Hands-on Project 7-2 : Download and install a Password Storage Program
To begin with this hands-on project, I go to http://keepass.info/
This is a password storage program. You can understand more about KeePass below.
What is KeePass?
Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your homepage's FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem... A serious problem. The thief would have access to your e-mail account, homepage, etc. Unimaginable.
KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.
To download this program, go to Download.
For this practical, I downloaded the Portable Version
This is the downloaded zip file.
I unziped the file and here's the files it contain.
Click on KeePass.exe to launch the program.
Screenshot of KeePass opening screen.
To start with a new password database, we need a strong master password to protect all of the passwords in it.
Go to File>New and I see this "Create New Password Database" screen.
Enter the mater password.
After I create a new database, I add a entry to it.
As can see from the screenshot, I added my gmail account.
Lastly, I double click on the URL and go to gmail.com
I fill up the username and password by dragging those I entered into KeePass.
Reflection:
Through this practical I feel that KeePass is convenient and easy to use. It has simple layout, and small mouse-over pop up to guide users with what to do. It has a very useful function, random password generator. I tried to crack one of the passwords it generated with rainbow table (Hands-on Project 7-1), didn’t not manage to crack it.
However, it has a very serious weakness. As quote from the KeePass website:
If you forget this master password, all your other passwords in the database are lost, too. There isn't any backdoor or a key which can open all databases. There is no way of recovering your passwords.
I created the master password a day before I test it out with my gmail account. When I come back to KeePass, I could not remember the master password I set. (Mainly because I used a new and complicated password which I had never use before.) And I realize there's no way I can get it back. Now, not only can hackers not get into my personal information, but neither can I!
Although there's only one master password to remember, it is not guaranteed that all users will remember this strong, complicated password. Consider you were overseas for a few weeks and you did not use KeePass during this period, you can easily forget the password. If you just save everything (e-mail account, website account, online passwords etc), there's no way to get back your information, and KeePass is not going to do anything to help you. Thus, because of this, I will not use KeePass. The consequence of losing all my usernames, passwords and important account is unimaginable to me.Labels: Hands-on Project, Practical06
林小颍's work ^—^V
