Bad craziness with passwords

Continuing on with the password discussion from the last post…

I use the highly reliable open source Password Safe to store passwords. It encrypts the passwords securely and the entire program installs into a folder with no updating of the registry, so it’s highly portable.

Last night I upgraded to a new version and was astounded to discover that that password file it was using was from 2008. Yes, I had backups, but they were borked too, that same damn password file from 2008. Huh?

Here’s what happened. Password Safe defaults to using main.dat in the current folder to store passwords in. But it can use a file elsewhere too. Sometimes when you convert from an old version to a new version it converts the the dat file and renames it main.psafe3. Apparently that is the file it had been using, and it was in a different location from where I thought. This database professional who religiously does backups had been carefully backing up the wrong file for years. Yikes.

After much gnashing of teeth, I found main.psafe3 lurking deep within in my appdata\local folder, copied it to the Password Safe folder, choose that file on startup – and all my passwords were there. Whew.

I had already recovered most of the important passwords because either a) I remembered them, b) had them in a text file, c:) saved them in the mSecure app on myiPhone, or d:) found them in the Firefox and Chrome password areas. But some, like web logons to client sites, I had no way to recover.

Here’s what I learned.

  • Make sure your backups are valid. Restore them every so often to be sure.
  • Print a copy of important passwords and save it someplace safe.
  • Make sure the password file your password program uses is what you think it is using. Heh.
  • Keep a copy of crucial passwords on your mobile device, if you have an app for that.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.