Some weeks go I received an email from dropbox telling me that they had changed their terms of service. Nice to tell me, but why ? It dawned on me that sometimes in 2013 or 2012 I had opened an account there out of curiosity, simply to have a look. I never used it and thought that they’d simply delete it when it’s not used for say 12 months ? So I went there, logged in with the standard name and password and deleted the account.
I received a confirmation email:
“This email is a confirmation that you’ve deleted your Dropbox account. Your files are no longer on Dropbox, but we haven’t removed them from your computers.”
It’s nice that they refrained from deleting stuff from my computer(s). I had no idea … In the end it is simply a friendly hint that nothing is lost on one’s machine(s) when the service is cancelled. I may be a bit paranoid.
But what made me think is that I simply pegged in some address & a “password” and was in. I realized that I use(d) only one password for all and everything. I am not that vain to believe that what I read on GoodNoos, or my preferences on StumbleUpon or something else of this kind, would be of any interest for the big bad hacker. But I use it for more serious accounts too, business and tax related for example. And I would not like someone to have a look there. Of course I realise that if a state, be it my own or a really friendly superpower, would for what reasons ever have an interest to read these data, they could. But I do not want to make it that easy.
Additionally the heartbleed-bug affected some sites I use, and all of a sudden this rather simple & pretty worn “password” does not look so nice any more.
So I had a look at so-called password managers that come with encryption tools and autofill abilities. On Slate was an article about it. Some are free, and from these some only work with IE or FF. I use a chromium derivative, and finally tested KeePass2 – maybe it’s too late for the developer to rethink the naming.
I think I like it. It works well so far ; one can change a lot of things (what I will surely do not, but one can play around) ; it can generate passwords that are hard to crack, and fills them in when I want this to happen – I think that is what I like about it : It only works when I tell the program to do what it should do on an account starting page, no automatisms. So slowly and one by one the list of “managed” & changed (!) passwords will grow.
Of course, if this little database goes kaputt, I have a real problem.