This guide is meant to show you how to keep people who aren’t you out of places they shouldn’t be. We do this using three things: a cloud storage service, keepassx, and your brain.
Why would you want this? Well, to be as secure as you can be, you need to have pretty random usernames and passwords, that are distinct, across all of your devices and accounts. Memorizing all of this is nigh impossible. This take the trouble out. You’ll only need to memorize one thing, a method, that you come up with. That’s all!
- First, sign up for a cloud storage service. I use dropbox. But google drive would be ok too. The critical factor is that the service offer an easy way of updating the files across all your devices as they change.
- Second, download keepassx.
- Keepassx is fairly easy to figure out how to use. You may want to wait until step 4 before proceeding.
- Method. The method is pretty simple. You have 4 or 5 passwords that you memorize. They’re going to consist of sentences consisting of uncommon words. The sentences will be long. In addition, you’re going to have a method for updating them that is easy to remember. Here’s an example.
First password to decrypt your hard disk: platters spinning will not stop thieves in the month of mary in the age of two by ten and one and five Second password for sudo/root: elephants stomping will not stop thieves in the month of mary in the age of two by ten and one and five etc.
When the new month approaches and you update, you just change the end…the trick is coming up with unique identifiers for the month, and an easy to remember, but not totally trivial way of expressing the date. The most important thing is never to tell anyone your method!
So, you have one password for your cloud service, one password to decrypt the keepass file, another for sudo/root password, and another to decrypt your disk. The rest of your passwords can be generated using keepassx!
Make sure that dropbox or google drive or wherever you keep your keepass file starts at startup, or discipline yourself to always start it up before accessing your keepass file. The reason this is so is…keepassx generates a read only lock on the file while its being used, so when you update it, there’s only ever one thing being updated. If you didn’t do this, and you updated your file with a new account, none of your other devices would know about it. If you then went on another device and updated the file again, then you’d have two irreconcilable files you’d have to merge by hand. No fun!