Use Keepass or Get Screwed

Today I received an e-mail from a website admin, informing me that two of their admins had misconducted. They had stolen the database + all user e-mails and passwords and of course used that information to log into other web services.

Using keepass and different passwords for every website totally makes sense!!! What do you do to protect yourself against something like this?


3 thoughts on “Use Keepass or Get Screwed

  1. Thomas

    After reading your post I thought about using keypass, too. What kept me from migrating up to now is, that I am not always using my own computer / laptop / mobile. How do you cope with such situations? Especially when the devices you are working with, do not have the keypass software installed (and as they do not belong to you, you cannot install anything on them). So the only advantage for me would be to have more secure (longer) passwords, as i already have different passwords for my important services. In contrast to that the disadvantage is that I’d have to remember those extra long and secure passwords, generated by keypass, in order to be able to use the services i want, on devices which do not belong to me.
    So for my use case keypass is no option.

    1. Christian M. Schmid (Post author)

      Hi Thomas!

      You are absolutely right.
      The essential point is you have to have different passwords for all the services you use. If you are able to memorize all of those, you’re also safe ;)

      I memorize the passwords for the services that I use regularly (all of those passwords are 10+ characters and all of them use special characters and/or numbers) as well but my keepass safe as of right now has 150 entries, most of them with more than 20 characters. Many are accounts that I don’t use regularly and definitely not when I am on a mobile device (github, launchpad, mysql root, online shops, my parents’ skype accounts, …) What I want to say is you won’t get around memorizing the most important accounts, but those 140 random/sometimes accounts are still important to keep somewhere.

      By the way there are keepass clients for all major mobile OSs (e.g., Android) and you can install keepass on a USB flash drive, so that you can use it on PCs where you can not install anything.

      Thanks for your comment!

  2. Pingback: Use Keepass or Get Screwed AGAIN | Christian M. Schmid

Leave a Reply

Your email address will not be published. Required fields are marked *