Summary: Use KeePass Password Safe to store your passwords, account information, and other sensitive data.
In response to Jeff Atwood's call to support small software vendors, I decided to institute a personal Freeware Appreciation Day on which I will contribute to one of my favorite freeware makers. I will try to observe the Freeware Appreciation Day on a monthly basis until I run out of money or cover all of my favorite applications (I hope that neither of these will happen).
This month's contribution goes to KeePass Password Safe, an OSI-certified, free, open-source, light-weight, and easy-to-use password manager created by Dominik Reichl. Before picking KeePass, I checked a few similar utilities including commercial Password Plus, SecureSafe Pro, RoboForm2Go, IBM/Lenovo hardware-dependent Password Manager, as well as free, open source Password Minder and Password Safe, but I liked KeePass most.
KeePass is portable (i.e. you can run it from a USB drive) and very easy to use. It keeps your information in a data file (database) encrypted with a user-defined password. You must specify this password in order to open the data file when starting the application or if you want to open a different data file.
Once you open the data file, KeePass displays the information about your user accounts (or whatever you saved in it) grouped by categories.
When adding or updating an entry, you can specify the title of the entry, your user name, the URL of the site (I wish that the URL were displayed before the user name), password, notes, and other information. There is an option to attach a file to a password (account) record, but I haven't tried it, yet.
The grouping feature allows you to organize your records in a logical manner. You can add and delete groups, or move items from one group to another. If you forget in which group you stored an item, you can search for it using the Find dialog box.
The basic functionality of KeePass should satisfy most users, but it can also be extended via plug-ins. For example, you can use plug-ins to export passwords to a comma-separated text file, import passwords from Firefox, open Web sites and fill in the login data automatically, and do more.
If you decide to use KeePass, you may need to figure out how to keep your data file in sync between multiple computers. One option is to keep the file on a USB drive (you can either open it from a USB drive or use the USB drive to copy it between machines). Although the file is encrypted, you will feel safer if you use the drive's built-in encryption or tools such as TrueCrypt.
If you do not like an idea of carrying data files on a USB drive, consider using a Web-based service, which allows you to map your personal online storage as a local drive, such as Who.HasFiles or GmailFS. If you store your data file online, remember to keep a backup copy in case the service goes down.*
UPDATE: To synchronize your KeePass data file across multiple computers (and keep online backups), try the DropBox synchronization tool. Dropbox worked very well for me, but there are also other alternatives, such as Syncplicity and SpiderOak. Or instead of using KeePass, try the online-based LastPass; it offers most -- if not all -- features of KeePass, and even more (it also lets you import the data stored in the KeePass data file).
Wikipedia: Password Manager
|*||Although keeping data files on a USB drive or online are both viable options, it would be more convenient to use a Web-based password manager. In fact, several online password managers popped up recently. After trying a few of them, Clipperz and Passpack seemed most advanced to me. Unfortunately, they both have limitations. Passpack has a difficult-to-use two-password authentication scheme, and, what is worse, it limits the size of the password database to 128 KB (approximately 150-200 records in a free account), while Clipperz is yet to implement the importing feature; Clipperz v. Passpack, Round 2 offers a good comparative review of both services. I'm looking forward to using a Web-based password manager, but until these services mature, I'll stick to KeePass. NOTE: See the update note.|