Managing credentials with Counterpane's Password Safe

Seeing Bruce Schneier at ETCON reminded me that I've been meaning to mention Password Safe, a really simple and useful tool available for free from Schneier's company, Counterpane Labs. It's a GUI app you use to securely maintain a database of passwords.

The version I'm using, 1.7, runs on Windows. Version 2, an open source project, is apparently still also for Windows only, though I guess this could change.

I've been holding my breath for a long time waiting for single sign-on. After a while I started turning blue, and writing down passwords, which felt incredibly stupid but was unavoidable. Password Safe makes that necessary evil feel a lot less stupid.

The database is Blowfish-encrypted. Each entry has a title (e.g., "Amazon"), a name, a password, and a comments field which I find quite important for recording the context of a given credential (e.g. "3rd sample user for test system version 5"). Copying a username or password to the clipboard, for subsequent pasting into an authentication dialog, is easy. There are some thoughtful details: you can have the app clear the clipboard when it's minimized, and it won't ever display any passwords on the screen unless you override a default.

The whole kit -- executable, data file, and helpfile -- amounts to under 400K, and since there are no registry dependencies it can easily be moved back and forth between your desktop and laptop.

Nothing earthshaking about this. Just a simple and practical tool, from the most pragmatic security pro in the business.

Former URL: