Password Safe V1.92c.1

Introduction
Main Window

File Menu
Edit Menu
Manage Menu
Help Menu

Other Dialogs

Add Entry
Edit/View Entry
Copy to Clipboard
Change Safe Combination
Password Safe Options
Confirm Delete
About Counterpane

Introduction

How many passwords and user names do you have to keep track of? Chances are that the answer is "lots." It was bad enough when you only needed a password to access your network or shell account; now many websites want passwords too. Most people resort to keeping a written list of passwords (unsafe) or using the same password on many systems (very unsafe). Now, with Password Safe, you can keep a master list of passwords securely encrypted on your computer. A single Safe Combination unlocks them all.

Password Safe protects your passwords with Bruce Schneier's Blowfish algorithm, a fast, free alternative to DES and IDEA. Details on the Blowfish algorithm, including speed comparisons and an extensive list of products that use Blowfish, are available at http://www.counterpane.com/blowfish.html

Password Safe allows you to have any number of different password databases. For example, you can store your website passwords in one, your Unix account passwords in another, etc. Don't forget to backup your various databases often. If you wish to have only one database, no problem. Password Safe will take care of all the detail for you and you don't need to bother with any of the file handling commands.

Getting Started

You can start protecting your passwords with Password Safe in three easy steps.

  1. Creating a Safe Combination

    When you first start up Password Safe, it will ask you to create a combination. The combination is just like a password; it can include letters and punctuation as well as numbers. Your safe combination keeps all your other passwords safe, so don't use something that's easy to guess -- especially if someone else could get access to your computer. Safe combinations are case sensitive; "e;hello"e; is different from "e;HELLO"e;.

    When you've chosen your combination, type it in the box marked "Safe Combination," then again in the box marked "verify." Then click OK. The OK button will only be activated if you typed the same Safe Combination both times.

    Whenever you start up Password Safe, it will reopen (with the proper password, of course) the last open password database. If this database cannot be found, you will be able to browse for another one or create a new blank database.

  2. Entering Passwords

    After you've created your combination, you can start entering passwords. Just select the menu item titled Add Entry or click the toolbar button. Enter the name of the service this password is for, your username on that service (if any), and then the password itself. You can also set a default username in the Options dialog box.

    You can use the "Notes" field to enter any other information you need to remember about the service -- phone numbers, URLs, etc.

  3. Retrieving Passwords

    To copy a password to the Windows clipboard, just double-click on the desired title. Or you can highlight the tile and select the Copy Password to Clipboard menu item. You can then paste the password into whichever Windows application requires it. (If the application does not provide a Copy command on its menu, you can still paste by hitting Control-V or Shift-Insert.)

    The clipboard will be cleared when you close Password Safe.

Password Safe Main Window

Password Safes main window shows the entries in a list. The first time this list is shown there will be columns for the title, username and notes although the password can also be shown if desired by setting an option.

The menu bar options are described in the following sections:

File Menu
Edit Menu
Manage Menu
Help Menu
File Menu

New...

This option allows you to create a new password database.

Open...

Select this menu item open a different password database. You will be prompted to save the current database if necessary/desired. You can see the name of the current database at the top of the main window.

Recent files

Password safe remembers the four most recently opened password databases, these are available for selection here. If you choose one of these files you will be prompted for its password, and if entered correctly the current database will be closed, after saving it if necessary, and the new database will be displayed.

Save

Select this menu item to save the current password database.

Save As...

Select this item to save the current password database under a different name. A version under the old name (without the most recent changes) will still exist.

Exit

Exits Password Safe. You will be prompted to save the current database if necessary

Edit Menu

Add Entry

Select this menu item to add a password to the current database.

Edit/View Entry

Select this menu item to view or change a password you've entered.

Delete Entry

To delete an item, highlight its title and select this menu item. You will be asked to confirm deletion of the item if the Confirm deletion of items option is checked.

Find Entry

To search for an entry that contains the given text in any field except the password.

Copy Password to Clipboard

To copy a password to the Windows clipboard, just double-click on the desired title. Or, you can highlight the title and select the Copy Password to Clipboard menu item. You can then paste the password into whichever Windows application requires it. (If the application does not provide a Copy command on its menu, you can still paste by hitting Control-V or Shift-Insert.)

The clipboard will be cleared when you close Password Safe.

Copy Username to Clipboard

To copy a username to the Windows clipboard, highlight the title and select the Copy Username to Clipboard menu item. You can then paste the password into whichever Windows application requires it. (If the application does not provide a Copy command on its menu, you can still paste by hitting Control-V or Shift-Insert.)

The clipboard will be cleared when you close Password Safe.

Clear Clipboard

To securely clear a password from the Windows clipboard, select the Clear Clipboard menu item. If another application has copied data to the clipboard, the clipboard will not be cleared.

Manage Menu

Change Safe Combination

Select this menu item to change the Password Safe combination for the current database. Type the combination in the box marked "Safe Combination," then again in the box marked "verify." Then click OK. The OK button will only be activated if you typed the same Safe Combination in the same case both times.

Make Backup

Choose this item to make a backup of the current password database.

Restore from Backup

Select this menu item to restore a previously made backup of a database. The restored version will be unnamed. You will have to give it a name in the Save As dialog if you wish to keep it.

Update V1.1 Backups

Choose this item to convert Version1.1 backup files to the new format. This simply adds a .bak extension to the file if it does not already have it. A list of altered backups and their location will be displayed, and you will have the option of saving this list to disk. Password Safe will also delete references to backups that no longer exist.

Options

Select this menu item to set these options.

Help Menu

Get Help

Shows this help file.

About Password Safe

Shows brief details about Password Safe.

Options Dialog

The options dialog allows you to customise the way that Password Safe works. There are five tabs of related options that are described in the following sections:

Display Tab
Security Tab
Password Policy Tab
Username Tab
Misc Tab

Display Tab

Always keep Password Safe on top

If this option is checked, Password Safe will be kept on top of all other windows. This option is disabled on Pocket PC.

Show password in display list

If this option is checked, an extra column will be added to the main display to show the password.

Show password by default in edit mode

If this option is checked, the password will not be initially obscured by asterisks in the Edit/View window.

Double-click shows password

This option controls what happens when an item in the password list is double-clicked. If checked then a dialog will be displayed showing the password for the item. If unchecked the password will copied to the clipboard.

Security Tab

Clear the clipboard when minimized

If you check this option, the clipboard will be cleared when you minimize Password Safe.

Lock password database on minimize and prompt on restore

If you check this option, sensitive information such as your safe combination and the names of the items will be cleared from memory when Password Safe is minimized. When Password Safe is restored, you will be prompted for the Safe Combination.

Confirm password database save on minimize

If you check this option, Password Safe will remind you when it automatically saves the password database on minimize. Unchecked, the password database will be automatically saved.

Confirm item copy to clipboard

If you check this option, Password Safe will notify you when a password is copied to the clipboard. Once you've gotten used to how Password Safe works, you will probably want to uncheck this option.

Password Policy Tab

Default password length

This option sets the number of characters that will be generated when a random password is generated in the Add or Edit entry dialogs.

Use lowercase letters

If this option is checked, lower case letters will be used in the generated password.

Use uppercase letters

If this option is checked, upper case letters will be used in the generated password.

Use digits

If this option is checked, digit characters will be used in the generated password.

Use symbols

If this option is checked, certain symbol characters, such as &, %, $ and so forth, will be used in the generated password.

Use only easy-to-read characters

If this option is checked then certain characters such as O (oh) and 0 (zero) will be omitted from the generated password.

Username Tab

Use default username

If this option is checked, the username entered in the field below will not be displayed in the main list box, and will automatically be inserted into the username field in the Add dialog box.

Query user to set default username

If this option is checked, whenever you enter a username for a new item and there is no default username, you will be prompted to set it as the default username if desired. See above for more information about default usernames.

Misc Tab

Confirm deletion of items

When this option is checked, Password Safe will confirm that you want to remove the selected item when you issue the Delete command.

Save database immediately after Edit or Add

If this option is checked, Password Safe will automatically save the password database whenever an entry is added or changed.

Add Data

In this window, you can add a new entry to the current database. Enter the name of the service this password is for in the box marked "Title" and your username on this service (if any) in the box marked "Username." If you have entered a default username, it username will be automatically entered in this field. Then enter the password itself in the box marked "Password." You can use the "Notes" field for any other information you need to remember about this item -- such as a URL or phone number.

You can leave the username and notes fields blank, but you must enter data in the title and password fields.

Note that the entry for this item in the list in the main dialog with be the service name and user name separated by a dash.

Edit/View Data

In this window, you can change the information you've stored for an entry. By default, the password will be replaced with a line of asterisks. To view your existing password, hit "Show Password."

If you make a mistake and want to leave this window without saving your changes, hit "Cancel." To save changes, click the "OK" button.

Copy Password to Clipboard

This dialog lets you know that the password you've selected has been copied to the clipboard. You can now paste it directly into the application, dialog, or Web form that needs a password.

If you're pasting the password into a dialog, you probably won't have a Paste command available, but you can still paste using the keyboard shortcuts control-V or shift-insert.

Safe Combination Change

Use this window to change your Safe Combination for the current database. You will need to enter the old Safe Combination, then enter the new combination twice. The combinations will be masked by asterisks. The combinations are case sensitive; the safe combination "e;hello"e; is different from "e;HELLO"e;.

Safe Combination Entry

This window appears when you start up Password Safe and whenever you open a different database or restore a backup. Enter your safe combination and click OK. Safe combinations are case sensitive; "hello" is different from "HELLO".

If you enter the safe combination incorrectly three times, the Safe Combination Entry Error window will appear. This window lets you try to open another database or start a new one.

Safe Combination Entry Error

This window appears if the Safe Combination has been entered incorrectly three times. If you just mistyped your safe combination, you can choose to try again. You can also choose to browse for another database to open or to create another, completely new, database.

If you've forgotten your safe combination, just leave that database for now. You'll be able to reopen this database later if you remember your combination. Unfortunately, nothing can be done if you forget your password entirely. The security of this system rests on the fact that the database cannot be recovered without the password.

Delete Confirmation Dialog

Click yes to delete the selected entry. Click no if you don't want to delete it.

Safe Combination Entry

This window appears when you create a new database, either from the initial dialog when you start Password Safe, or when you select New... from the file menu

Enter the combination for the new database and in the confirmation box. You will be warned if the two passwords do not match or if the password is cryptographically weak.

Username Entry Dialog

The username entered in this dialog box will be added to all the entries in the username-less database that you just opened. Click Ok to add the username or Cancel to leave them as is.

You can also set this username to be the default username by clicking the check box. In this case, you will not see the username that you just added in the main dialog (though it is still part of the entries), and it will automatically be inserted in the Add dialog for new entries.

Set Default Username?

This dialog lets you set the username that you just entered as the default username. The default username is not displayed in the main dialog and will be automatically inserted in the Add dialog box.

You can adjust the current default username setting in the Options dialog box.

Add a Username to All Entries?

This dialog appears when you open a password database without any usernames in the entries.

Click Yes to get a dialog box that will allow you to enter a single username that will be added to all the entries. Click No to leave the database as it is.

About Counterpane

http://www.counterpane.com

Company Information

Counterpane Systems is a cryptography and computer security consulting firm. We are a virtual company based in Minneapolis, with three full-time employees and six part-time contractors. Counterpane provides expert consulting in the following areas:

Design and Analysis. This is the majority of Counterpane's work: making and breaking commercial cryptographic systems and system designs. We can analyze all aspects of a security system, from the threat model to the cryptographic algorithms, and from the protocols to the implementation and procedures. Our detailed reports provide clients with information on security problems as well as suggested fixes.

Counterpane Systems has worked in areas such as:

  • Hard disk and file encryption
  • E-mail encryption and authentication
  • Emergency password and data recovery
  • Software and information piracy prevention
  • Virtual private networks
  • Certificate Authority systems
  • Digital timestamping
  • Digital telecommunications security
  • Biometric security applications
  • Java security
  • Electronic commerce systems
  • Stored-value card security
  • Secure audit logs
  • Implementation and Testing. Counterpane Systems also turns designs into commercial programs. We have implemented and tested many cryptographic systems, both from our own designs and from industry standards such as SET, S/MIME, and SSL. Counterpane also performs security testing and verification of software implementations and products.

    Threat Modeling. Using attack tree analysis, Counterpane Systems provides a comprehensive threat analysis of systems and products. This kind of analysis can determine a system's vulnerability and the avenues of attack most likely to succeed. We can calculate the time, money, and resources necessary to attack a system, determine the security effects of different business decisions, and list the security assumptions a system is based on. Attack trees can compare attacks and countermeasures, and isolate areas where security can most profitably be improved--or most profitably be attacked.

    Product Research and Forecasting. Counterpane Systems assesses potential product ideas, and gives opinions on their viability in the marketplace. We also maintain a large database of competitive information, and can provide information on existing security-related products. We publish occasional reports on different areas of commercial cryptography--electronic commerce, Internet security, public-key infrastructure, secure tokens--and make these reports available to clients.

    Classes and Training. Counterpane Systems provides a wide variety of training services, from hour-long tutorials on the basics of computer security to week-long classes on the mathematics of cryptography or the philosophy of secure system design. Other classes include advanced protocol design and analysis, Internet security protocols, public-key infrastructure, and electronic commerce security. Classes can be tailored to suit individual needs.

    Intellectual Property. Counterpane Systems has considerable experience writing patent disclosures for cryptographic inventions. We provide opinions on patentability and prior art, and can help clients find new ways to implement systems which avoid infringing on existing patents. We maintain a database of more than 1000 cryptography-related patents.

    Export Consulting. Counterpane Systems can help clients go through the process of receiving Commodity Jurisdictions from the U.S. Department of State, and get their products approved for export from the U.S. Department of Commerce.

    Theoretical and Applied Cryptographic Research. Counterpane Systems continually pursues cryptographic research. By publishing papers at international academic conferences, we maintain our state-of-the-art knowledge and experience in cryptography.

    Clients. Counterpane Systems has provided consulting services for clients on five continents, including American Express, Canon, Citibank, Compaq, Dallas Semiconductor, Disney, Hughes Data Systems, Intel, Intuit, MCI, Merrill Lynch, Microsoft, Mitsubishi, National Semiconductor, Netscape, NSA, Oracle, Security Dynamics, Silicon Graphics, Stac Electronics, Veridicom, Visa, and Xerox. Contracts range from short-term expert opinions and design evaluations to multi-year design and development efforts.

    COUNTERPANE SYSTEMS PERSONNEL

    BRUCE SCHNEIER is president of Counterpane Systems. He is the author of Applied Cryptography (John Wiley & Sons, 1994 & 1996), the seminal work in its field. Now in its second edition, Applied Cryptography has sold over 80,000 copies world-wide and has been translated into four languages. His papers have appeared at international conferences, and he has written dozens of articles on cryptography for major magazines. He is a contributing editor to Dr. Dobb's Journal, where he edited the "Algorithms Alley" column, and has been a contributing editor to Computer and Communications Security Reviews. He designed the popular Blowfish encryption algorithm, still unbroken after years of cryptanalysis.

    Schneier served on the Board of Directors of the International Association for Cryptologic Research, is a member of the Advisory Board for the Electronic Privacy Information Center, and is on the Board of Directors of the Voter's Telcom Watch. Schneier has an M.S. in Computer Science from American University and a B.S. in Physics from the University of Rochester. He is a frequent writer and lecturer on the topics of cryptography, computer security, and privacy.

    JOHN KELSEY is an experienced cryptographer, cryptanalyst, and programmer who has designed several algorithms and protocols. He pioneered research on secure random number generators, differential related-key cryptanalysis on block ciphers, and the chosen-protocol attack against cryptographic protocols. His research has been presented at several international conferences, and he has broken many proposed commercial cryptographic algorithm, protocol, and system designs. He has a degree in economics and computer science from the University of Missouri in Columbia.

    CHRIS HALL is experienced in mathematical cryptography (including elliptic curves), protocol design and analysis, and source-code security verification. He helped build various PGP products, including some cryptographic protocols and software in PGPfone. He discovered a major weaknesses in two different X Windows authentication schemes (the attacks and fixes weren't announced for six months so that major vendors could fix their software). Hall has a B.S. in Computer Science and Mathematics at the University of Colorado in Boulder.

    DAVID WAGNER is a graduate student in cryptography at the University of California Berkeley. His cryptographic expertise includes both algorithms and protocols. He has publicly cryptanalyzed the Netscape random number generator, SSL 3.0, and the U.S. digital cellular encryption standard.

    CONTACT INFORMATION

    Counterpane Systems
    101 E Minnehaha Parkway
    Minneapolis, MN 55419
    phone: (612) 823-1098 or (708) 524-9461
    fax: (612) 823-1590
    email: info@counterpane.com
    web: http://www.counterpane.com