Password Management Application

Password management applications allow users to manage and track their passwords for many applications and services. A password management application keeps the list of passwords in an encrypted file on the user's computer or on a USB memory stick. The user only has to remember the master password to access the password repository, and only a user with this master password can access the list.

Key Criteria for Selecting a Password Management Application

  1. Security: Does the application meet the security requirements for Texas A&M's Standard Administrative Procedure (SAP) SAP 29.01.03.M1 and the Texas Administrative Code (TAC) 202?
  2. Convenience and Function: Does the application allow the convenient management of a user's passwords?

Password Management Application Recommendation

There are several applications that meet the criteria, but for the sake of simplified management and support, one free product is recommended for usage in the Division of Finance and Operations.

KeePass Password Safe is a free, open-source application for managing passwords. KeePass stores the passwords with a visual link to the application using the password. KeePass has several features that allow versatility while transparently meeting the security requirements.

KeePass is freeware and can be copied and installed from the vpfnfs1 file server Password Utility folder on the G: drive.

Key KeePass Features

  • Password Encryption: KeePass encrypts the password file using the recommended National Security Agency encryption: Advanced Encryption Standard (AES, Rijndael).
  • KeePass further protects the password file with a master password using a one-way SHA hash to generate a key for the AES encryption. This means there is no way to recover a password file if the password is lost.
  • KeePass is portable and can run from an encrypted USB memory stick. By placing the application on a USB stick, users can use the application anywhere.
  • Drag-and-drop and clipboard-clearing functions are supported. KeePass allows the password to be copied and pasted into the application requesting the password. Once the password is pasted into the application, the copy will be automatically deleted from the clipboard. This feature protects the password from clipboard-sniffing malware.

For additional features, see the KeePass website.