If you sometimes struggle to remember passwords, or if you're ever tempted to re-use a password, a password manager can help.
A password manager can store your usernames and passwords — securely encrypted — and can generate strong random passwords for you. This makes it far easier to have a different and strong password for each site you use. There are options to store the passwords on your local system or in cloud storage, and for collaborating with a team.
The sections below detail the KeePassXC software for DICE and other systems, the LastPass cloud service from the University, and other options plus further reading.
Both the National Computer Security Centre (NCSC) and the Electronic Frontier Foundation (EFF) have guides to using and choosing a password manager.
- ⇒ Managing your passwords - NCSC.GOV.UK
- ⇒ Choosing a Password Manager - EFF Surveillance Self-Defense
KeePassXC
DICE has keepassxc. It saves passwords to a local file, which it encrypts securely. You can store .kdbx password database file in your DICE home directory or any removable media you've attached. You can install KeePassXC or a KeepPass-compatible program on your own computer, so if you want to access the same password database from several machines - for instance a DICE machine and your home laptop - you can just copy your .kdbx file between them.
To get started (with either program), read the Electronic Frontier Foundation's guide, How to: Use KeePassXC.
- ⇒ How to: Use KeePassXC (eff.org).
- ⇒ download from keepassxc.org.
- ⇒ KeePassXC on GitHub
The original KeePass utility has been forked, copied or ported many times over the years. An extensive list of versions can be found on the Keepass download page, including several versions for phones.
- ⇒ List of KeePass ports (keepass.info).
LastPass
The University has a site licence for LastPass, a password management service. Students can have free Premium Accounts, and staff get access to the Enterprise version.
If you use a University-managed Windows machine, you could try LastPass. Watch out, though, because they have been the targets of at least one "security incident" (security breach and data theft) which you can read about on their company blog.
- ⇒ LastPass.
- ⇒ LastPass Blog 12-22-2022: Notice of Security Incident.
- ⇒ LastPass Blog 03-01-2023: Security Incident Update and Recommended Actions.
Others
Almost all mobile phones and web browsers now offer a built-in password manager and some provision for sharing these through a cloud service. These are often closely integrated with hardware security features such as biometrics.
Apple devices have a password manager called Apple Keychain. This can share passwords between all devices which use the same Apple ID. If you create an account on a web page while using the Safari browser, it will offer to create a strong password for that account and save it in the Keychain for you.
Further reading
The Electronic Frontier Foundation has helpful advice on personal computer security:
- ⇒ Surveillance Self-Defense (eff.org).