How I safe my authentication credentials

Safe, safer, meow

As you might already know im into IT-Security. Therefor I have quite a complex system for my passwords for literally everything. As we all know having the same password for multiple sites is quite naive, I want to have a completely different password for every site / service I’m registered with. So I’m not saying that this is the best or most secure setup possible, it’s just mine and I’m fine with it. As it gives me a fine mix a comfortness and security. Also it might give you some inspiration what you can do to make your accounts more secure.

My setup

You’ll find links to all the software / tools I use at the end of the article. First of all I use KeePass it is a database of passwords secured with a password itself the so called “masterpassword” this should be incredbly strong and never forgotten!

Passwordcard

So how do we get a strong and secure but easy to remember password? There is clearly more then one way to achive this. The one I choose was to go with a service called “PasswordCard”. It’s a website where you get something like this.

Random Passwordcard
Random Passwordcard

So theres just a bunch of random characters on this. Now you have to choose a start point, the amount of characters you want and a direction or a more complex pattern. You can print this and / or bookmark the url. Now you have a pretty strong password, which you can always have next to you without anyone noticing it. That should be you masterpassword for the KeePass database.

KeePass

It is pretty self explantory. Although what I do want to point out is the password generation tool of KeePass. It allows you to basically generate a password for nearly every ristrictions you may run into on the services you are registered with. Also there are alot of plugins available for KeePass.

Plugins I use:

  • Download Favicon (downloads the icon from the URL in the entry)
  • OTPprov (For two-factor authentication tokens)
  • QRCode (displays the password as QR comes in handy for WiFi or authentication on the mobile phone)

For any further information feel free to ask me or the community over at keepass.info

Other cool stuff

  • Googles two-factor authentication
    I use this everywhere it is possible. It gives you a second value to authenticate with. It works off of a secret key and time and generates a “one-time-password” for every authentication process. I save them in my mobile phone AND in my KeePass database.
  • Google Drive / Any cloud space service
    I use google drive to synchronize my keepass database file between multiple computers and it works like a charm so far.
  • Lastpass
    Although I don’t use it, it seems pretty solid as a alternativ to KeePass.
  • TrueCrpyt
    You could also use a second password from your Passwordcard and make a truecrypt container with that to store your keepass database to add an extra layer of security. I do not use this as it decreases comfortness too much for my needs.

 TL;DR

I use a passwordcard to remember my masterpassword for a keepass database which I synchronzie  via google drive. Also using two-factor where ever possible and storing OTP-keys in KeePass with plugin.

Linklist

  • Paswordcard – link
  • KeePass – link
  • KeePass for Android – link
  • LastPass – link
  • TrueCrypt – link

 

So long! Let the comments RAIN!

2 comments on “How I safe my authentication credentials

Need them comments pls!