Store your vital passwords securely
Nick Peers takes a close look at Swifty, an offline password manager with a slick interface and hopefully bright future.
Everybody needs to look after their passwords. The problem is how do you set up a system where each separate account you own is protected by a strong – and unique – password (see the box, opposite) that you can enter easily on demand?
You could, of course, write down your passwords in a notebook, relying on an online password generator such as the Secure Password Generator (https:// passwordsgenerator.net) to generate those passwords as and when they’re required.
The problem is, that notebook will need storing somewhere secure, and flicking through it looking for passwords to type in quickly becomes laborious. The solution is to look for an automated solution that you can access from your PC. This is where the humble password manager comes in. These store all your passwords inside an encrypted database commonly known as your ‘vault’. The database is protected by a single master password, which you use to unlock the vault and access its contents.
Password managers come in all shapes and sizes. At one end of the scale is a cloud-based tool such as LastPass or Bitwarden with all the convenience they offer: tools for every platform and browser, built-in password generators, autofill capabilities and more. The downside? Your password vault is stored online on thirdparty servers – do you trust them?
One solution is to set up your own self-hosted password manager using Bitwarden, but if you’d rather your passwords weren’t stored online, and you’re happy to limit their access (for now) to just your computers, then why not give Swifty a go?
Local passwords for local users
Swifty’s a relatively new entry into the market, and it’s aimed more at those currently using an offline password manager such as KeePass. The user interface is more akin to the likes of Bitwarden and LastPass, and the password manager makes it possible for you to store more than simple log-on details – you can also use it to record secure notes and credit card information.
Swifty encrypts all your data using AES 256-bit encryption, unlocked using a single master password. Encryption occurs as soon as you enter it into the tool. This ensures that it’s not just protected ‘at rest’ in your database file, but when being processed in your PC’s memory, too.
Everything is stored locally, although you have the option to create a back-up file or sync your data to Google Drive in order to transfer it to another computer. As things stand, Swifty can be installed on Linux, Windows and macOS – there’s a promise of mobile app and browser support ‘soon’, but we suspect this is still some time off. If that’s a deal breaker, then may we direct you to the box on page 59 and an alternative called Buttercup?
But if you’re happy – for now – to limit your password vault to just the computers in your home, let’s crack on. Take a trip to https://getswifty.pro to review
Swifty’s key features on the slick – if somewhat bare –
website. You’ll even see a welcoming ‘Download for Ubuntu’ button appear front and centre. Unfortunately, the version offered here – 0.6.5 at time of writing
– is not actually the latest version available (as we discovered on diligently running it only to be told that a newer build was available).
Instead, bypass the middle man and head straight to the project’s Github repository at https://github.com/ swiftyapp/swifty/releases where you’ll find 0.6.6 is available for download as .rpm and .deb packages for installation, along with a portable AppImage.
Whichever version you choose, Swifty will store your database and settings in the hidden .config folder inside your personal home folder. If you’re not yet convinced Swifty’s for you, start with the AppImage version – once downloaded to a suitable folder (how about Home/ AppImages?), simply right-click it and choose Properties>Permissions before ticking ‘Allow executing file as program’.
Once you’ve decided that Swifty is for you then you can – if you prefer – switch to the .deb package. Save the file to your Downloads folder, then double-click the file and follow the prompts in the Ubuntu Software package to install it. A shortcut is created in the launcher, and the installed version will work with the same database as the AppImage, so no need to start again from scratch.
Keep it secret…
When you launch Swifty for the first time, there’s little preamble: you’ll immediately be asked to set up your master password, which you’ll need to enter each time you want to access your vault.
Swifty won’t make any suggestions as to what constitutes a good master password, so follow our advice by choosing something that’s at least 14 characters long. Unlike the passwords you’ll be storing in Swifty, however, it needs to be something memorable while not being obvious.
The solution is to create a lengthy passphrase – one that combines several unrelated words that you’ll be able to memorise, but which won’t make sense to anyone else. Rather than trust yourself to come up with such a passphrase, which may end up being easier to guess than you might think, try an online random passphrase generator such as that offered by Use a Passphrase (www.useapassphrase.com).
By default, it generates four-word passphrases with spaces, which should be adequate for anyone who isn’t planning to store state secrets in their vault (if you are, then Use a Passphrase can also generate five- and 12-word passphrases, but good luck remembering the latter). Use a Passphrase suggests passphrases with a space between each word, but we’d recommend you substitute this with a special character – think outside the box, and choose an obscure symbol such as | or ~ to separate each word within your phrase – for example: ribcage¬repugnant¬zestfully¬think
…Keep it safe
You’ll be whisked to Swifty’s main screen – see the annotation (opposite page) for a quick primer on where everything is – and be invited to either create your first entry or ‘Import from Gdrive’. Ignore the latter option for now – we’ll cover backing up and syncing your vault later. Instead, click ‘Create First Entry’.
You’ll be taken to the create new login screen, where you can fill up to eight fields of information. The only mandatory fields are Title, Username and Password.
You’ll see a Generate button beneath the password – if you’re setting up a brand new online account, click this to automatically generate a random password based on Swifty’s current password generation settings (see below), otherwise enter the password that’s currently associated with that account. Click the eye icon to its right to verify the password you’ve entered is correct, or to see what password Swifty has generated randomly (just click Generate if you want to try a different combination).
While the other fields are all optional, they’re all useful in their own way. If you enter the website where your login details are used, for example, Swifty will attempt to retrieve a site logo or icon to help you identify it going forward, as well as provide you with a handy shortcut to the site itself. Adding tags helps you filter future searches using the tag button, while you can
also record notes and – if applicable – an email address to accompany the username.
The final option – OTP – enables you to record details of one-time passwords or pins, which can (for example) help when logging into accounts that require two-factor authentication. You’ll need to obtain the OTP code when you set up 2FA – the step-by-step guide reveals what to look for to obtain the code or ‘secret’ that you’ll need.
Once you’ve entered your login details, click Save and it’ll immediately appear in the list on the left. On the right of the screen you’ll see all the fields you recorded. Next to each field is a copy icon that enables you to copy the element in question to your clipboard to paste into the website or tool that requires you to enter your login details.
Above these fields and next to the title are both pencil (edit) and rubbish bin (delete) icons. Click the former to make changes to the login entry using the same fields that you used previously, remembering to click Save to confirm your changes (or Cancel to reject them).
Perform a password audit
Continue to add more logins to your Swifty vault following the same procedure as previously. Once you’ve transferred all your existing login details to the program, you can start to take measures to strengthen existing weak passwords. To identify those passwords that need changing, Swifty offers a Password Audit feature.
To trigger this, click the ‘i’ button in the left-hand pane. Swifty will quickly go through your entire vault rating your passwords using various criteria: perceived strength, length, whether they’re a duplicate and if the password is more than six months’ old (based on when it was entered into Swifty).
The audit will rate your entire vault out of 10, then list all sites that fall foul of its audit, neatly listed according to which test(s) they fail – and yes, a login can appear in more than one list. Fixing the problem is simple: identify the site, log in using your current password, then navigate to your account settings to change the password to something more secure (and maybe even explore 2FA options). Use Swifty’s password generator tool to create and record a strong, random password within its vault, then paste it into the website. Once you’ve updated all your passwords, run a fresh audit to verify you’ve eliminated all weaknesses.
Secure notes and credit cards
Like all good password managers, Swifty can also be used to record secure notes as well as your credit card information. Recording these works in a similar way to adding login details, albeit with different fields. In the case of secure notes, simply provide a title, add tags to help categorise the note using filters, then paste your text into the Note field before clicking Save.
Swifty’s secure credit card vault enables you to record your card number, expiry month and year, CVC number, card or account name, plus Pin (in an obscured field for greater security). Again, use the title and tags to help identify it later on.
Search your vault
Once your vault grows to sizeable proportions, you may struggle to quickly find the logins or notes you’re looking for. If you get in the habit of tagging your logins – you can add multiple tags to items to allow them to straddle several categories – then one quick way to find what you’re looking for is to click the tag button at the
top of the page to reveal a drop-down list of tags. Simply click one to filter the list to include only those items with the matching tag.
Annoyingly, tags aren’t arranged alphabetically in the filter drop-down list, but rather in the order they were created, so if you end up with lots and lots of tags you might find this approach becomes less intuitive over time. A quicker way to find what you’re looking for is to simply start typing part of the title into the Search box above the list, which is immediately filtered as you type. Note that the search box only works with the titles you’ve created – you can’t, for example, search by username or email.
Another disadvantage of Swifty is that you can’t search across all three categories of logins, credit cards and secure notes at once. Nevertheless, it should still provide adequate means of finding troublesome information when you need it.
Sync your vault
The Settings button in the bottom left-hand corner of the Swifty window contains four largely unrelated sections, covering a wide range of options. The first section – Vault Settings – is where you go to when you want to either back up your vault or transfer it to another computer.
You have two options here: Synchronise works with your Google Drive account to make it possible to keep Swifty in sync across multiple PCs or Macs. Click the ‘Connect your Google Drive’ button to connect via your Google account in your browser.
Once successfully connected you should see the Google Drive icon appear in the top left-hand corner with a green tick mark next to it. Whenever you make changes to your vault going forward you should see it grey out momentarily while it synchronises any changes to your Google Drive, all protected with the same level of encryption employed for Swifty’s main vault.
There is always some risk attached to storing data online, so you may prefer to avoid using Google Drive. If
that’s the case, you can opt to manually create back-up files and transfer them manually by clicking ‘Save Vault File’ instead. Choose where to save this on your hard drive and click Save. A file with the .swftx extension will be created, which you can then import into a new instance of Swifty on another machine, or used to restore your vault in the event of data loss (obviously this requires you to store this backup somewhere secure and separate from your main PC).
Tweak Swifty preferences
Settings is where you should also go if you want to change your vault’s master password or passphrase – consider doing this every six to 12 months depending on how secure you think your vault is. It’s also the place to go to adjust Swifty’s password generator tool.
By default, it will create random passwords containing a mixture of letters (both lower and upper case), numbers and special characters, 12 characters in length. Use the slider to increase this number for additional protection against brute-force attacks – 14 is a good minimum.