The Ultimate GateKeeper February 27, 2008Posted by Doriano "Paisano" Carta in Enterprise, Freeware.
Tags: encryption, Freeware, Keepass, password, password manager, security
In all my years working in I.T. the thing that has always made me cringe is the way that people handle their login account information and passwords. I cannot tell you how often I’ve seen login names and passwords attached to monitors on sticky notes or taped to their desk or keyboard. The more security conscious ones actually try to be more safe by storing their passwords in their drawer, which still isn’t that smart really. The next level of security is taken by those who store all of their passwords in a Microsoft Excel spreadsheet, which is better than the post-it method of protection, but it’s still vulnerable because their isn’t any encryption which makes opening the file very easy. This is a serious matter that should be addressed by every organization, no matter how large or small they are. One security breach and any company can be exposed to devastating results from a potential hacker.
So what’s the answer? What can be done about this all too common problem that occurs in every company in America? Well, the first thing to do is provide some basic security training for all employees. Make sure everyone understands WHY this is so important. It isn’t just for the company’s safety but for their own safety as well. The next thing to do is provide a simple method for storing all of their login account information and passwords, perferably one that also provides encryption for added security.
Obviously, expense can be a concern so this solution shouldn’t be too expensive either. Now, there are countless password managers available these days, but to me there is only one ultimate gatekeeper.
KeePass is the best password manager available today because it doesn’t require installation, it’s easy to use, and it’s free! The best part of all is that you can keep thousands of passwords in one safe place with encryption. This means that you can have instant access to all of your accounts by remembering just one password from now on. Here’s a screenshot of the main interface (Click to Enlrage):
There’s a version for different operating systems, such as linux, Mac OS and of course all flavors of Windows. However, my favorite is the Portable version which doesn’t require any installation and can be launched from a USB stick! This means you can save the keepass program and the password database that it creates and encrypts for all your passwords in one safe place and with you at all times. Here’s the Keepass download page.
Companies and especially I.T. departments need to stop sticking their collection heads in the ground when it comes to this grievous security risk and address it as soon as possible. Don’t assume that your users know better and would never be stupid enough to do such things. I cannot begin to tell you how many times I’ve seen these things done by individuals with extremely high levels of intelligence, multiple degrees and usually good common sense. It only takes a few minutes and the Keepass utility is free and easy to use.