Wednesday, January 16, 2008

Simple password management

To easily manage all your passwords, you don't need any freeware/shareware/crapware/malware/whateverware. If you are running Windows, all you need is 2 batch files, each containing a single line.

As a bonus, you can get some very simple security-through-obscurity by using a little known feature of the NTFS file system called "Alternate Data Streams". The security is not great, but the obscurity feels like a cool hack. And it's still better than having passwords.txt on your desktop, or Post-its on your monitor. (Of course, you can also skip the coolness and combine these handy batch files with the excellent TrueCrypt for really strong encryption at the expense of a minimum of additional hassle).

  1. Create a file containing anything (or nothing). Let's call it x, and put it in our profile folder (C:\Documents adn Settings\username\)
  2. Create a batch file (let's call it password-add.bat) with one line:
    @ECHO %* >> "%USERPROFILE%\x:passwords"
  3. Create a second batch file (for example password.bat) also with one line :
    @FIND /I "%1" < "%USERPROFILE%\x:passwords"
  4. Copy these two files to some directory in your path (like C:\Windows or C:\Windows\System32)
To add your new Google user name and password, open a Command Prompt window, and type:

password-add "Google: pass: ul7ra-secr37"

To retrieve that password once you have forgotten it, type anything like

password Google
password stupid

To add some obscurity, call the batch files something else (and shorter so you don't have to type so much): like newp.bat and p.bat.

To add even more obscurity, copy some small .dll file in c:\Windows\System32 to a new name like msp32.dll, and in the batch files replace "%USERPROFILE%\x:passwords" with "c:\Windows\System32\msp32.dll".

To add real security, get TrueCrypt, and put the file on a TrueCrypt volume. (Don't forget to correct the 2 batch files).

Important: This only works on NTFS partitions. If you move your file to a FAT32 partition or send it by email or FTP, all your passwords are lost forever. If your backups are done to an external FAT32 disk, you won't have a backup either. You can move the file around as much as want, providing that it always stays on NTFS partitions. If you copy over a network, the server also needs to be Windows (not Samba).

Labels: , , , , , , ,