2011 saw an explosion of ‘hacktivism’ and black-hat chicanery – the antics of LulzSec and AntiSec, the breaching of Sony’s PlayStation Network, HBGary and Stratfor; previously confidential data getting sprayed onto Pastebin on a weekly basis.

Despite none of my precious private data being involved, all this carnage steadily convinced me it was time to take my password management much more seriously. Although I had a handful of decent passwords in play, some were shared amongst several sites, some were years old .. and who knew what my logins were for the swathe of random forums and mailing lists I’d accrued over the years? Decidedly amateur.

Enter KeePass and Wuala.

KeePass is everything I wanted in a password management tool – open-source, free, richly featured, clean GUI, available on all the platforms I use (including on my Android phone) and already widely used .. trustworthy-by-proxy.

The database is encrypted using a master-password-and-key-file pair, meaning that the DB file by itself is much more resilient to any brute-force attacks. I don’t have to particularly worry if someone got hold of it without the key-file, the likes of which I can manually store onto any devices I want to have access to the data.

KeePass also allows for additional arbitrary data to be stored with each password entry. I use this, for example, when a site requires security questions – instead of having a truthful answer to “What was your first pet’s name?” (which might be shared with other sites, or easy to guess / find out) I have a random stream of characters that are catalogued along with the site’s password data. Will be fun to explain this on the phone when spelling out “ZiN@wbY9!jWa14″

At the same time, I searched for an online backup/sync service that I could use to keep the DB consistent across my desktop, laptop, phone and so on. DropBox was (and still is) a popular choice, but it happened to suffer a security breach just after I signed up to check it out. Even with the security offered by the key-file pairing, I decided to see what other options were available.

Both SpiderOak and Wuala offered 2GB of free, cross-platform, encrypted storage – that is, all data sent to the cloud is encrypted before it leaves the users’ machine – which was reassuring, should I want to start storing other personal files on the service.

I gave SpiderOak a fair turn but the file manager was so sluggish I could barely get it to work at all on my PC. Wuala, on the other hand, worked beautifully – slick UI, neat web-based sharing and decent mobile apps to pair with my KeePassDroid install. 6 months on I still think it rocks!

I now have over 60 unique, long n’ strong passwords that travel with me wherever I need them, complete with an unwise smugness about how secure I now feel.