Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Password Security Tip

24 Apr 2010   #1
not so gray matter

W7 Ult. x64 | OS X
Password Security Tip

I'm sure that most of you have your computers fairly secure with Anti-Virus, Firewall, Anti-Keyloggers and everything else you can think of. One thing some might overlook is password security. Specifically the fact that without a password manager it's pretty difficult to store multiple passwords in your head that have the length and variability to be secure passwords.

Keep in mind that having one password for everything is a very bad idea. Once an intruder cracks that one password, he/she has access to everything. Another bad move that most people make is storing their passwords within their browser. This is very risky move. None of the browsers have enough password security to be able to protect your stored passwords.

The solution to both of these problems is a password manager with real security. It not only allows you to store all of your passwords in a safe place, but it also allows you to use passwords that aren't easy to remember yet are very secure.

There are many products on the market in this area, but here's a free solution I've come across.

information   Information
KeePass Password Safe

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.

Supported operating systems:
Windows 98 / 98SE / ME / 2000 / XP / 2003 / Vista / 7, each 32-bit and 64-bit, Mono (Linux, Mac OS X, BSD, ...).

Microsoft .NET Framework ≥ 2.0 or Mono ≥ 2.6.

The keepass software stores your passwords in a secure database. It requires up to three different log-in credentials. The options are a password, a user account and a key file. You can use multiple combinations of those choices, but take extreme caution with the user account option. The reason I do not recommend the user account method is because the software requires that all selected keys (password, file, account) are used and if you use user account authentication, there is no possible way to recover passwords if you lose the user account. If you lose the account and don't have a backup you cannot get back in. It will not accept a new account with the same credentials. The key-file and a decent password are more than enough security.

So, for the best security, set up your keepass database to require both a password and a key file. Anyone who wishes to access the database will need access to both items. This means that even if someone guesses or finds your password, they would still need the key file. Storing this key file in removeable media as well as in a secure backup location will allow access your passwords, and protect you from losing the database in the event that the removable media malfunctions.

Once you've started up a password manager it's a good idea to go through and change your passwords to become hard to guess and quite complicated. Personally, I use a password that contains uppercase, lowercase, numbers, symbols, spaces, high ANSI and is 64 characters long. Not all websites will allow you to use a password like this, but most will and most restrictions are related to length (16-32 characters) if anything. Some will require you not to use some symbols as well.

Here's an example of a password rated by Keepass at 512 bits:
*3iŠlI-'Œ›,"ž%-w( +iX4lЩfy+ƒ/?YžG忏R‡=9"

An average password like quake375gamer is rated at 59 bits. If you're serious about password security, there's simply no possible way to remember a set of passwords that have at least 128 bit security and aren't made up of dictionary type words.

One last tip: Even if you use complicated passwords on your main accounts, don't forget to use a decent password on junk e-mail accounts. These accounts may not have any information you think is important, but you may store a few contacts in these accounts unknowingly. If someone manages to access this account, you'll end up sending out unsolicited emails to these people.

Tip   Tip
If you'd like to test the security of your current passwords, you can use this link to do so. If you don't get atleast a STRONG rating on each and every password, you should consider a password manager with a password generator. Also, do not use dictionary words. If you're using a word that can be found in any dictionary in any part of your password, create a new one.

My System SpecsSystem Spec
24 Apr 2010   #2

64-bit Windows 8.1 Pro

Good advice Al!
My System SpecsSystem Spec
24 Apr 2010   #3

Windows 7 Home Premium

I've used Keepass for a couple months now. So so so much better than trying to remember pw's. Got it on a usb stick.
My System SpecsSystem Spec

24 Apr 2010   #4

Windows 7 Ultimate x64, Mint 9

Thanks a lot.

My password security is rather lax in that regard, mostly because there is no way I could remember different usernames and passwords for each site, let alone WHICH site.
I will give this a try.

Would you recommend INSTALLING the program to each computer I use, then put a keyfile on a USB drive?

My System SpecsSystem Spec
24 Apr 2010   #5
not so gray matter

W7 Ult. x64 | OS X

Yeah, put the key file in a usb drive, but put it in a couple of backup locations as well. This is because if you lose the key file you lose your passwords. If you're using the software the way it was intended, this means losing your passwords because they're probably a combination of nonsensical characters.
My System SpecsSystem Spec
24 Apr 2010   #6

Windows 7 ultimate 64 bit / XP Home sp3

Thanks for posting this it is great advise. Fabe
My System SpecsSystem Spec
24 Apr 2010   #7

Windows 7 Ultimate x64, Mint 9

Quote   Quote: Originally Posted by notsograymatter View Post
Yeah, put the key file in a usb drive, but put it in a couple of backup locations as well. This is because if you lose the key file you lose your passwords. If you're using the software the way it was intended, this means losing your passwords because they're probably a combination of nonsensical characters.
Thanks much. Will do this.

Is it possible to backup the database on my main computer and export it to other computers, so that my laptop can have all my same passwords backed up?

My System SpecsSystem Spec
24 Apr 2010   #8
not so gray matter

W7 Ult. x64 | OS X

Yep lord bob it is. You can move the database anywhere you want as long as you don't use the user account authentication. You can then access it from that other location. You can also download the portable version of the software which can run without being installed. This will allow you to keep everything on a flash drive and access your passwords on any computer you go to.

Keeping all of your files on one flash drive isn't recommend though because a would be attacker could get this device and all they'd need to access your passwords would be your database password unless you encrypt or disguise your key file. I'll post another thread on TrueCrypt, which is a software you can use to encrypt drives and files.

Here's the link to the portable version of Keepass classic and professional (both free)

Classic Portable
Download KeePass Password Safe from

Professional Portable
Download KeePass Password Safe from
My System SpecsSystem Spec
29 Aug 2011   #9

Windows 7 Home Premium 32bit, Linux Mint Julia, in dual boot mode

Hello to all, A very late reply but I am a bit stunned now that I finally read it (I am new to this forum and am looking at many postings). Why on earth do you have to store your passwords ON the computer? Why not use a pen and a notebook (the paper one) with all kinds of stuff in it? No stranger or burglar is ever going to waste time browsing through your notebook. It is just as fast i.m.o. as hiding it somewhere on the computer but no one will ever find them in your notebook. I mean, hells bells computers are fine but for everything?
My System SpecsSystem Spec
29 Aug 2011   #10

Windows Seven, Ubuntu

Using it for a long time. Great program. Love the fact that I can put my password file on a zip drive and never lose my passwords again.
My System SpecsSystem Spec

 Password Security Tip

Thread Tools

Similar help and support threads
Thread Forum
Remember Password & security
This may sound dumb but I am not techno savvy. I am tempted to use the "remember password" facility on my outlook/hotmail when I log in but do not know whether this is safe, i.e. will only go to automatic password on my pc and not anyone else's who may try to hack into it. Is it totally safe to...
Browsers & Mail
Saving Security Password
I recently purchased a Dell Latitude E6530. I use a Verizon hotspot for my internet connection. My wife also has a hotspot. At times I will use her hotspot depending on signal. When switching I have type in the security passcode to access the internet. Also switching back I have to retype the...
Network & Sharing
Password security
There is a discussion at about safe (strong) passwords but the thread is marked as solved. So I post my reply I wanted to give in a new thread here. All these rules for composing safe passwords are rather bothersome. The whole problem...
System Security
Password Security?
Hi again, A few days ago my mom and I recieved a message in our screen, right next to our virus-thingy and stuff. It said that it was recommended to use a password on our computer and if we didn't our computer might not be safe - or something like that. Don't remember what it said. But we did...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:45.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App