Tag Archives | password encryption

S10 Password Vault a free password manager

/ 11 January, 2011 / Computer Security / Permalink

Secure offline password manager

The problem using always the same password is that if one of the sites you are member of gets cracked then that person will get access to all of your other accounts as well, using a secure password manager is the best way to be able to use a hard to crack passphrase for each website and remembering all of them at the same time.

S10 Password vault is a free offline password manager utility that uses the uncrackable AES256 cipher for encryption, it foils keyloggers, autolocks after a predetermined set time, tells you if your password is strong enough or generates it for you, and it has a portable edition. All of this in just 670Kb, a really tiny application with lots of great features.

When you install S10 Password Vault for the first time it will create an encrypted .s10p database where all of your passwords will be stored, make sure to back it up and do not worry about losing it as only with the masterpassword it is possible to look at its content.

The coolest time saving feature of S10 Password Vault is that to log into a site you won’t even need to type in your password, as long as S10 Password Vault is open you can use a keyboard shortcut and S10 Password Vault will automatically fill in the password for you.

The only downside I found with S10 Password Vault is that the help file is online, it could probably be improved if a PDF file with the manual could be made available for download, I also think that the password manager window and fonts could benefit from being a little bigger than they actually are.

S10 Password Vault

S10 Password Vault

What I liked most is the structure of the folder hierarchy that helps to get a quick access to your passwords, the autologin feature that saves you time by entering the password for you, and the embedded anti keylogger that sends lots of random hidden decoy keystrokes to obscure the real password as it is typed, very useful to use in conjunction with the portable S10 Password Vault edition at a public computer.

There is a premium, very cheap, business edition of S10 Password Vault that includes automatic central back up of employee passwords, central control over configuration settings and ability to use a private synchronization server. S10 Password Vault is an entirely free password manager for home users, if you like the software you can make a donation to the developer.

Visit S10 Password Vault homepage

4 Comments

List of 10 free online password managers

/ 14 December, 2010 / Computer Security / Permalink

Why should I use an online password manager?

Most Internet users have at the very least a dozen Internet passwords, probably more, unless you are Einstein it is impossible to make a very hard to remember an ideal hard to crack password using special characters with small and capital letter cases and remembering all of them. Users end up creating an easy to guess password or reuse the same password across many websites.

While online banks are normally secure, with their fair share of failures, the main pitfall is that an easy to hack website, such as an amateurish run forum in which you might have registered will have its database stolen, even if you don’t care about having that forum account stolen, a black hat hacker is likely to try if the stolen passwords and usernames have also been used for your Facebook or email account.

Online password managers allow you to use unique extremely hard to crack passwords and remembering all of them, they also save you time by not having to type your username and password every time you login into a site, entering the pass and user automatically for you.

Ten online password managers

Note: Some of the password managers here are only free for a certain length of time or have limited features in their free version.

Xecrets: Online password manager from the makers of Axcrypt, a free open source encryption software, Xecrets will not store your master password on their servers, only briefly in memory during the time you are visiting.

LastPass: Online password manager compatible with all browsers, it can also be synchronized across them. LastPass offers storage of encrypted secure notes in your account, all of the data is encrypted using 256-bit AES implemented in C++ and JavaScript to perform encryption locally on your computer, nothing in plain text is sent to their servers. There is support for USB keys, Yubikey, one time password and a mobile version of this password storage application.

PassPack: An ideal online password manager to share secret passwords with your team, Passpack has special features enabling secure password sharing online, PassPack never sees your passwords on its unencrypted form.

PassPack also offers a desktop password manager client available for Windows, Mac and Linux that syncs all of the passwords, online and offline data is encrypted using AES256-bit cryptography.

PassPack online password manager

PassPack online password manager

Mitto: Free Internet password storage service, all passwords are encrypted using 1024 bit RSA or 256 bit AES algorithms, you can have automatic logins, password tagging for better organizing them, sharing of passwords with a trusted group of people, password generator and cross browser compatibility by using a bookmarklet.

LogAway: Online password manager using 256-bit AES encryption in C++ and JavaScript. Encryption and decryption of the passwords takes place on your local computer, nobody at Logaway can ever access your sensitive data. All of the encryption takes places locally and nothing in plain text is never retained or even transmitted to LogAway’s servers, cross browser compatible.

MashedLife: Purely web based online manager that helps you manage all of your online accounts from one place, no communication goes through Mashed Life and your computer after you are logged in, all of the encryption is carried out locally.

PasswordSafe: Free convenient online password manager with an additional desktop password manager that syncs the passwords with the encrypted database online. All database information, usernames and passwords are encrypted on your machine PasswordSafe never has access to plain data.

Clipperz: A zero maintenance cross platform online password manager with nothing to install, Clipperz uses a bookmarklet or sidebar to create and use direct logins. There is also an offline password manager version of Clipperz to take the passwords with you if travelling.

Password strength indicator, application locking, SSL secure connection, one time password and a password generator are some of the features this online password manager offers.

Clipperz online password manager

Clipperz online password manager

DataInherit: This online password manager encrypts passwords in the memory of the client computer when the password safe is in use. Only when a single password is actually viewed or used by the client it will be temporarily decrypted and displayed. For encryption cryptographic standards such as AES-256 and RSA-2048 are used.

HalfData: Uses Triple DES to encrypt their database, powerful cryptographic algorithm. Assuming you have used a strong password Triple DES, aka 3DES, would take hundreds of years to crack . HalfData doesn’t keep neither your password nor encryption key in their servers, the encryption is performed in the user’s computer before sending out the data.

How safe are online password managers?

In order to make sure all of your online passwords are in good hands, you should look for these features in a good online password manager:

  • A safe sound cryptography algorithm is being used (i.e. AES, Blowfish, etc)
  • All of the encryption is performed on your computer before being sent to their servers
  • Your connection with the password manager is made using Secure Socket Layer (SSL) encryption at all times
  • No backdoors are included other than resetting your forgotten master password sending you an email
  • There is support available in case you have problems
  • Browser and operating system compatibility

1 Comment

How long should my password be? Minimum password length suggested

/ 23 August, 2010 / Computer Security / Permalink

We should start talking about passphrases and not passwords, according to one Georgia Institute of Technology study any a password shorter of 12 characters is vulnerable to attack, the length of your password, as well as quality, like using a combination of alphanumeric characters, does matter a lot when it comes to computer security.

A standard English keyboard has 95 letters and symbols and you should be taking advatadge of them to write full sentences as your password. Knowledge about a user may suggest possible passwords (such as pet names, children’s names, etc), hence estimates of password strength must also take into account resistance to this attack as well.

Password box

Password box

The ideal password length is 12 characters

The Georgia Tech Research Institure study on brute forcing passwords suggests a 12 characters password length in order to strike the right balance between convenience and security. Assuming a hacker can try 1 trillion password combinations a second, it would take him 180 years to crack an 11 character pass, this number would increase to17,134 years to crack a 12 character password.

How to create a strong password?

  • Include numbers, symbols, upper and lowercase letters in passwords.
  • Avoid any password based on repetition, dictionary words, letter or number sequences.
  • Use capital and lower-case letters.
  • Password must be easy to remember for and not force insecure actions like writing it down on notes.

According to one of the study authors if an attacker wants to crack many passwords quickly, once he’s built a rainbow table it might then only take about 10 minutes per password rather than several days. A rainbow table encodes the hashes of the most common passwords and uses that database to quickly run it against your hidden password.

Solutions to create secure passwords

Instructions to create the best random password possible: Diceware

Store your passwords encrypted online: LastPass

Free secure password manager for desktop computer: KeePass

0 Comments