Have you ever done something despite the knowledge that it isn’t really safe? This generic sentence could be anything from jaywalking to unprotected sex.
In my case, the situation is perhaps a both more mundane and a 21st century problem. I do have quite a few email accounts that are used for different purposes. One of the ones that I used to catch spam should know better when it comes to security.
This login dialog looks very similar to many other login dialogs. The only interesting part is the checkbox “Angemeldet bleiben” which simply means that your user will stay logged in. This is not an unsurprising feature for personal email accounts. If this value is stored on the computer or with the account it would make perfect sense.
The insecure thing is that every time you go to this site this value is set to true. By default, your credentials will be stored on the computer, not a problem if this is your computer at home but an extremely poor policy if the computer is public used.
A proper solution
It is not a good solution to store the password or some token in a cookie on your computer. A much better solution would be to have the password memorized and use it each time. It is possible to keep a few passwords in your head but after a while, the number starts to exceed the memory of even the best person.
Of course, it is possible to scribble your password on a sticky note or write it down in your notepad but if security is truly a requirement then storing the password list in an encrypted file is the best solution.
There are a lot of password managers that are available – it must be true as when I googled “password manager” it returned 480,000,000. There may not be that many but there are easily dozens of free and commercial versions in the Google Play store alone.
Basically a password manager, sometimes referred to as a password safe is just a small application that collects passwords not too dissimilar to an address book for email addresses.
The real trick is not finding a password manager that runs on your phone but one that fits how you best operate. In my case that was a password manager that is truly multi-platform. The usability of my password manager, Keepassx, is just fine on my smartphone.
Multiplatform does not have to be a requirement. The only time I really wanted a multiplatform was when I had too many passwords and wanted to restructure how they were grouped.
The reason that I ended up deciding on keepassx was it was possible to install the app on my smartphone but also to install the application on my Linux Mint installation.
It is possible to create a folder structure separate different aspects of your passwords. It is also possible to store any other important number.
It is possible to create entries to store the simple user and password.
Keepassx has been made flexible enough to allow adding other values as attributes.
Finally, it is possible to assign cute little icons to your entries and folders. This is not just a fun feature but makes it possible to visually see which types of entries contain what types of data.
I cannot recommend this software enough. it is easy to use on your phone but it also possible to copy the keepassx database to your computer and edit it without any difficulties.