Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your homepage’s ftp password, online passwords (like CodeProject member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem… A serious problem. The thief would have access to your e-mail account, homepage, etc. Unimaginable.
KeePass is a free/open-source password manager or safe which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key-disk. So you only have to remember one single master password or insert the key-disk to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).
Official download page:
http://keepass.sourceforge.net/download.php
For usefull plugins, take a look here:
http://keepass.sourceforge.net/plugins.php
KeePass is pretty nice, and generating passwords is very important. However, Keepass doesn’t go far enough to ensure your security *and* convenience.
I much prefer a Password Manager that integrates directly with the browser, like RoboForm for Windows or 1Passwd for Mac OS X. I spend most my day browsing the net and I couldn’t live without these tools.
Both these tools go beyond KeyPass’ features in many ways, but I want to highlight password generation. The approach used by Keypass uses the clipboard, and therefore is easily defeated by a keylogger. Roboform and 1Passwd both generate strong passwords and automatically fill the current page with the new password **without** using the clipboard. This is incredibly important: Keyloggers never get to see the password. In the case of 1Passwd, it will even generate the maximum strength password for the active website.
One thing I do love about KeePass, however, is that it has an open source implementation of the encryption algorithm. Sadly RoboForm uses its own proprietary solution. 1Passwd, otoh, uses the standard OS X keychain so you can rest assured that a whole team of Apple engineers have made it robust and secure.
See the 1Passwd Mac OS X Password Manager and Roboform Form Filler home pages for more details.
I use my password manager for everything (not only web forms) which make keepass a great tool for me, highly flexible. I am not to worried about key-loggers as other security measures have been implemented against that, but if they are 100% fail-proof ? I guess the same can be said about any application which is not open sourced, are they fail-proof ? nobody can see.
An other reason for me to use Keepass is there are different versions for the different OS’es I use, there is one for Linux, PocketPC and Palm OS.
I agree on every product improvements can be made, and as long you know the limitations of the products it will do just fine. Besides it is 100% free.