Review: Password Manager XP

In the day of password requirements that are absolutely insane, you need a password manager to keep yourself from going insane. We’re going to be taking a look at Password Manager XP from CP Lab. With the amount of passwords we in IT need to remember, a good password manager is critical. I have a few that I use but I decided to see if I could find one with similar or better features than the ones I currently use have.

Obtaining and Installing

You can obtain a trial of Password Manager XP from the CP Lab website here. The installation of the Standard version (which we’re taking a look at here) is a standard next, next, finish install. It doesn’t get any easier. There is a Professional version that has a client-server model that would be more suited towards an enterprise as it has Active Directory integration. The standard edition would be fine for an individual or maybe small teams who share a database.

First Run

Right after you install Password Manager XP, you can launch it and you’ll see the default example database that is installed (if you so choose to install it).

Password Manager XP main screen

Password Manager XP main screen

I like the way Password Manager XP sets up the UI. You can see all your databases and tree view of passwords on the left, and on the right is your main screen. I like having the multiple database views. This can allow you to have a “work” passwords database and a “personal” passwords database, for instance. As always, it’s wise advice to never put all your eggs in one basket. Creating a database is actually very simple. Just go to the Database menu and create a new database. From here, you can name your database and assign a master password.

2016-06-17_18-34-09You can also specify where you’d like to have the database file stored. For me, I prefer to put it in a syched folder such as my OneDrive or DropBox so that it’s accessible on all my devices. However, if you have only one computer, it might make sense to put it in a secure location. Now, your passwords are encrypted in the database, but I also prefer to throw in some security by obscurity – throw my database in a obscure location and one accessible only by my user account. However, for this review, I kept everything default.

Adding your passwords

What good is a database without any data? Pretty useless. Likewise, a password database doesn’t have any passwords is forcing you to remember all your passwords and that’s not good. Once you have a database created, you can start creating entries. To keep yourself organized, you can create folders and to keep it really customization, you can select any icon you wish for the folder.

2016-06-17_18-34-55Once you have some folders created, you can now create password entries. This is as simple as right clicking and selecting “New Record”. On the new record screen, you can select an icon, a name, set the website address (if there is one), and generate or insert your password. You can also attach files, generate a password, set a password expiration date (useful for reminding you to change passwords if the service doesn’t expire them for you), and even leave some notes about the password too.

2016-06-19_13-00-57As you can see, I’ve set some test passwords (no these won’t grant you access to anything in The Cave) so you can see how the data is displayed.

The password generator function works amazingly well and is about as un-complicated as it could possibly be (which is what you’d expect but believe it that other software makes this process just as complicated).

2016-06-19_13-08-11Security is also important as these passwords can access anything. Password Manager XP has built in encryption of all different kinds. You can use any kind you’d like. Or all of them. The choice is yours.

2016-06-19_13-21-30

Special Features

This is one of the killer features of this program, in my mind. You can install the program to a flash drive and copy your password database so you can take it with you. This is a really cool feature if you carry a flash drive with you. I always have a USB drive on my keychain which is useful when I need to transfer some files quickly at work.

2016-06-19_13-09-55There is also web browser functionality built in. Other applications require special plugins to be acquired separately and configured separately but Password Manager XP has this all included in the box.

Final Thoughts

Overall, I really like Password Manager XP and I plan on using this as my primary password manager. While there are other options available, I urge you to give Password Manager XP a try along with anything else that you’re considering. I think you will find that Password Manager XP will meet or exceed your expectations! This works with all versions of Windows.

Given what I’ve seen and used thus far in my trial, I give Password Manager XP a 8/10. I highly recommend it!

Setting up GnuPG Encryption For Email

gpg2Let’s be perfectly real here: email in it’s vanilla form sucks. It’s insecure, it’s unreliable, and yet it’s our preferred communication method. What can we do? A good bit, actually. While we can’t fix the problems like including encryption from the get-go, we can add it to our emails now. We can also sign our emails so people will actually know it’s us. This is one of the reasons why spam is so wild – because it’s just so darn easy to send email. Unfortunately, this does require a bit of “classic” computing using a good old email client and a plugin. This tutorial is designed for Windows users and will work on any OS Windows XP or newer. However, the software being used is cross-platform so it will work on Mac OS X and Linux.

Requirements:

For this to work, we’re going to need the following

  • Thick email client such as Thunderbird (preferred) or Outlook
  • Gpg4win
    • If you’re using Outlook, Gpg4win has an Outlook plugin

Continue reading

My-Not-So-Dirty-PC: Stop buying into these scams so they’ll go away

2014-03-01 8-12-17 PMSo I’m sure you’ve seen the TV adverts from “MyCleanPC.com”. If you haven’t, it’s a program that makes the claim that it can increase your computer’s speed and stuff like that. They make bogus claims that your computer will be “200% faster” and have a lot of fake testimonials (we’re not even going to give them the benefit of the doubt here…) claiming that all these computers were saved from the tech dump or something rather. If you’re reading this, you’re probably an IT professional (since that’s whom I market this blog to). If you’re not an IT professional, one probably sent you the link to this article. Please do not fall for these scams. Here’s why… Continue reading

Mass Removal of Microsoft Security Essentials

DANGER, WILL ROBINSON! DANGER! THIS ARTICLE IS OVER A YEAR OLD AND IS POSSIBLY OUT OF DATE! THE INFORMATION CONTAINED WITHIN MAY NOT BE ACCURATE ANYMORE! PROCEED WITH CAUTION!

Microsoft_Security_Essentials_icon

At work, we have finally grown up. By that, I mean we finally have a centralized antivirus product that is actually up to date and doesn’t suck as bad as the old Symantec antivirus we were using. As a replacement, we used Security Essentials and the only thing that moved us to a new platform was the fact that we were technically out of compliance with the MSE license. In a business environment, Microsoft allows you to have only 10 copies installed on computers. We were past that. By like a lot.

One of the challenges of moving to our new AV solution was removing this program from our computers en masse. With several sites and many versions of MSE, you can bet that this was no easy task. Well, since I’m your typical lazy network administrator, I don’t have the time to sit there and manually remove every installation… so I automated it with a shut down script!

This script is a batch file that runs on shut down (or you could run it on start up if you really wanted). Originally, I found a VBS script that caused the computers to hang for about 10 minutes or so on shutdown every time. I’m not a VBS person at all… I love batch files and Powershell, and since I couldn’t Powershell this, I batched it!

The code to use:

@echo off

if exist "%ProgramFiles%/Microsoft Security Essentials" (
START /wait "Uninstalling MSE" "%ProgramFiles%/Microsoft Security Essentials/setup.exe" /x 

/s
) else (
if exist "%ProgramFiles%/Microsoft Security Client" (
START /wait "Uninstalling MSE" "%ProgramFiles%/Microsoft Security Client/setup.exe" /x /s
) else (
exit
)
)
)

Save this as a batch file and create a shutdown (or startup) GPO and have it run this batch file.

Here’s what it does:

  1. Does the path %ProgramFiles%/Microsoft Security Essentials exist? Yes? Run Setup.exe with silent parameters and uninstall parameters. No? Go on to the next line.
  2. Does the path %ProgramFiles%/Microsoft Security Client exist? Yes? Run Setup.exe with silent parameters and uninstall parameters. No? Go on to the next line.
  3. Exit.

This way there is an escape clause and there is no hang up and if there’s an older version of MSE installed, it’s removed as well.

 

 

DHS says “Disable Java”, Company vendors still require it

2010-10-15-dhsSo here’s an interesting¬†dilemma… the Department of Homeland Security is advising users to disable or uninstall Java – this would be fantastic, but in a business we can’t do this. Many of our vendors require Java for doing the course of business and if you know anything about businesses, they don’t like to update their standards. We still have some users who cannot use Internet Explorer 9 (or any alternative browser that the IT Department endorses as “safe for use”) because these sites simply won’t work.

But here’s where the dilemma gets really interesting. DHS says there’s an exploit, Alien Vault confirms the exploit, but from a security stand-point, I am un able to properly secure the network and the computers. So, here’s an open note to the many companies that require Java:¬†please update to modern standards¬†– are you going to do damage control when our network turns into a botnet? No, of course not. Please update your methods!