 |
Password
Managers (Key Loggers)
|
|
|
|
|
|
|
|
Anyone
who has been Browsing and e-Mailing for some time would have various kinds
of accounts, each with its own user name and password, by now. Over a
period of time, remembering all those details becomes difficult. Of course
today, every Browser lets you store your Passwords and auto-fills it
whenever you re-enter the site in future. You may also put in a Master
Password, which, if entered correctly, unlocks all the passwords stored by
the Browser. Many users are happy with that. These are usually users who do not share their Computers with others. If
you use a shared Computer, whether at home or office, then your passwords
are accessible by everyone who uses the Computer. Not only is this at
loggerheads with your security, it is also irritating for other users who
use the same Computer as you, for, they will need to over-write your login
details with their own, each time they visit a site for which you have
saved your details!
|
|
|
If
you use a shared Computer, you need specialized Password Managers that let
you save your user name, password and other details. So how does that
ensure that your passwords are secure? Well, to open a Password Manager,
you need to set it up using your username and password - a Master Password! You
then need to remember just one username and one password, to access all
your usernames and passwords, from the Password Manager!
Its
a terrible mistake to use the same username and password for different sites as
well - someone finds it out (and that is easier than you imagine!) and (s)he has
access to all your accounts! This is a definite NO! Again, some websites
require that you change your password once every month or three months or
whatever. Just before the prescribed time is over, you are reminded and
requested to change your password, by such sites! It is quite likely that your
Bank requires you to change your password at specified intervals. Even if it
does not, changing your passwords randomly and at randon intervals is additional
security. However, that compounds the problem of remembering them - which is
where Password Managers step in to help you out!
|
WellOiledPC
Recommendation on Password Managers: A
Password Manager is required today due to the increasing number of
websites you visit: many of them requiring you to create a username and password.
Saving
them to your Browser is okay only if you do not share your Computer with
others
Keeping
the same password for all the sites you visit is like keeping all your
eggs in one basket - extremely risky and foolish
You
may or may not need to change your password - however, it is a good idea
to change them randomly at random periods of time
Password
Managers are today your best bet for safeguarding your usernames and
passwords
Even
if your Computer falls into the wrong hands, your usernames &
passwords will be safe, as long as you do not save them to your Browser
There
are literally hundreds of Password Managers - check out our reviews (below
this box) of some of the best-in-class solutions! |
Lets
begin by listing out a few kinds of sites that require usernames and passwords:
-
Your
e-Mail account - be it GMail, Yahoo or Hotmail
-
Your
Instant Messenger - be it Yahoo, MSN, ICQ, etc.
-
Sites
where you need to log in - for example job portals, your favorite Newsletter
site, your travel and tickets booking site, your PayPal Account, etc.
-
Your
Bank's Internet Services
-
To
access your Credit Card details from your Credit Card provider's site
-
To
access your Utility Bill sites - for example your Telephone/ Mobile billing
details, Internet usage details, Electricity billing details, etc.
-
Sites
with which you are professionally associated - for example the Engineering
site where you have a membership
-
Your
organization's infrastructure - for example, your organizational e-Mail,
which you may access over the Internet when you are traveling (usually
referred to as WebMail. WebMail is based on IMAP,
while Outlook/ Outlook Express mail is based on PoP3.
Click the links shown here, to read more about the IMAP and PoP protocols -
links open in new Windows)
-
Your
organization's Computer Maintenance Department, if Complaint Handling is
online
-
Your
organization's Intranet site, which would usually include details about how
many leaves you have taken and how much remains, whether you have taken any
advances, communications from the HR and Accounts and other central
departments, etc.
-
If
you access your organization's ERP, once again you will need to have a
username and password.
-
If
you run a website, your FTP site, your WebStats site, your affiliates, your
Link Partner sites, etc., all need to know who you are, before they let you
log in
As
you can see, there are so many reasons for your list of usernames and passwords
to grow, the list is endless!
In
addition to storing usernames and passwords, Password Managers can also help you
store details like your Software's Registration Number, so that you do not have
to purchase the software all over again, if it is accidentally erased or
corrupted. Most Password Managers also let you save the URL of the site, thus
doubling up as your "Browser Favorites" or Browser Bookmarks".
Some of the Password Managers also let you generate random passwords, in case
you aren't too good at creating passwords yourself! Best of all, you have quite
a few freeware Password Managers - so you get all these features at Zero Cost to
you!
Password
Managers may also allow you to print out all your usernames, passwords and other
details, once they are entered into it - not a very bright idea leaving the
print-out around, but useful, if you want to set it up on another Computer or
are recovering from a Hard Disk crash. However, the better way would be to
export all your password information into a common file format (such as CSV or
Text format) and set it up on the second Computer or the newly-formatted
Computer, as the case may be.
Go
Top
We
list below a few of the many freeware and commercialware Password
Managers:
-
KeePass:
At a total size of about 1.3 MB, it is the smallest of the Password
Managers. However, it packs in great features! What's more, it is a completely free, Open Source software - meaning if
you are a programmer, you may check out how it works and even modify it, for
redistribution under your name! KeePass can be configured to start with
Windows - a feature that will win your heart if you get addicted to it! If
not, you can also call KeePass wherever you are in Windows, by means of a
configurable Hot Key - the default Hotkey being Control+Alt+A
Again,
once you copy a username or password to the clipboard, KeePass also removes
it from the clipboard after some time - you can configure the time that the
clipboard should retain copied details. This is important, since anyone can
access the clipboard in a flash - the time you would require to take a
stroll to the next room or your colleague's cabin across the hall! Yet
another nifty safety feature is that KeePass allows pasting only once - if
you prefer to set it up that way!
With
KeePass, you can create groups and sub-groups of Passwords, if you wish.
KeyPass also imports from and exports to some of the most popular file
formats - example TXT, CSV, HTML, XML, etc. It can even directly import
usernames and passwords from other Password Managers such as CodeWallet,
PasswordSafe (up to Version 2 only), etc.
Finally,
KeyPass has a fair amount of PlugIns developed by others, for various
purposes. For example, one tiny PlugIn (sized under 30 KB) lets you check
for and remove duplicate entries! Yet another PlugIn re-orders Groups
alphabetically
The
screenshot to the right shows a blank KeePass database
|
|
Go
Top
-
Password
Manager XP: At a total size of a little over 2 MB, Password Manager XP
is the second-largest download. It is commercialware, with
the basic version costing US$ 29.95. Its user interface matches that of
Windows XP and it is compatible with Windows Vista as well.
Password
Manager XP is basically a workgroup Password Manager, as you can create
passwords databases at shared resources and access them from multiple
computers across the network. All change can be logged into a Log File, so
that the Administrator can find out who has changed what set of data. User
access levels can be configured as well. Its Removable Devices Wizard helps
in installing Password Manager XP to any removable media such as a USB
Drive. You can run Password Manager XP and work with multiple password
databases directly from removable devices - a feature that is absent in most
other Password Managers, along with the feature where changes made are
logged
Password
Manager uses some of the leading encryption technologies as well, making it
very robust where security is concerned. Configurable HotKeys, configurable
to start with Windows, easy export/ import to/ from CSV format, backup &
restore of passwords, etc., are the other standard features it possesses.
The
screenshot to the right shows the main screen of Password Manager XP. Notice
its similarity with the Windows Explorer interface.
|
|
Go
Top
-
Password
Manager Plus: At a total size of about 1.8 MB, Password Manager Plus is
on the larger side. To keep using it, you need to pay US$ 29.95. Password
Manager Plus has a few features that other plain-vanilla Password Managers
lack: you can save and file your online payment confirmations, travel
itineraries and articles, email a snapshot of any webpage to your friends in
a snap, and so on. With the Password Manager Plus Toolbar, you also get a
free Online Bill Manager account that helps you find online billers from a
directory of over 5,200 websites where you can pay bills at the last minute
and earn points by paying many bills with a credit card.
If
some of these features are of interest to you, then Password Manager Plus
would be your best choice. Else, you ought to look at one of the freeware
solutions or at Norton 360, which has so many features and is worth the money
you spend on it!
The
screenshot to the right shows Credit Card information being stored in Password
Manager Plus. The interface is very intuitive and you have options to
customize a host of features.
|
|
Go
Top
-
Norton
360: The basic solution is about 75 MB, with the Norton special features
(which include 2 GB backup space with the standard version and 10 GB with
the Premium version and Spam Guard with both versions) adding up to another
50 MB. It costs US$ 79.85, which is a lot of money. However, Norton 360 is an all-in-one Security Suite that protects
your Computer from Viruses, Spyware and Phishing sites. Each of these is a
best-of-breed solution in its own right, with Norton (Symantec Inc.) being
one of the most respected and oldest names in the business of Computer
Security.
Norton
360 would be familiar to those who come often to WellOiledPC,
for it is our top choice for AntiVirus and AntiSpyware solutions. However we
haven't discussed its Identity
Safe feature, which is an excellent solution for secure storage of Passwords. Unlike
KeePass, Password Manager XP, KeyWallet and Password Corral, Norton 360 works
like your Browser: every time you visit a site and log in, Norton 360 Identity
Safe pops up and asks you whether you would like to save the username-password details. You have
the option of saving the details, of not taking a decision whether to save or
not (i.e., deferring your decision) or of never saving it. If you choose the
last option, Norton 360 Identity Safe will never ask you whether you want to
save the site's password, but if you choose to defer your decision, it will -
until you either choose to save it or to never save it.
The
screenshot to the right shows the main logon for Norton 360 Identity Safe,
under Firefox. It works perfectly well with Internet Explorer as well, as
well as Windows Vista.
In
addition to logins, Norton 360 can also save your vital financial information
- such as your Credit Card details - so that you need not hunt for your wallet
every time you make an online purchase using your Credit Card! Software such
as Norton 360 that save your key presses are called Key Loggers. Some of the
most dangerous Spyware use Key Loggers as well, sending the information to its
makers. However, rest assured that Norton 360 DOES NOT send your
Password information to Symantec - or for that matter anyone else! With
Norton, you can rest assured that your information is perfectly safe!
Even
if your Computer is stolen or accessed by someone else, Norton 360's
Identity Safe will require the master password, before displaying the
vital information stored by it! As a comprehensive Security Suite, Norton
360 has no equal, we dare say! You should look at other Password Managers
only if its US$ 80 price dents your wallet! We strongly recommend that you
invest in Norton 360, however - you get the best of AntiVirus, AntiSpyware,
AntiPhishing and Password Management solution for the money, along with
other useful features like a decent-sized online backup space and a good
Spam Filter! WellOiledPC
are affiliates of OneNetworkDirect, the online partners of Symantec Inc.
To order Norton 360, click on the advertisement to the right, framed in
Red!
|
|
|
|
Go
Top
-
KeyWallet:
At a total size of about 1.4 MB, KeyWallet is as tiny as KeePass. Again
like KeePass, it is freeware, though not Open Source. KeyWallet
looks like a Wallet and basically has two clickable buttons - shaped like
Credit Cards peeping out of the wallet - titled Preferences and Help. The
other buttons, shown as Menu Items on top are Edit Key, New Key and Delete
Key. There is a button for customizing KeyWallet at the bottom as well,
though we wonder why anyone would want to change the default Wallet skin!
KeyWallet has no other customizations apart from the ability to change
skins. And if you missed it, yes, its easy to miss the tiny Minimize and
Close buttons at the top right of the interface...
KeyWallet's
USP is its simple and easy-to-use interface. Though Password Managers are some
of the most user-friendly software, even in this niche, KeyWallet is such that
anyone can use it right out of the box.
|
|
Go
Top
-
Password
Corral: At a total size of about 0.7 MB, Password Corral would have
been the smallest, but for the fact that it requires C++ Run Time Libraries. Password Corral
is freeware as well, though it has all features found in standard Password
Managers: a choice between Blowfish and Diamond2 encryption technology,
flushing the clipboard after a user-definable number of minutes, ability to
generate random passwords, ability to create different groups of passwords,
ability to create different Password Corral identities for different
users of the same Computer, etc.
The
screenshot to the right shows the Password Corral interface, with 2
Groups named ABC and DeF, each with a sub-group, named abc and def,
respectively. The fields that may be filled in are a description of the
website, your username and password for the website, the e-Mail you are
using (if any) for correspondence with the website, when the password
expires and your notes/ remarks if any, for the website.
The
interface is clean and very intuitive and it can be made to start up
with Windows if it is added to the Windows Start Up folder.
|
|
Go
Top
-
RoboForm:
At a total size of about 2.8 MB, RoboForm is large in comparison. It is a
commercial product, with the basic version costing US$
29.95. RoboForm sits on your Browser as a Toolbar and offers all the
functions you would require, for Password Management including AES/ Blowfisk/
RC6/ 3-DES/ 1-DES encryption, auto-filling of usernames and passwords,
ability to store offline information such as Credit Card details, etc.,
generation of random passwords and a virtual Keyboard for entering sensitive
information, thus negating Key Loggers (of the malicious variety). Yet
another useful feature of RoboForm is that it allows you to synchronize
between Windows Mobile and your Palmtop. RoboForm is also compatible with
Windows Vista.
The
screenshot to the right shows the features of the RoboForm Toolbar. Our
analysis is that for nearly US$ 30, RoboForm does not have anything that
freeware Password Managers have! Therefore, although RoboForm is extremely
competent at storing/ retrieving Passwords, we recommend that you invest your
US$ 30 on something else!
|
|
Go
Top
There
are many more Password Managers out there, but we believe these are the above
solutions are the ones
worth looking at...
Password
Managers Summary: