Securing your online life has become more and more important in the years since I originally wrote this guide in 2012. The then-epic hack has become, sadly, commonplace.
Out of all the advice in that earlier article, there is one bit that is vitally important and, sadly, often ignored: USE A PASSWORD MANAGER.
Well over 60% of all hacks and breaches are the result of weak, stolen, default (or reused) passwords. Do you really want to be part of that statistic?
A password manager allows you to have one master password that you remember, and then different passwords (or passphrases) for everything else. Often they have a "notes" area where you can also put in your (hopefully fake) "security questions" for websites and the like. [1]
I’m going to walk you through a free (or low cost) setup up using KeePass and KeePassX and Dropbox. While you can use other syncing services – I use a selfhosted instance of NextCloud – this is the easiest setup that I can recommend. If you are using another solution for your cloud hosting, substitute that as applicable.)
STEP ONE: If you do not already have a Dropbox account, get one using this referral link: https://db.tt/PeYcFIot . It should get you some extra free space on the service. Skip this step if you already have Dropbox.
STEP TWO: Install and set up Dropbox on your PC. It will create a directory (folder) that is synchronized to Dropbox. This is where you will put the password database in step four.
STEP THREE: Install KeePass (use version 2!) or KeePassX or KeePassXC on your home computer. KeePassX and KeePassXC are both cross-platform and run on Windows, Macs, and Linux, while KeePass is Windows only. Functionally, they’re pretty much the same. [2]
STEP FOUR: Decide on your master password and create a password database.
IMPORTANT: THIS IS THE ONE PASSWORD TO REMEMBER. DO NOT FORGET IT.
IMPORTANT: Make sure that you create it in the 2.x format with the KBDX extension. For example, my password file is KeepassX.kdbx. Not all of the programs I’m mentioning can read the earlier (and inferior) 1.x version of the database.
STEP FIVE: Install a program on your mobile device that can access Dropbox and read the password database. For Android, I highly recommend (and use) KeePass2Android, which handles reading and writing to cloud storage on its own. It can also be unlocked with a fingerprint, and can also auto-fill forms. For iOS it is a little more difficult due to the restrictions on iOS, but KeePass Touch (free) and KyPass4 ($6.99) can do the job.
STEP SIX: Have a more secure online life. Seriously, that’s all there is to it.
There are lots of other services that can do this kind of thing, but doing it this way isn’t any harder and helps keep you more secure. After all, commercial solutions like OnePass and LastPass are more expensive… and both of those have been hacked before (OnePass, LastPass). With the setup I recommend above, even if your Dropbox gets hacked, it just means the hackers have another encrypted and password-protected file.
[1] It is very easy to find out basic answers about someone’s life from online records – such as a mother’s maiden name, the street someone grew up on, and the like. By making these answers complete nonsense – like saying your mother’s maiden name was "SalmonBlue" – it makes them impossible to guess.
[2] If you need a portable version that runs on a thumbdrive, you can either use KeePass’s portable installer or the portable version of KeePassXC. Syncing the database will have to be done manually, though. I use Unison (Windows/Mac/Linux) for this purpose.
Featured Photo by Philipp Katzenberger on Unsplash