire database.
Password Safe may be downloaded from the Password Safe website; there are a 32bit and a 64bit version. The source code may be downloaded from GitHub. The Windows 64bit download is a setup file of some 17MB. During installation, you can decide, if you want to install the application using the registry within your Windows system (regular installation) or portable on a USB stick (green installation). You may also decide here, which optional components, you want to install (e.g. command line tool), choose additional languages (making help available in these languages) and choose if Password Safe should start automatically or not.
Configuration is done in Manage > Options; some settings are vault-specific, and thus can only be configured after the vault has been created. Here the options, that I've changed (for all others, the default settings should be fine):
- Backups: Create intermediate backups before saving -> no (not really a necessity).
- Display: Put groups first in tree view -> yes (more convenient); show notes as tool tips in list and tree view -> yes (just to view them); show notes in edit -> yes (thus may change them here).
- Password history: I never used it, but actually activated it with a maximum of 3 passwords saved and setting default expiration to 365 (?).
To update Password Safe to a new version, downloading and running the new version setup program should work fine (no need to uninstall the previous version; all settings are conserved).
|
|
