Introduction: Family Password Security
There is a lot of advice about passwords and security on the web, but no one system is perfect for everyone because everyone has different needs and risk profiles. This is my system, and it works great for my situation. Some friends have asked about it, so I'm sharing this Instructable. Even if your goals don't quite match mine, you may find some useful techniques, so read on...
I'm assuming you already understand something about passwords, like the fact that "12345" an anything in the English dictionary are terrible choices for a password. I don't delve much further into cryptography or security theory, because it would take too long, it would be distracting, and mostly because I'm not an expert in that field (hopefully you will see that as a plus, since otherwise I would spend the whole time scaring you).
The basic problem with passwords is that if you have enough strong passwords to have adequate security for all your different web sites and other situations, then it is difficult to remember them all. Solutions like writing them down or storing them in a spreadsheet solve those problems while introducing a host of other risks. In addition to the obvious security holes, keeping that information up to date can be a bother.
Now that I have a family, I realized there are other needs too. I handle most of the family finances, but if I am hit by a bus, whether I survive or not, how will my wife figure out all the stuff needed to take over? Less important but more common, if my wife gets a new frequent flier number and password, is there a good way to share it so that either of us can access it when needed?
If my laptop is stolen, or my house is burglarized, am I going to have to change all of my passwords? If you are starting to catch my drift, you can see that the first step is to think about your risks. While most people are affected by the same risks: burglary, malware, injury, stupid mistakes, natural disasters, some situations may be more important to you than others, so it's still worthwhile to give some thought to your specific concerns.
Most of this is not terribly new; many people already use a password database stored on the cloud, but I haven't seen much written on how to share it securely. Even if you don't need to share your passwords with a family, you will probably still find some or all of this system to be useful.
Step 1: Assessing Risks and Threats
I consider "risks" and "threats" to be more or less synonyms in this context, but some people approach this problem from only one side. For example some people carry all their passwords on an encrypted USB stick on their keychain. That's great to prevent data theft, but what happens when you accidentally flush your keys down the toilet, like I did a couple years ago?
OK, so you keep a backup. What happens if your house catches fire, and you leave your keys and your backup drive behind? Yes, you should be storing the data in the Cloud too. The point is that you need to consider all of these before you can be satisfied that your system is adequate protection from whatever life throws at you, whether it is malicious or accidental.
Design goals (driven by my assessment of risks and threats)
* Use secure passwords where needed and use separate ones for each financial site
* Don't have so many passwords that I forget some of them
* Share access for convenience
* Share access in case I am incapacitated
* Don't compromise security if my laptop is stolen
* Don't lose access if my laptop is stolen
* Keep it simple enough that my wife will use it too
I can't stress the last one too much. If the system is too frustrating it will be abandoned, and that's another risk.
Threats I gave up on
Security is a hard problem. If someone takes control of your email, they will probably be able to reset many of your passwords and take control. This system can help, but does not do anything extraordinary to protect your email, especially if you cache your email password in your Browser.
Many windows computers have already been compromised and could be logging your keystrokes or intercepting your web data. I think this system is way better than most other forms of protection, but it's impossible to be totally secure unless you throw your computer in a lake and go hide in a cave (and that will bring its own set of problems).
In most situations, better security comes at the expense of ease-of-use. One of the nice things about this system is that most of the complexity is in the setup. Once you get through all that, with the help of this Instructable, your system will be both reasonably secure and reasonably easy to use.
Step 2: The System
OK, here's how my system works. I'll explain each of the steps in more detail on the remaining pages.
1) Keep all passwords in a secure password database. I use KeePass , which is free, open-source, and cross-platform. I'm sure there are other great ones you can find.
2) Store the KeePass database in the Cloud and share it with your immediate family. I use Dropbox, which is free, and can be accessed even if your computer can't reach the internet, since a local copy is always on your local hard drive. I'm sure there are other great services you can find.
3) I made a strong password, shared it with my wife, and sealed it in an envelope for my parents in case of emergency.
4) I carefully made a handful of identical USB keys with a secret keyfile on them, and I carry one around. I also put Mac and PC versions of KeyPass.exe on there, and made a simple batch file to open it up easily (actually make just one until everything works; see step 8)
5) I set up Keypass to require both the password and the USB keyfile to access the rest of the passwords.
6) I made new strong passwords for my banks and recorded all the other website passwords, most of which I did not bother to change. While I was at it, I tried to record other essential information in KeePass.
7) I also used TrueCrypt to store some related information, also stored on Dropbox
8) I tested everything and then duplicated the working USB key
9) I distributed the duplicate keys, one for me, one for my wife, one for home, and one offsite and trained my family.
10) I poured myself a beer and enjoyed it.
Step 3: Password Database
The heart of the system is keeping a bunch of strong passwords in a password database protected by a master password and key. Thankfully there are products which help with this, so that it's done right. That's way better than using your own Notepad file or Excel Spreadsheet, though many people get by with that.
I chose KeePass, which is free, open-source, and cross-platform, but you can use any similar program. KeePass is makes it easy open your banking websites and to paste your credentials into their browser login forms. There are also browser-specific plugins for even more convenience and all kind of other plugins, but I don't use any of them.
It's a bit confusing that there are two separate flavors, KeePass v1 and KeePass v2, and they are separate products. KeePass 2 has some extra security features to thwart keyloggers, but I use KeePass 1 because I couldn't get KP2 working on our Mac. Supposedly it is possible, but it wasn't important enough to me to keep trying.
For Mac and Linux, you use KeePassX, which is technically a different program, but is 100% compatible with the KeePass1 file format.
If you need to use this system on public computers like at the library or an internet cafe, then the extra security risk might prompt you to use KeePass 2 instead. You can't use the same database format with both programs, but you can convert back and forth if you really need to.
Step 4: Cloud Storage
I store the KeePass database file in the Cloud, which makes it more available and backs it up in case your computer is stolen. I use Dropbox, which is free if you use less than 2 GB. It's great because not only does it keep your data backed up, but it also synchronizes changes very quickly to all local copies. If you add a new password to KeePass and save it, your family member(s) will be able to access that within a few seconds, if you are all connected to the Internet. KeePass has a locking feature so that only one user can modify the file at a time, and that seems to work just fine across Dropbox clients.
Note that we don't depend on Dropbox for security . There was a minor dust-up recently when they had to change their terms of service and admit that they really could access your password-protected data if they felt like it (or to comply with law enforcement). This just underscores how you can't really trust anyone on the web, which is why we are building this system.
If you can't trust Dropbox, can you trust KeePass? I suppose they could have put a backdoor into the software, except that it's open source, so hopefully all the smarties would have found any undisclosed vulnerabilities before now.
There are a couple more dropbox risks to mitigate. It's possible that sometime in the future they will charge for service, or worse, go out of business. If that comes to pass, hopefully some other company will offer the same service. Also there is some possibility that someone could hack your account, or that you could make a mistake and either way your file gets deleted or corrupted. If you don't notice in time, the problem will replicate to all of your local dropbox copies.
So every once in a while you should make a copy on a hard drive somewhere. Make sure you clearly mark it as a backup or mark it as read-only so you don't crack it open with KeePass and start storing new passwords in there. Make sure your DropBox password is in there so you can use it get back into DropBox if you forget its password.
Step 5: Strong Passwords
Pick a strong password for your KeePass database. There is lots of good advice out there (and even more bad advice) I don't want to talk too much about what I used for myself. Please make up a new password and use it. It's too risky to use a password you have ever used before, especially one you have ever typed into a web browser form.
Try http://www.wikihow.com/Create-a-Password-You-Can-Remember or http://xkcd.com/936/ for ideas on creating a strong but memorable password. Of course the best way to remember it is to use it frequently.
A significant part of this system's strategy is two-factor authentication . The security combines something you know (your new strong password), with something you have , which will be the USB key we'll prepare in the next steps. Your password database can only be unlocked if you have both of these authentication tokens.
That's pretty good security, but you still need to follow basic precautions. Don't keep your master password written down or *gasp* stored on any hard drive (you knew that, right?).
The two-factor authentication may make it difficult to access your passwords on a smartphone, but I'm not too keen on the smartphone's security anyway, so that may be a feature. One thing you could do is have the file in Dropbox on your smartphone and so you could access the database from any computer, using the smartphone as a constantly-cloud-synchronized external hard drive for your PC.
Step 6: USB Keys
The USB key will include several functions, the most important of which is to store your secret keyfile. What you should never do is to store the password database on there. For one thing, you don't want to store the password and the file together, and for another, you don't want any of the files on the USB key to change because it's difficult to synchronize them.
I chose the following USB device http://www.amazon.com/LaCie-iamakey-Flash-Drive-131104/dp/B004D2AZ06
because it was cheap enough and the reviews said it was very durable. Since I carry it every day on a ring with my other keys, that's an important feature. If you are going to carry it on your keyring, you probably want the housing to be metal rather than plastic or else use a short lanyard so that the key itself doesn't break.
Otherwise you can use any USB drive hanging around, but you will need to make some duplicate copies, so it's best to just go buy a set of identical drives all at once. I recommend buying one for each user plus two, one extra to keep at home, and an extra one for offsite storage in another town, covering the risks that your house burns down or a serious natural disaster hits.
The cool thing is that the key is useless without your memorized password, so you don't have to be extra-careful about it. I keep my offsite one in my desk drawer at work.
I recommend not using this USB drive for anything else, because that's just one more thing to remember to back up. Your data is better off stored in the Cloud. However I do put the KeyPass executables on the key so that I don't need to run a software installation just to use the system one time on a different computer.
KeePass can be downloaded from http://keepass.info/download.html. You want the portable version, which is available in ZIP format. KeePassX is actually a different product, for unix-based systems (including Mac OSX), but it shares the same file format.
I downloaded the Windows version of KeePass1 and unzipped it into a folder called "KeePass1(Windows)" on the USB drive.
I downloaded the OSX version of KeePassX on to my Mac and installed it into another folder "KeePassX(OSX)" on the USB drive.
I also added a batch file to make it easier to get Keypass going. The batch file is called "keepass1.bat" and it contains a single line:
start /d "%~dp0KeePass1(Windows)" KeePass.exe
You can use Notepad or any text editor to create this file. After plugging in the USB drive, double-clicking on this .bat file will start up KeePass.
Removing a USB drive should be done by using the Windows "Safely Remove" feature. This nifty free utility makes that a lot easier. You can run it directly from the USB drive, but I also keep it pinned to my taskbar.
I also made an alias for the Mac App on the root folder of the drive.
Step 7: Keepass Configuration
I don't use any KeePass plugins. If you do, make sure they get installed onto the USB drive.
If you don't read any of the other documentation, at least read http://keepass.info/help/base/keys.html so you know the basics of how KeePass keys work.
The main thing to do is to set up your password database for combined master password AND keyfile security (as seen in the image). For a new database, KeePass will help you create a keyfile. I don't like the default name, so I give it a similar name to my database so that I recognize it as an important file.
Most of the other KeePass options can be set as you see fit, and the default settings work pretty well.
The most important ones are:
Advanced -> Remember last open file
Advanced -> Automatically open last used database on startup
Step 8: Website Passwords
Use KeyPass to generate a different strong password for each financial site you use. Now that you have a system for using strong passwords, you don't have to try to invent reasonably good passwords you can still remember.
For sites where security is not so important, like Instructables (sorry, but it's true!) or other bulletin boards, I re-use a few of my favorite passwords. They are still strong (not English words or names), but I don't sweat about using the same password on a few sites. I still store the passwords in KeePass so that everything is in there. Since I allow the browser to remember those passwords and don't type them very often, it's nice to have them in KeePass if I do need to remember them.
Any site which gets my credit card info gets a strong password. Whether you should ever give anyone your credit card number is a topic that I'm trying to stay away from, but ultimately that's your call.
KeePass is also great for storing account numbers and all the other information you or your family will need when accessing your accounts.
Step 9: Protected Documents
While I was at it, I also learned how to use TrueCrypt and put some important documents into my Dropbox storage, now that I feel I have better control of the security.
TrueCrypt is really great, but you'll have to learn more about that on your own. Be sure to skip this step if you are getting bogged down, I didn't mean to distract you!
Step 10: Testing and Distribution
Once you have the infrastructure ready, you need to test it before duplicating your USB keys. You don't need to enter all of your passwords though, since the synchronization works pretty well. You just need to test everything to make sure your other users don't get frustrated.
1) Store a password in KeePass, close it and re-open it and see that it's still there and can be used to access the associated web site
2) Make sure KeePass launches on all OSes you need to support (Windows, Mac, Linux)
3) Test any batch files or aliases you made.
4) When you launch KeePass a second time, it should have remembered the locations of your database file and your key file but still prompts for the master password.
5) Test that you can add a password on one computer, save it, and then see it and use it on another computer.
6) Copy the USB key files to another key (see below) and put it on two computers and see that KeePass forces you to open the second one read-only to prevent conflicts.
Once you are satisfied with the key, Use it as a master to make all the other USB keys into identical copies. Use a computer with at least two USB ports so that you can copy directly, because you never want to copy the keyfile onto any other hard drive. Even if you delete the file from your hard drive, it may still be in the recycle bin, and even if you empty that, other tools can be used to recover deleted files. Again, make sure the keyfile is never copied or backed up except to another identical USB key.
Change the volume label of the USB key to something useful like "KEY". Give the same volume label to all keys especially if you use the Mac, so that KeePass will look for the keyfile on the correct drive.
Each user should keep a key with them on all times. Your key ring is a perfect place. Keep another one in a safe place in your home, like where you keep other spare keys. Keep one outside the house, preferably in another town. I keep mine in my desk at work, which is safe enough since it's useless without the master password. A bank safe deposit box is not a bad idea either.
Step 11: Distribution and Training
Now that your keys exist, give one to each user, and make him or her connect to DropBox, get the KeePass DB, and use it to access a secured web site from start to finish, without you touching the keyboard. Once Keypass accesses your file, it will remember the location, so it is slightly easier if your Dropbox folder is in the same location (i.e. C:\Dropbox) on each computer. That's not required, but just remember that the easier you make this, the more likely your users will actually use it.
Each user should keep the key securely on their person at all times; preferably on their main everyday key-ring. Keep a key at home in case you lose your keys, and keep one offsite in case your house burns down and you end up fleeing the house without any of your keys. I keep mine in my desk at work, but you could leave a key with a friend or in safe deposit box at the bank.
I felt that my parents need some kind of access, in case my wife and I are both incapacitated. Since they won't be using the system regularly, I had to write down the password for them. Even with the keyfile being separate, you should NEVER email your master password or store it on any hard drive. However I did not give them a key; I just showed them where to find the key in my house when they visited. They took the password to their home so it is not stored anywhere near the USB key.
Training DOs and DONTs
DO: use the system for all of your passwords, even the ones you want to keep memorizing. Using the system regularly will keep it healthy.
DO: get in the habit of using KeePass to generate strong unique passwords for your financial accounts and other high-security systems. You can set expiration dates on them to remind you to change them regularly.
DON'T: keep the master password written down anywhere near your computer or the USB key.
DON'T: back up the USB key contents to any other hard drive
DON'T: store any files which need to be synchronized on the USB key.
DON'T: use the master password for anything else.
Are we done yet?
Yes, go have a beer or a grape soda now. And please donate to KeePass and TrueCrypt and USB Disk Ejector, and subscribe to DropBox if you find them as useful as I do.
We have a be nice policy.
Please be positive and constructive.