I'm a computer jockey and spend most of my waking hours parked in front of a laptop or some internet enabled mobile device. I've come to rely on the internet and all of its wonderful services. Some of these services, such as GMail, require me to log in before I can use them. The credentials for the services I use everyday are burned into my brain never to be forgotten. For things that I use only a couple of times a year, such as my brokerage account, are a different matter. It seems like I'm always forgetting either my username or password. Heck, sometimes I even forget the URL for the site I need. I'm a fan of the Security Now podcast and have come to appreciate the security aspect of the internet. The days of plastering my monitor with Post It notes are over. How can I manage all my internet accounts in a safe and convenient manner?
My solution is to combine two technologies together to create a nice solution. I use Linux and Windows machines so I need a solution that works in both environments. As luck would have it, somebody has already scratched that itch. Enter KeePass Password Safe. As the name implies, it is a digital safe to store all of your important account information. It is an open source product that runs on a variety of platforms. Essentially, it keeps track of URLs, usernames and passwords for your various accounts. The data is stored safely in encrypted file and it even comes with a nice password generator. The other nice thing is that the program is self-contained meaning that you can run it without having to actually install it. If you wanted to, you could run it from a USB thumb drive giving you access to your account information even if you are using a public computer in your local library.
One of the lessons I've learned from Security Now is that multi-factor authentication is preferred over single-factor authentication. Single-factor is the type of authentication we are most familiar with -- all you have to do is provide a password that matches with a user name and you are in. In multi-factor authentication, you need a password and something else -- a combination of something you know (password) and something you have (a special security dongle, for example). Trying to be as security conscious as reasonable I want to use a multi-factor solution. KeePass supports this by requiring both a passphrase and key file. So, to unlock KeePass I need three components: the KeePass encrypted data file, the key file and a passphrase. My solution is to store the data file inside a Dropbox folder that can be seen by all of my machines. I keep the key file on a USB thumbdrive that I always carry around with me and, of course, store the passphrase in my head. As long as I have my thumbdrive and a Dropbox enabled machine, I can pull up my account information. There is a problem, however, I need to solve: what happens if the thumbdrive fails and I can't access the key file? In short, I'm screwed. I'm terrible at backing up my data so I'll have to ponder this for a while. Having lots of copies of the key file seems to defeat its purpose so I'll have to come up with something clever.