RSS Feeds
Facebook
GRS Twitter
Over the past few months, GRS readers been recommending two applications that I haven’t found time to mention — until today. These two utilities perform simple but important tasks. One is a password manager, and the other allows you to share your documents — including financial documents — across multiple computers.
KeePass
Here, for example, is an e-mail I received from a reader who asked to remain anonymous. He’s one of the many to sing the praises of KeePass.
This tool might be part of your paperless personal finance system:
I set up all of my online passwords in a program called KeePass on a memory stick; it has some clever functions that let you avoid typing in URLs, login names, and passwords on public computers and thus defeat keystroke-capture fraud agents. I’ve found it very useful — it’s much faster and easier than using the old password log in my PDA.
KeePass is a free open source password manager that runs on all major operating systems: Windows, Macintosh, and Linux. According to the website:
[KeePass lets you] put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known.
Update: Macintosh and Linux users should check out KeePassX.
Dropbox
Several GRS users have also sung the praises of Dropbox, an app that allows you to synchronize files across multiple computers and access them from the web. (This reminds me of .Mac/MobileMe for Macintosh — only better.) Dropbox also allows users to share files and folders with others.
This screencast describing the featuers of Dropbox pretty much sold me on the product. Dropbox is free for low-volume use (under 2gb of space) and premium accounts are available.
In February, Oliver wrote that he uses KeePass and DropBox together:
KeePass is really great for encrypting passwords but as well as keeping the username and password for each account, I also keep all the account numbers, other passwords, security questions/answers, phone numbers in the notes field.
KeePass allows me to keep all this info (and my other passwords) behind one password and with Dropbox I can back it up for free and have the file available anywhere.
I want to live in “the cloud”, but Apple’s MobileMe just isn’t robust enough. As a result, I’ve recently I’ve recently begun to embrace Google’s suite of online tools. But Google doesn’t offer file storage. Dropbox looks like the perfect compliment to Google Docs and its siblings.
Postcript: After I finished writing this article yesterday morning, I went to lunch with my friend Will. As we were eating, the subject turned to cloud computing. “Oh, J.D.,” said Will, pulling out his iPhone. “Have you seen Dropbox? It’s amazing.” He gave me a guided tour on his iPhone. I laughed and told him I’d just finished writing a post about it just an hour before.
This article is about Tools Thursday, 30th July 2009 (by J.D. Roth)
July 30th, 2009 at 1:23 pm
If KeePass isn’t working for you, try out KeePassX for Linux and OSX. For either of them it’s pretty simple - add the repository/package or just download the DMG.
July 30th, 2009 at 1:25 pm
I actually use this idea, but will be transitioning to this one so I don’t have to access it very often:
“In Schneier’s comment section, I found a foolproof technique to create passwords that are near-impossible to crack yet easy to remember. Even better, it’ll take just five minutes of your time.
–
These mnemonic passwords are hard to forget, but they contain no guessable English words. You can even create pass phrases for specific sites that are coded with a hint about their purpose.”
http://www.slate.com/id/2223478/
July 30th, 2009 at 1:29 pm
KeePassX (the Mac/Linux version) has worked very well for me for the past year. The password generating tool is particularly helpful, in that it makes coming up with secure passwords very easy. A unique password for each online service is the best way to guard against a comprehensive attack like the one recently launched against the folks who work at Twitter.
Live Mesh is another good sync tool; “despite” coming from Microsoft, it works well both on Windows and Mac OS. I started using it before I knew about Dropbox. Because of the 5GB of free storage and the ability to sync files on a LAN without also having to keep them in the cloud, I’ve not felt compelled to switch to Dropbox, though it seems to be more popular.
July 30th, 2009 at 1:31 pm
I love both applications! Don’t know what I’d do with out them!
July 30th, 2009 at 1:46 pm
??? Totally lost with this article - I guess this is written for the techies???
July 30th, 2009 at 1:54 pm
Here is Lifehacker article on how to set up password syncing across multiple computers using these two tools.
http://lifehacker.com/5063176/how-to-use-dropbox-as-the-ultimate-password-syncer
July 30th, 2009 at 2:04 pm
Im using KeePassX on mac os x. I havent read any documentation yet. And I have been using it since 10 months. Now, why are you complaining about the documentation. Atleast on Mac’s KeePassX, the application is very easy to use and self explanatory. Stop flaming KeePassX. Use it.
July 30th, 2009 at 2:15 pm
@Sirish (#7)
Nobody is flaming KeePassX. I wasn’t even aware of KeePassX until the comments on this post. And I wasn’t even flaming KeePass. I was merely complaining that it wasn’t exactly intuitive to use or install on a Mac.
I’ve updated the post to point to KeePassX for Mac and Linux users…
July 30th, 2009 at 2:17 pm
“On a memory stick” sounds like an accident waiting to happen. They are not indestructible so what happens if they break? I always have wondered about that putting all your eggs in one basket approach. It means you have to have a pretty safe “basket”
July 30th, 2009 at 2:33 pm
I’m not sure what advantage DropBox would have over something like Google Docs. In fact, Google Docs seems to have a number of advantages over Dropbox: it is integral to a suite of 100% cloud computing applications with nothing to download (unless you want to work offline), it has far more free storage available, and documents can be shared publicly and/or selectively with anyone who already has a Google account, without the need to create and remember yet another user registration. What am I missing?
July 30th, 2009 at 2:35 pm
Many of the people using these sorts of tools don’t really understand what they do, especially when the tool is only in use because of a recommendation from a friend or family member. You should be careful about assuming you’re any safer from any sort of attack just because you use a tool like this, unless you know exactly what the tool does and doesn’t protect you from.
This isn’t to say that they’re bad tools, just that using them because someone told you they’re “more secure” doesn’t necessarily buy you anything at all, and almost certainly doesn’t match whatever your preconceptions about “security” are.
July 30th, 2009 at 3:19 pm
With Google Docs you can share only Google Docs (which admittedly is a nice feature). With Dropbox, you have 2GB of online storage which will sync with all your computers, and can contain any file type. I have a desktop and notebook at work, and a computer at home. I can be on ANY of these and have access to the latest file. It is cross-platform as well (PC, Mac, and Linux).
In other words, I can edit a Word file on one, save it, then edit it from another machine. If I’m at home and find a PDF that will be useful for work, I just copy it into my Dropbox folder and it’s on my work desktop the next day. This works with mp3s, pictures, and any kind of file you can save on a computer.
J.D. implied as much when he said it was a complement to Google Docs — it’s not a replacement to Google Docs; instead it offers additonal features not present in Google Docs.
With regards to security, neither of these products were touted as increasing your security. One is a password keeper (like a “safe” for all your logins and passwords) and the other is online storage/sync service. Both carry risks: with the password keeper, all your passwords are stored in an encrypted file on your computer (safer than nothing, but probably still crackable). With Dropbox, your files will be stored on their server (this is required for the syncing function). That said, I wouldn’t use Dropbox for any sensitive information like Quicken files, but in both cases these utilities provide convenience that may be useful for your daily workflow. Evaluate for yourselves: if you only work off one computer, Dropbox is kind of pointless.
J.D., thanks for the article. These computer utilities are interesting to learn about.
July 30th, 2009 at 3:20 pm
I just wanted to say what a timely article this was. I was just looking for tools like these. I for some reason don’t personally trust uploading my financial sheets to Google Docs.
Thanks again!
July 30th, 2009 at 3:45 pm
Obligatory Bruce Schneier reference:
http://www.schneier.com/blog/archives/2009/07/risks_of_cloud.html
Before your make your move “into the cloud”, be sure to take into account the risks associated with it.
Quotes from the above linked NY Times op-ed:
“The cloud, however, comes with real dangers.” … “If you entrust your data to others, they can let you down or outright betray you.” … “Worse, data stored online has less privacy protection both in practice and under the law.” etc.
Do you *really* want to “move into the cloud”?
July 30th, 2009 at 3:46 pm
I use this exact combination (Dropbox + Keepass) to backup and use my passwords across multiple computers.
I also use Syncback (another freebie) to sync multiple folders to my Dropbox folder…saving me the trouble of keeping everything in the Dropbox folder.
July 30th, 2009 at 3:51 pm
KeePass users should check out the KeeForm plugin as well ( http://keeform.sourceforge.net/ ). It can log you into most websites with just a double-click on the URL field in KeePass. Even troublesome or complex login forms can often be made to work with a bit of ingenuity. The only form I still have to deal with manually is Bank of America’s (the jerks).
July 30th, 2009 at 3:51 pm
Another great app, also open source, to use with DropBox is TrueCrypt. http://www.truecrypt.org/ I use it to create an encrypted file that I keep on DropBox. Thru TrueCrypt, I mount the file as a drive and then read and write to that drive just like any other. Check it out.
July 30th, 2009 at 4:08 pm
The concerns raised about security and cloud computing are similar to those that were raised when businesses began using email communications. We know what happened next.
July 30th, 2009 at 6:05 pm
For those worried about security in the cloud or for those who prefer a desktop application to go along with their web interface, you might want to check out Skoot at http://www.skootit.com. It claims to use strong encryption from end to end, and only stores encrypted versions of your files, so the only person who can see your files is you. There is a free trial and all that, it’s been working well for me. Thanks for the KeePass mention - it is very useful! (And I second Keith’s statement about truecrypt, that program rocks for keeping information secure.)
July 30th, 2009 at 7:15 pm
Keepass, Truecrypt and Dropbox are all fantastic apps. I’ve been using Keepass and Dropbox together for a while now and it’s a great combination.
I wouldn’t trust anything other than an open source app with encryption. If it’s open source you can verify that the encryption is strong and there are no backdoors (well I can’t do it, but other people can and do). With proprietary software you just have to take the vendors’ word for it.
July 30th, 2009 at 7:22 pm
I love the password safe that I use (under Linux) MyPasswordSafe (http://www.semanticgap.com/myps/). It is also open source and compatible with the win32 PasswordSafe (http://passwordsafe.sourceforge.net/) program as well as the command-line password safe, pwsafe.
I will say that for all those inane websites that need a password I think PasswordMaker (http://passwordmaker.org/) can be an excellent too.
+1 for the TrueCrypt recommendation above.
July 30th, 2009 at 8:38 pm
I prefer Wonderfile.com for storing my files … I like using tags for organizing my files rather then folders.
Unfortunately it doesn’t do all the fancy file transferring from computer to computer but it’s got a cool preview and search system .. so it works for me
July 30th, 2009 at 8:55 pm
Great combo! Dropbox is a happy medium between mobileme and gdocs for those of us who are stuck using Microsoft at work and work off of several computers. Dropbox will let you store any type of file without the upload download process. It works great with the iPhone as well. I am still learning the features of KeePass & KPX but it has been great so far, it’s an obvious tool that I shouldn’t have waited for.
July 30th, 2009 at 9:33 pm
My only crucial application that isn’t “in the cloud” is Quicken. Everything else in my life is online (Gmail, Google Reader, etc). Dropbox makes it possible to have Quicken installed in two computers and access the latest version of the QDF file!
July 30th, 2009 at 9:54 pm
LastPass is even better - no files and no memory sticks - all passwords stored online. Yes they could get compromised I suppose but that would be the end of their company. Best thing is that more than just stire passwords they can generate random ones so they are different across all sites. Even if one password gets compromised no other sites would be. And the icing on the cake is you can share access with others - for example I can share our banking account access with my wife, but neither one of us has to remember the password - we just each have a master lastpass password - kind of like the key to the safe.
July 30th, 2009 at 10:39 pm
Jason said:
“they could get compromised I suppose but that would be the end of their company.”
True, it may be the end of their company, but that doesn’t mean it couldn’t happen, and it’d also be the loss of all your passwords. Imagine they fire a system administrator and in anger he takes the entire database of customer information with him, and sells it to someone else.
Yeah, he probably killed the company, but now who has access to your bank account?
Even without the disgruntled employee — what if a hacker gets access to the machine on which the customer database is stored? This has happened plenty of times to other companies. Just because it’s disastrous for the company doesn’t mean it wont happen.
July 30th, 2009 at 10:56 pm
Ahhh the wonders of technology. Too complicated for me. Perhaps a good old fashion notebook would work.
I’ve seen Wonderlife.com, and it seems pretty good. Careful about storing everything in one place, and backing everything up elsewhere.
Best,
RB
July 31st, 2009 at 1:33 am
I recently found that if you copy the public url of a file from the dropbox website you can import it into google docs quite easily and work on your files from anywhere, although for some reason the formatting isn’t always kept perfectly between google docs and openoffice.
July 31st, 2009 at 4:07 am
I have to say that I agree with the people concerned about the security of these sites. The fact that people will be storing all of their financial passwords together is a huge draw for a hacker to target the system.
I think that you are much better off with a locked spreadsheet on your local drive and c&p by hand rather than giving an outside entity all of your access information.
July 31st, 2009 at 6:38 am
Might I recommend http://www.needmypassord.com if you’re not too keen on keeping all of your passwords on a thumb drive. Needmypassword is certified by Hacker Safe and uses 256-bit one way encryption and is internet based so you can access your passwords from anywhere.
July 31st, 2009 at 8:43 am
Also check out RoboForm for storing logins and passwords. Works like a charm for me. I would never be able to remember all of my logins and passwords without it.
July 31st, 2009 at 9:46 am
ok, I am not so annoyed anymore. I am more happy to read about KeePass on your blog than trying to defend documentation. Good post. !!
July 31st, 2009 at 10:12 am
Correct me if I’m wrong….
You can carry around your encrypted Keepass database file on a thumb drive or put it on dropbox, but you still have to have a Keepass application on your computer hard drive in order to access it. This isn’t probably a big deal for most folks, but it isn’t exactly cloud computing. For example, you would not be able to access your passwords from a public workstation unless the Keepass application was on that workstation.
It would be nice if the Keepass app could be carried and opened from a thumbdrive, but I don’t think that is possible either…at least not as a cross-platform option.
I always thought have a google document with all your usernames/passwords would have been handy and accessible without nothing else beside a internet connection. However, many people aren’t convinced google docs is secure enough for this use.
July 31st, 2009 at 10:19 am
Nick - Keepass is a portable application. All you need is the executable itself. I keep a copy on all my machines, and I also keep a copy on my thumbdrive with my data file.
July 31st, 2009 at 10:49 am
@ peter:
That is only for PC, correct? I don’t think you can run KeepassX as a portable…at least when I tried it, MacOS would not open it…
It would be great if this worked however, and on both Mac/PC…
July 31st, 2009 at 10:53 am
@Nick - For Windows it is completely portable.
Can’t say about Mac. KeepassX is a derivative of Keepass and isn’t the same application or developed by the same person.
July 31st, 2009 at 2:35 pm
For those looking for a Mac only password manager, 1Password has been the leader for some time. Good iPhone/iTouch client as well.
http://agilewebsolutions.com/
July 31st, 2009 at 3:06 pm
Keith:
Getting a password manager for Macs are awfully redundant as they already have one built in to it (Keychain). After taking a quick look on the site you posted just about everything it does is already baked in to OS X (auto form fill, previously mentioned Keychain, etc.).
The only reason why I’d use something like KeePassX is because I also use KeePass on my Windows boxes.
July 31st, 2009 at 4:38 pm
There’s a simple alternative to DropBox, especially if there’s only a single file (KeyPass) that you want to keep synced: using gmail, write an email to yourself - or better yet, upload the file, save the email, and it can sit in your “Drafts” until you need it or update it.
July 31st, 2009 at 6:15 pm
Jon D:
Many people respond much like you do when first learning of 1Password. The reality is it actually does much more than Keychain. It requires more than a cursory glance to understand this. But, that’s a topic for another day.
Take care
August 1st, 2009 at 4:24 pm
Roboform has desktop, thumb drive and blackberry versions.