Dropbox & KeePass: The perfect cross-platform password management system
Tell me if this sounds like you: you have a few standard passwords that you routinely use for every site you visit. One of them you use for sites that don't contain too much personal or sensitive information, and maybe you use one or two for sites that do. If you want to be REALLY secure you have another password that you only use for bank or credit card sites that contain your most sensitive information.
This is what I used to do (for many years in fact). Then I got to thinking: what happens if someone discovers one of those passwords? If it were one of the more sensitive ones, I'd be in deep trouble. So, I set out looking for a better way to manage my passwords.
What I'm going to describe in this article is a system I've implemented to manage my passwords in a secure, cross-platform way. It's by no means the best way to do things for everyone, but it's worked out extremely well for me thus far.
KeePass
Password Generator
KeePass is an app that was originally written for Windows, but also has a port that runs on Linux and Mac OS X. It allows you to manage all of your various passwords and saves them in a secure, AES-encrypted file protected by a passphrase. This file readable by both the Windows version and the Mac/Linux port. Keepass also has some nice features for generating random passwords: you can select which sets of characters to use (for example, letters, numbers, and punctuation) and it will generate a password for you of whatever length you select using those characters.
KeePass on Linux and Windows also has a universal hotkey that you can setup to automatically fill in usernames and passwords in your web browser (for whatever reason, this feature is not yet available in the Mac OS X version). So, when I go to check my Gmail email account, I just make sure the cursor is in the username field and then press ctrl-alt-A and my username and password is filled in automatically for me.
The fact that KeePass remembers all my passwords has allowed me to change all of my various accounts to each have their own unique, random password. That way, for example, if someone manages to somehow get a password to my checking account they won't also have the password to my savings account or my brokerage account.
Dropbox
Dropbox on Mac
Dropbox is a relatively new service that allows you to store your files in the cloud. You install a small utility on your computer (Dropbox also has ports for Windows, Linux, and Mac OS X) and Dropbox takes care of the rest: your files show up your OS's standard file manager as another drive, and you can copy files to and from it just as you would with an external hard drive or USB flash drive. Your files are encrypted and securely stored on Amazon's S3 file storage service. Dropbox is free for up to 2GB of storage, or you can pay $99 per year and get 50GB of storage. In my opinion it's a very good deal; the Dropbox software is well written on all three platforms and does a great job of making things "just work."
Putting everything together
As you can probably guess by now, I keep my KeePass data file on my Dropbox drive, which allows me to access it from any computer and on any platform. This allows me the security of unique random passwords for every website I visit without any inconvenience. It works great and I've never had an issue loading and saving the file across multiple platforms simultaneously. Just in case the Dropbox service ever goes down or is otherwise unavailable, I also keep an up-to-date copy of my KeePass file on a USB flash drive that's on my keychain. I've never had to use it though -- my Dropbox has been available every time I've needed to use it.
I hope this article has been helpful. Please leave a comment if you decide to try this and let me know how it works for you!