.NET

Manage your passwords

In modern world one of the huge challenges – at least for me is managing my passwords for the various sites that i use.

The challenge is further enhanced by:

– your passwords need to be super strong so that they withstand hackers. Passwords are usually stored as hashes and not strings on the server so hackers use brute force guessing mechanisms to get you password as a string if those passwords get stolen. So using password as RgGZ5DOynJ5*dd*TsrAXEz will make them reluctant to crack it as for the same time they will crack 1000 passwords as password123.
– you need to change your passwords often enough so that be secured (i use 2-3 months time-intervals)
– you need to use unique password for every site you use. One of the biggest mistakes in terms of security is to make up a super strong password, use it all over the place and not change it for years.

So, either you have to have a very smart way to make up and remember passwords or you need to use a tool. I have decided for myself to use the second. But i couldn’t come up with a free tool that i could trust enough so i decided to make up one for myself.

Here is how it looks:

passwordtool1

passwordtool

This is a simple winforms app and uses the built in System.Security.Cryptography methods to leverage the asymmetric cryptography method of encryption.

With this simple app you can:

– Generate public/private key pairs
– Generate random password for you
– Encrypt passwords as string with the public key
– Decrypt encrypted passwords in string format with the private key

So you may generate strong password and keep their encrypted representation in a simple .txt file if you want to and decrypt them when needed with the private key:

encrypted password

You don’t really need to worry about that txt as everything in it is encrypted and if passwords are strong enough, it will require huge amount of effort to brute force crack them. That does not mean that you have to be negligible though. The single thing that you have to worry about is the PRIVATE KEY – that is the single most vulnerable point here so keep that the best way you can. If you thing that the private key has been compromised, just create another pair public-private key and run your passwords through those.

You can find the source of the app here -> https://bitbucket.org/ivopashov/cryptoapp and build it for yourself. If you are out of the .NET world drop me a pm and i will send you the exe.

Disclaimer – i haven’t refactored the code so please don’t be that critical on the source quality 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *