Using Password Safe with Dropbox Deux

In my second installment of "Using Password Safe with Dropbox," I'll mostly be covering how to install and use Dropbox followed by integrating your Password Safe into the Dropbox experience. If you haven't gotten started with Password Safe yet, I suggest you backpedal and take a look at my previous entry.

When last we met, we had completed installing Password Safe to a folder, started a new PSafe database, and were ready to get going with Dropbox. Hopefully in this interim you've had some time to get accustom to using Password Safe, as I've said many a time before that the program is very useful but not exactly easy to learn. Familiarity with PSafe isn't a prerequisite for getting Dropbox working certainly, but as these blog entries are specifically regarding doing both it would kind of make sense. Feel free to refer back to the previous entry if you're lost on any of these steps that specify what we did with our Password Safe installation and database.

Remember last time we grabbed both install files from the title of this blog entry, one for PSafe and one for Dropbox. The links are still active in this blog entry as well, so if you need either one go ahead and make it happen. Today we're most concerned with Dropbox, so you should have something like this:



Fire it up (double click it) and we'll start installing Dropbox. Once again, sell your unborn children to the software makers:



Pick the install location. We're good with the default, so hit Install:



Watch it do its thing:



And that's that! Dropbox just needs to know whether you have an account with them yet or if you need to make a new one. For the purposes of this tuturiol, I'm assuming you don't have a Dropbox account and need to make one. So, let's do that:



Next we'll fill out our name, email, password, and identify the computer we're running this instance of Dropbox from:



Now, before you cry "OOH, password! I'll bust out Password Safe!!" stop and listen for a sec. This is where we start getting a little Escher on things. Since our Password Safe database is going to be stored in our Dropbox, what happens when you want to make a new Dropbox install (e.g. on another computer) and can't access your PSafe database in order to do that? In other words, if your PSafe database is the only thing that knows what your Dropbox account password is, how are you going to get to that when you don't have access to Dropbox? It's a little confusing, but there's a simple solution: just make your Dropbox account password different than your One Password to Rule Them All and don't store the account in your PSafe database. Now, that means you're going to have TWO Passwords to Rule Them All, aren't you? Well, sort of. You really won't access your Dropbox account much once it's up and ready on any given computer. Dropbox is very slick in that in runs everything in the background and never prompts you for much of anything, so in all likelihood you won't even be entering your Dropbox account information much after this install (and any subsequent installs you make elsewhere). Still, if you're going to keep your Password Safe database in your Dropbox, locking it down too much means you could be in hot water if you lose access to Dropbox (which would be bad).

So, to summarize:

1. Set up a new Dropbox account with a different (and memorable) password than your One Password to Rule Them All. (References again: here and here)
2. Being really smart would be to add an entry to your PSafe database that stores your Dropbox account information, but don't rely on PSafe to enter this info if necessary (i.e. know what your Dropbox account password is from memory).
3. Keep your PSafe database in more than one place!

This last point will help you get out of a jam if necessary. I would be careful with where you keep your PSafe database obviously, but having a backup copy is absolutely necessary (and would be even if we weren't using Dropbox too).

So, after all that let's take another look at that Dropbox account setup:



Name and email are obvious (I assume Dropbox will let you recover a lost password using email, so that's a possible backdoor as well), and we've discussed extensively already what kind of password to use here. Computer Name just identifies to Dropbox what machine you are running on, so when you've set up Dropbox on multiple computers the online interface knows what's what. After we've gotten all this, hit Next:



The installer has a nice tour built-in that I recommend you go through if you haven't looked at Dropbox on their website already. It explains how Dropbox works and gives you lots of good background info. If you go through the whole tour (by always clicking Next) or click Skip, you'll get to the final setup window:



This final window has one more option, to choose your Dropbox location. By default your Dropbox goes under My Documents:



For most folks this will work out fine. In our case since we'll be moving our Password Safe database into here and that's where we initially put our database (if you were listening to me), it makes it even easier. Understand what's happening here: any file or folder under the "My Dropbox" folder will now be synced automatically to your Dropbox account online (up to 2GB for free). There are some other nifty features that Dropbox provides but I won't get into too much of that here (you can read about it and find out on your own). I will say that the special folder "Public" should be obvious and also that you DON'T want your PSafe database to go here.

So, when Dropbox is running you'll see this icon in your tray notification area:



The green arrow means Dropbox has finished syncing, and a spinny blue icon means it is currently syncing. If you look at your Dropbox folder as well, you can see the same icons that tell you what is synced online and what is currently transferring. For the most part Dropbox is terribly fast and syncs online in the blink of an eye, even between machines (it's fun to save a file to your Dropbox on one machine, then watch on another as it is synced without a hitch). You can right click this tray icon for a context menu that lets you go online to your Dropbox (in a web browser) or look at the local folder on your computer (the default double click action on this icon opens your local Dropbox). There are lots of other neat things about Dropbox to discover, but let's get on with getting our Password Safe database in there.

Go to your Dropbox (again, double clicking the tray icon automatically does this) and make a new folder called "Password Safe" (or some derivitive thereof):



This is where we're going to store our PSafe database (and only the database). Leave this window open, then jump back to the folder where we installed Password Safe on our computer:



What we need out of here is just the .psafe3 file, whatever you named it when we created it last time. You want to move (not copy) this file into the folder called "Password Safe" that we just created in our Dropbox:



If you're keeping all this stuff under My Documents like my example is doing, when you drag your PSafe database to your Dropbox it will move it and not copy it anyway. The importance of this is that any changes you make to your PSafe database will be synced to your Dropbox, and not a local file. This doesn't mean you shouldn't occasionally make a backup of your PSafe database elsewhere (you should), but it will ensure that your main database lives in your Dropbox so you can access it from any computer you Dropbox from (like a work machine and home machine).

So now we've hopefully got something like this:



Our actually PSafe database file (the .psafe3 file) is there in our Dropbox. In this image you see some other files as well; I have the installer for Password Safe here just in case, and some backup files as well. Just FYI, the .bak files are manually created backups (while running Password Safe, hit Manage and then create a backup file) and the .ibak files are the incremental backups that PSafe makes on its own. These latter you don't really need to worry much about, they're just there. So now we have our PSafe database in our Dropbox. Woo!

Go ahead and run Password Safe again:



Recall that we're running Password Safe locally, but linking to our database that is now stored in our Dropbox. Really, PSafe doesn't care as it sees the Dropbox folder as just another folder. However, since we moved our PSafe database from its initial location, Password Safe might yell at us:



No worries here, it's just because we put our database in our Dropbox. Hit Search, then navigate to your Dropbox and select your database again. Enter your One Password to Rule Them All, and your PSafe'ing it again, all with secure syncing to your Dropbox in the cloud and accessible from any machine you have Dropbox installed on.

A couple more notes to this: I've noticed in using my PSafe database with Dropbox that it tends to be constantly "using" a file. This is only if you leave your database open most of the time (which I usually do during the day). Dropbox thinks a file is constantly changing that it needs to sync, so you'll get the blue icon all the time. This doesn't seem to hurt the operation of either PSafe or Dropbox, however I will caution this: close your PSafe database when you're done with it.

In other words, I wouldn't risk having your database open on one computer and then trying to access and change it from another. This may work, but what worries me is possible data corruption in your PSafe database and that could be bad. The last thing you want is to mess up your database in any situation (which is why you back it up, right?).

That's pretty much it for using Password Safe with Dropbox. Now that we've been through all that, the best analogy I can give you to what I used to do is run PSafe from a folder on a USB drive along with storing my database on that drive. This worked for me for years, but it also meant that if I didn't carry my USB drive around all the time with me and I needed to access some site that only my PSafe database knew how to get into, I was SOL. Dropbox also has other advantages as it acts like a USB drive in the cloud; being able to log into it from some foreign computer means I can access any of the files I store there (this latter reason is also why I tell you to know your Dropbox account password from memory). No more physical USB drive for me!

If you are willing to try the steps I've outlined (which include getting serious and up to speed with Password Safe, then trying Dropbox to have secure access to your PSafe database), you'll find a plethora of useful goodness when it comes to secure passwords and access to files from any computer. For me it has become the best of both worlds and I still can't believe I get to leave my USB drive at home all the time. If you do try this tutorial and have any questions, feel free to hit up the comments or shoot me a note at rothermels [at] gmail [dot] com.

Blog on.

Using Password Safe with Dropbox

If you're keeping score with The Ballad Recommends, I recently put up a brief recommendation on Dropbox. Dropbox can be thought of as a flash drive in the cloud of the Internet, files available to you from any computer you have the client installed on. I also mentioned how I keep my Password Safe database in Dropbox now, so I no longer have to truck around a physical USB drive anymore (just Dropbox it!). With all that, I decided it might be a good idea to make a tutorial of sorts for people out there who might be interested in either of these technologies (and in this day and age of ID theft and bad behavior on the Internet, you should be interested in Password Safe) but might have some trouble getting started. That's where this post comes in.

First of all, go read The Ballad Recommends, specifically the entries on Password Safe and Dropbox. I have a few things to say there that I won't repeat here. Go on, I'll wait.

Next, grab both installers from the links in the title of this post. I'll be writing these instructions from a Windows XP perspective, but running both of these tools on Vista is basically identical. If you want to try this on Linux, you probably don't need my help in the first place. If you use Mac OS X, sorry, you're on your own there.

You should have both installers downloaded, something like this:



We'll start with installing Password Safe, getting a bit familiar with the program, and then work on the Dropbox portion. Go ahead and double click the installer "pwsafe-3.16" to get started.

Select your language:



Agree to do whatever the software makers say:



Now it gets interesting. I've used Password Safe for several years, and I've never used any install method except the "Green" one. Basically the Green install puts everything Password Safe needs into a single folder which you then run the program from. It's considered a "portable" installation because you could use it on something like a USB drive (which like I've said I have done for a long time, until Dropbox) or if you just don't want to tie it to one computer (which I never have). In our experiment here, we obviously will be using the Green install because there's no reason to tie it to the specific computer. I like this method anyway as it acts like a throwback to the days when programs were just installed to one place on the computer and that was it; delete the folder, delete the program (yeah I know, kinda like a Mac, but I just can't use those fussy machines myself).

Anyway, pick the Green install and we're off:



I would recommend the following settings for the Green install (you are welcome to start the program automatically, but we can do this later anyway):



Next you'll select where to install Password Safe. Hit the Browse button:



Installing the program somewhere like My Documents is fine, and actually where I recommend. Just pick somewhere where you'll know where it is. Once you've picked a spot, hit Make New Folder:



Name it something useful like, I don't know, the name of the program. I'll usually throw the version number in there as they update PSafe fairly frequently and I often will try out a new version while keeping the old one handy (another advantage of the Green install). Then hit OK:



You should end up with something like this for the path (obviously without the username censoring there). Bang on Install and let's get to it:



PSafe installs in a flash. Hit Close when it's done:



Now we'll bounce over to the path where we installed PSafe (in this example, under My Documents):



Jump on in. There's not much in here yet, but I will point out the actual application you are running. If you installed a shortcut to this app, this is the program you are linked to:



We'll be digging in to more of this in a bit, but let's minimize the window for now and hit up our desktop. There should be a shortcut for Password Safe on here (also one in the Start Menu if you're keeping score):



Go ahead and bang on this shortcut and it'll start up PSafe for the first time. You'll get a happy launch screen with not much in it. We're assuming you don't have a PSafe database yet, so click New Database and I'll quickly run through making a new password database:



For now you can save this database anywhere (again, just know where that is). For now I would select the same folder you installed PSafe to, just to keep things tidy. We'll be moving this database anyway once we get Dropbox up and running. I would also name it something fairly useful (not like "pwsafe") so you know what you're getting into. I run all my passwords out of one database, so I'm assuming you'll do the same here (but you could create more than one). Name the database, then hit Open:



Now comes the serious business. One Password to Rule Them All. I can't stress enough the importance of two points here: 1) Come up with a good, solid password (some basic good guidelines are here and here) and 2) Don't forget what it is!!! This second point should be obvious, but understand something about Password Safe: you lose the master password, you lose it all. So it's a bit of a catch-22: you want a good, strong password that only you will know, but you don't want it so obfuscatingly bizarre that you'll never remember it (and thus do something stupid, like write it down). It's a bit of conundrum, so if you spend most of your day on this one little section of creating the best One Password to Rule Them All that you can, great! It really is the most important part of all of this. Once you have your One Password, type it twice (whenever I need to make up new passwords, I actually practice in a word processor to make sure I'll be able to do it with my eyes closed, which is basically what those darn astericks do) and then hit OK, solidifying your One Password to the bits and bytes of your database forever:



Finally, we have an empty PSafe database. This is where the magic happens.



Like I've said before, Password Safe is an open source application. This makes it very useful and stable, but not terribly person-friendly. I'll go through the Options menu and give you a rundown of what choices I think you should select (at a minimum), but after all of this I urge you to read through the Help documentation included in the program. The background on how all of it works will help tremendously in your day-to-day use of Password Safe. So, to start off, click Manage and then Options, and we're presented with lots of them:



This first screen is backup options. I would suggest leaving them as is, as this will automatically set up incremental backups of your database as you make changes and such. Should a catastrophe happen and you need an old backup, these options will give you a good starting point. Pick Display next:



Again, not much to change here. Feel free to play around with these later, but for now you probably won't even know what any of it means (until you've used the program extensively and have read the documentation). Pick Misc. next:



Here you can change one or two things. I prefer to use Autotype as my default double click action when it comes to PSafe; basically this lets you put your cursor in the username field of a login page, then double click the entry in Password Safe and it will fill it in for you. Once you get used to this, you won't ever want to type a username or password in again (which is a major point of PSafe anyway). You can also set your default username here, which just means for every new entry you create, PSafe will assume this is the username (which you can of course change on an entry-by-entry basis). You don't need to do this, but it may save some typing when creating your entries in PSafe. Hit the Password Policy tab next:



This is another important section of Password Safe. This is your default policy for creating passwords. I like to choose a longer length (like 16 characters) and make sure there are at least 1 of every type of character. You can fiddle with this if you like, but this is just your default policy. For each entry, you can selectively change the policy to generate a password, which is handy if certain sites you use require different password policies. Click Password History next:



I would also suggest you set this history setting to something. By saving password histories per entry, you can save yourself some grief if you change the password to a site and somehow lose it along the way (it's very possible and sometimes easy to overwrite a password in an entry in PSafe; history let's you get those back). You want to select "Start saving previous passwords" so that new entries you create will have this option. Hit Apply, then head on over to the Security tab:



I would recommend at least these settings. We aren't going to make any changes to the System tab (but you can look at that if you want), so click OK in the Options window and we're ready to start making entries. From the main PSafe window, click Edit and then Add Group:



Name it something, then pick Add New Entry from the main toolbar:



Now we're into the nitty gritty of Password Safe. This is an entry for a username and password that you want to store (example, your online banking login). Understand that the Groups are only for your benefit; I have over 90 entries in my current PSafe database, so it helps to have those entries broken down into categories for easier navigation. Get in the habit of starting with Groups and you can make your database clean and easy to navigate from the start. Let's break down each section of the Entry page:

Group: We covered this in the above paragraph.

Title: The name of your entry.

Username: The actual username for the login you want to store.

Password: Obviously. You don't have to fill this in, that's where Generate comes in.

Notes: Anything about the entry you want to store in addition (obnoxious security questions, anyone?).

URL: This can be anything, but most helpful is putting in the actual URL of the login page for the particular entry.

Autotype: You don't need to change this unless the default Autotype doesn't work (see Help).

Generate is where the goods are at. When you click this button, it auto-generates a password based on the policy you set in the Options menu. So, our default password policy was 16 characters long with everything (uppercase/lowercase letters, numbers, special characters). That's what we'll get when we hit Generate. Know that PSafe won't actually save or use that password in the entry until you hit OK. It should be obvious, but Show will let you see the random password it generated so you can marvel at its totally brilliant obfuscation. So what happens when you're creating an entry that doesn't accept your password that uses your default policy? That's where Override Policy comes in. Select this box and you get a window similar to the Password Policy tab of the Options menu:



Here you can tweak the length of the password, what kind of characters it uses, and even select the dummy "hexadecimal digits only" option at the bottom. The Override Policy button is very useful for making secure passwords even on sites that don't seem to care about security; one of my peeves is a site that says "no special characters" in their passwords. Fine, how about I throw a 32 character hexadecimal password at you? This option is again incredibly useful to solve any website's poor password policy but still let you use a strong, randomly generated password.

So once you've made an entry, hit OK and it's in your database now. This is where the fun begins. Now you've got the fun job of tracking down all those logins you use across the World Wide Web and turning them into Password Safe entries. Where to start? Well, for me it was obviously email, then banking and major purchase sites (like Amazon), followed by online forums and memberships. This can take a while, but it becomes well worth it once you realize the power and convenience of Password Safe. Usually the way to track these logins down and get them into PSafe goes something like this:

1. Login to site (say, www.hotmail.com) and figure out how to change your password.
2. Create a new entry in PSafe (perhaps under a group titled Email?), punch in your Hotmail username, and generate a password based on whatever policy you can get to work. (Sometimes this takes some trial and error.)
3. Make this change to your account online (copy and paste works great, and a fundamental tool in using Password Safe).
   
4. Save the entry in PSafe, then logout out of the website.
5. Use the new PSafe entry to test the login again.

OK, five steps makes it sound not so bad, and it's really not. It just takes a long time. You kind of have to prioritize what sites you use most and which ones should be in Password Safe first. As you troll the interwebs in the weeks to come, you'll probably come across more sites you want to store entries into PSafe. Eventually it turns into a little game, and you'll soon love being able to create a new account on some random website just because you get to throw some nonsense password at it from PSafe that you'll never have to remember (just copy/pasta!). I use to hate having to make a "new account" for anything online, but nowadays with Password Safe I love it! And so can you!

Jump back into that window you left open that has the contents of your PSafe install. I pointed out the actual application a little while back, but I do want to point your attention to a few other things:



The .psafe3 file is your actual database file itself. Hopefully you named it something more useful than "pwsafe" (I told you not to) as this is the file we become most concerned with. Not only for this tutorial and using it with Dropbox, but also just in general. Once you get into PSafe and become dependent on it (like me) this file should be copiously backed up and put in multiple places for safe keeping. Don't worry, the encryption scheme on a PSafe database is absurd enough that as long as your One Password is good enough, you can feel confident that your information is being kept securely in this file.



This .cfg file is your config for Password Safe. All that stuff we did with the Options menu? It's all in here, so if you ever move computers or need to reinstall Password Safe somewhere else, save yourself a step and snag this file (it isn't installed by default, cause it's only made once you make changes to your database options). This is helpful if you're upgrading to a new version of PSafe (using the Green install, of course) and don't want to troll through the Options menu again. Handy.

All right, in the interest of preventing this from becoming the longest blog post ever, I'm going to saddle up here and ride off into the sunset with promises of tomorrow being Dropbox day. So far this post has really just introduced you to Password Safe, but some more interesting ditties will come out of it once we get into Dropbox. Remember where you store your Password Safe database for now as we'll be coming back to it tomorow.

Until then!

To be concluded...