In current high-speed digital world every person has about gazillion accounts - online banks, personal and work e-mails, work computer, several web site accounts, etc. Add mobile phone and credit/debit card PIN-s, door access codes at workplace, maybe security code for home surveillance system, etc.
Phew! How are people supposed to remember all these passes? Using the same password for each account? Using the same PIN code? No, you should never use such approach!
Suppose your Facebook account gets hacked and you have that same name and password for all other accounts. Cybercriminals would now randomly test your username/password combination in Twitter, LinkedIn, Google, Yahoo, Amazon, iTunes etc and they would break into each account you have. This can easily turn into credit card frauds and identity thefts!
And then think about the safe password policies that suggest changing passwords at least twice a year. Or that using web browsers' features that remember user names and passphrases is a really-really bad idea, because any virus is able to steal the stored credentials within seconds.
The very best strategy would be creating different and strong passwords for each account needed. While this makes breaking in difficult for cybercrooks, it also makes it hard for you to remember all those passwords. See guidelines in this article about creating strong passwords.
This is where you can use a password manager program - Password Safe in this example. When using Password Safe, you basically need to remember only two passwords - your Windows logon password and password for Password Safe database. Never use the same passphrase for both!
Password Safe keeps all your user names and passwords in an encrypted file that can be accessed only by using the correct password. It can even fill in your user name and password in web pages you visit and keep password history.
Downloading and installing Password Safe
Open Password Safe download page and click the Download pwsafe-<version number>.exe link.
Please note that Password Safe setup file does not have a digital signature and this can cause some security warnings in Internet Explorer and in Windows 8. In some cases, Internet Explorer 9 or Windows 8 SmartScreen Filter might pop up a warning stating that the setup file is not commonly downloaded and could harm your computer. This happens because the setup file has not been digitally signed and the program has been recently updated.
Click Actions or More info.
In the Internet Explorer SmartScreen Filter dialog stating "This program might harm your computer", click More Options.
Now click Run anyway.
Windows Vista, 7 and 8 will pop up a User Account Control Warning about Password Safe being unidentified (again, this is because of the lack of digital signature). Click Allow or Yes.
License Agreement page opens, click I Agree here.
Click Next to accept Regular installation.
In Choose Components page, scroll down, deselect Install desktop shortcut and click Next. As Password Safe starts automatically, we do not need to overcrowd our Desktops with unnecessary icons.
As default destination folder is fine, click Install.
Password Safe will then be installed. Click Close after setup is complete ("Completed" is displayed above progress bar).
Password Safe does not start automatically after setup is complete - it starts automatically only after you restart your computer.
In Windows XP, open Start menu by pressing Ctrl+Esc keys on your keyboard or by clicking the green Start button. Open All Programs, Password Safe and click Password Safe.
In Windows Vista and 7, open Start menu by pressing Windows Key and type "password" into Search box. Then click Password Safe.
In Windows 8, press Windows Key to open Start screen, scroll to the end of the Apps list and click Password Safe.
First you need to create a password database. Click the New Database button to do that.
Password Safe creates a folder named My Safes in your My Documents/Documents folder and gives your first database a name - pwsafe. You can still change the folder and file name, if you want to.
As defaults are fine, click Save.
Next, you'll need to assign a password for the new password database. Make it strong and remember it well - if you forget the password, you will have no access to the database! Do not use the same password as your Windows logon password here! Read this article to see guidelines for strong, but memorable passwords.
Type the new password in Safe Combination and Verify fields and click OK.
Please note that in the picture below, the password is deliberately too short and will cause a warning!
In case you typed in a weak password (too short, no mixed-case characters, numbers) or punctuation characters), Password Safe will inform you of this. Click No and type a better password - at least 8 characters long, using numbers, punctuation characters and mixed-case letters.
A blank password database will be created.
Click the Misc tab.
First, select Autotype from the Double-click action combo box. The default action for double-clicking an entry is copying password to Windows clipboard, but as clipboard contents are often monitored by password-stealing trojans, there is no sense in using the feature. Besides, Autotype is a very convenient feature in Password Safe.
Next, clear the Query user to set default username check box. This will prevent pop-ups asking whether you want to set the entered user name as a default.
Move on to the Password History tab. Click to turn on the Save ... previous passwords per entry feature. The default number, 3, is fine.
In case you have used Password Safe before and opened your previously created file, select the Start saving previous passwords option from the Manage password history of current entries section to enable the feature for older entries, too.
Open Password Policy tab. Click to activate the Generate Pronounceable passwords option. Other settings for random password generation are fine.
Generating random passwords comes handy when your mind is blank and you need to create a strong passphrase. Password Safe can do this for you, and auto-fill your user name and password the next time you need to log on to the account.
Click to open Security tab. Clear the 'Browse to URL' copies password to clipboard check box. Again, this will protect your credentials from password-stealing malware.
If you need to lock your password databases quickly, activate the Lock password database on minimize option. This also means that the database will be automatically locked after using the Autotype feature.
All other options are fine by default.
That's it for the options part, click OK to accept changes.
I always recommend having different groups in password database to make finding necessary items easier. For example, create separate groups for bank accounts, mobile phone PIN and PUK-codes, e-mail accounts and other accounts.
To add a group, right-click an empty space and select Add Group from the menu.
Type a name for the group and press Enter key.
To add a user name and password in a group, click the group name and use keyboard shortcut Ctrl+A or right-click the group name and click Add Entry...:
Type a description in Title field ("Yahoo! mail", for example). Then fill in Username, Password and Confirm Password fields.
Note that the passwords are not displayed for safety reasons - dots or asterisks appear in place of characters. If you want to see the password, click Show button - this will disable Confirm Password field.
While creating a new account, Generate button might be helpful for suggesting a random and secure password. You do not need to remember all the passwords anymore, just use Password Safe's autotype feature from now on!
If you are creating an entry for some online service, type in or paste its address in URL field. This allows using the Browse to URL + Autotype feature (described later). Just remember to type in the address for login page, not just any page.
Click OK to add the entry.
Now create other groups and entries. If you accidentally put an entry to a wrong group, you can either drag the entry to the correct group using your mouse, or open the entry and change its group in the Group field.
To change an entry, right-click it and select Edit/View Entry... from the menu.
To see previously used passwords for an entry, open Additional tab and check the Password History section. Please note that all passwords are displayed as plain text here, so make sure no one is looking over your shoulder!
All changes are automatically saved after clicking OK.
To close a database, use keyboard shortcut Ctrl+F4 or open File menu and select Close.
Password Safe automatically locks its open database if it has not been used for 5 minutes or when you lock your computer (using keyboard shortcut Windows Key+L). This keeps people from seeing your credentials and you can safely keep a Password Safe file open and locked.
When Password Safe starts, it will not open any database and its icon will be black in Taskbar Notification area.
To open a database, right-click on the black icon and select Restore.
Password Safe window opens, click File menu and select your password file from Recent Safe List.
Type your Safe Combination (password) and click OK.
When you minimize Password Safe window or use Autotype features, Password Safe icon in Taskbar Notification area will turn red - this means that a password safe file is open, but not locked (anyone can access its contents without entering a password first).
To lock the open database file, right-click on the icon and select Lock Safe.
When Password Safe is minimized and open password database is locked, Password Safe icon will turn green in Taskbar Notification area.
To use Browse to URL + Autotype for online accounts, you will need to specify an address to a page that asks for login details - user name and password fields. This also includes the pages that open pop-up dialogs for logging in.
Please note that the web page must automatically activate the user name field for this feature to work correctly! If not, you can still open the page using the Browse to URL feature, without automatically filling the login details.
For example, to use Autotype feature for accessing Yahoo! Mail account, copy and paste https://login.yahoo.com/config/login_verify2?&.src=ym in the URL field. This is the page where Yahoo! asks for your login details.
If a page opens a pop-up dialog for user name and password, use the URL that opens that dialog. To do that, right-click on the link and click Copy Shortcut. Then return to Password Safe, click inside the URL field to activate it and then press Ctrl+V on your keyboard to paste the copied link.
The Browse to URL + Autotype feature in Password Safe opens the specified web page (URL) for you, then after a few seconds automatically types in your user name and password and "presses" Enter key to submit the login details.
To do that, right-click on an entry in Password Safe and click Browse to URL + Autotype.
If there is no separate login page available or the page does not activate the user name field automatically, use the Autotype feature.
Open a login page in your web browser and activate user name field (not any other field!). Then return to Password Safe and double-click the entry (in case you selected the Autotype option in the Misc tab of Password Safe options).
Or you can right-click the correct entry and select Perform Auto Type. You can also use keyboard shortcut Ctrl+T for this, just remember to click on the correct entry first.
This will re-activate your browser window, enter both user name and password and press Enter key for you. That's it - you're in!
In case you need to change your Password Safe file password, open that file, click Manage menu and select Change Safe Combination... command.
In Change Safe Combination dialog, enter your current password in Old Safe Combination field and type a new password in New Safe Combination and Confirmation fields. Click OK to change password.