10/05/2009

Browser Password Synchronization, Rethinking the Web Browser: Mastering Firefox like a Ninja 2

Being able to manage passwords is the biggest, and most important, time saving skill that can be learned about utilizing a browser. Having to remember and retype multitudes of passwords is very cumbersome, and in any given hour of using a browser it can significantly tax your time. Fortunately, there are a few very good solutions. These solutions allow you to save your passwords and have them auto-fill when you visit a login page. These solutions also encrypt the password storage file for transferring between computers.

Xmarks (formerly Foxmarks)
Keepass

Both of these tools allow for fairly seamless password sync between computers. The beauty is that they fully encrypt already encrypted passwords and sync them between different browsers and/or profiles. I use Xmarks, and have since it was in beta. I have not used Keepass, but know that it is a very good solution. The main difference is that Xmarks uses the cloud, and Keepass uses a flash drive.

The differences get even more subtle when comparing and contrasting the details. Once Keepass syncs your passwords to a new machine, only newer passwords saved will create differences between machines until a new sync. Xmarks advantage is that all computers/browsers remain generally similar in their password storage via a server sync. The Keepass advantage is that 3rd party servers are not involved in the exchange of the encrypted file holding the passwords. However, Xmarks gives you the ability to utilize your own server for the file. Saved passwords are associated with a profile. Also, Xmarks is a Firefox extension and thus needs to be associated with a profile. Keepass is a standalone program and works differently.

When it boils down to it, both are equally matched. The decision is basically between trusting the cloud, or being a flash drive toter. That decision aside, every button needs to be well understood by the user. Take a lot of care when adopting either of these programs, or any other. It took me 2 weeks before I fully trusted Xmarks when I was implementing it. This caution is well within bounds, because the systems are very simple yet hold a lot of power. Again, know what every button does before trusting any password management tool.

Once you have a good working password manager it will become extremely easy to browse to any website that requires a login. Having the password automatically fill in a login page is a very rewarding experience. First, you save the time that would have been expended typing the password. Second, your mind is free to concerns other than the password. Take the simple action of a login and span it out over how many times it is done in a given week, month, or even year. One might save tremendous amounts of time and brainpower over a number of given repetitions.

TIPS:

Again, know what every button does before trusting any password management tool.

NEVER print your passwords out on paper.

A random password generator will improve your security, but may hinder you when you need to manually type a password.

If you use Google, make sure that it knows your phone number, or that you have a good way of getting your account back if security is compromised.

A few login pages will not be recognized by the browser, and it will not prompt to you to save the password.

There are other solutions and strategies for saving passwords, that may fit your situation better.

It would be good practice to not save passwords for financial accounts (bank, credit, investment).

For Foxmarks avoid clicking the “Never” when prompted to remember a password, as there’s an unsolved bug that messes with sync(ignore this if they’ve solved the bug).

Links:

Lifehacker

Password Generator

Secure Passwords

Your Own Xmarks Server (not required, advanced only)

Projects & Links

Colonize the Moon
About moon/mars/asteroid colonies and space stuff

Computer Dungeon
About
linux/raspberry-pi/bitcoin and computer stuff

VidUploadServer
A video upload server I coded myself

Recent Posts