Security Corner

Sep 7 2012   1:59AM GMT

How to protect your password manager?

Ken Harthun Ken Harthun Profile: Ken Harthun

If the bad guys already know how to get your “clever” passwords, what kind of password do you put on your password manager? You can’t risk their getting your master password and gaining access to all of your good, high-strength passwords now, can you? You must treat your master password as the key to the kingdom and it must be backed up with a second factor of authentication.

The password must be the most secure of all your passwords. I recommend no fewer than 12 characters, preferably 16 or more. You’re going to have to write it down to remember it, as it is going to be random gibberish. I suggest you use a generator such as GRC’s Ultra High Security Password Generator. Here’s but one example from that site: su4{H&*1wI#z?$]> Of course, if you use something like LastPass, KeePass or any of the others that allow you to generate secure, random passwords, you can make your own. Once you have your ultra secure password, write it on a piece of paper and keep it in your wallet.

LastPass supports Yubikey, a low-cost USB token with AES encryption for two-factor authentication and this is my preferred system. KeePass implements two-factor authentication by allowing the use of both a master password and a key file that you can store on a USB thumb drive.


1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Ben Rubenstein
    Good advice. I've thought about using one of these password managers, but then worried about losing/forgetting the one password that rules all the others.  
    11,260 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: