Pastor: Easy Password and Serial Key Storage

Posted by Bart Stalkingfox on 08/27/07 in Home & Personal, Utilities

Are you a person who uses the same password over and over again because you totally hate losing access to websites and your mail account? Well we all know this isn’t the best and safest practice. If your all-purpose password is compromised, you can be in a lot of trouble.

Apple has its own built in “Keychain Access” for storing website passwords, which is a really great app that will automatically store and retrieve browser and other application passwords. Only thing is if you want to store and retrieve a password manually, it isn’t that convenient to use. So what’s a good and free alternative?

Pastor is easy to use password storage application to be used on a daily basis. Although it has some minor quirks which I will discuss later, this is an app I can’t live without. It’s really a no-brainer. When you first start the Pastor, you need to create a new password file. This seams slightly odd at first, but doing this will ensure it’s easy and convenient to use different password files for the different contexts that you work in.

Enter Password

You are free to store your password file where ever you want. This can be on your hard disk, on a USB pen drive that you can carry around on your physical keychain. After creating a new password file things are pretty straight forward and easy to use. Don’t forget to first click the lock icon in the menu bar. This entry lock prevents accidental changes in the password file, which is very well thought of.

Pastor Window

When saving a password file for the first time you will be asked a password, which is used to lock your password encrypted file. Store this in a save place; without it you can’t open and use your stored password. Retrieving your password is just as easy; double click your Pastor password file and you will be prompted for your password. Once you’re done, you can begin using it.

Enter New Password

Pastor comes with several really cool features. For lazy people like me, I really appreciate the “Visit Website” button opens the current URL in your default browser. You can copy both the User Name and Password to the clipboard to speed up the login process. Your password is also protected from “eavesdropping”; only when you mouse over the Password filed it will be readable.

To stop you from using lame passwords like #My Birthday# or #FirstName LastName#, Pastor comes with a built-in random password generator. If you ever want to change to a different app, there is an export function which formats all your entries into a plain text file. Use this wisely! Put it in your Trash and do a “Secure Empty Trash” to delete this information permanently from your system when you’re done with it.

Generate Password Of course, like a lot of applications out there, it does come with its own set of quirks. These aren’t biggies, but I think you need to know before deciding if Pastor is suitable for you. Unfortunately, there is no search capability. This is the one I miss the most; Pastor will sort your entries alphabetically when you hit the Sort button. When working with lists of more that 50 entries you really need to be descriptive with your entry name. Surprisingly this works quite well for me. A search filed in the next version would certainly be great.

Firing up Pastor is best done by double clicking your password file, not the application it self. Pastor doesn’t remember last opened files, which can be a bit of a nag. I just put an alias of the file in my dock to get around this. The Notes field is limited to about 10 lines of text that can be stored. Not very crucial, but it would be nice if this was extended.

Pastor is built on RC-4 encryption. I am not very familiar with RC-4, having dealt with the more known algorithms like Triple Des, Blowfish and AES-256. I’m not sure why the developer didn’t use one of those in Pastor. Pastor is a really convenient password storage tool, easy to use, with very little annoyance. I’ve use it for several months now and I’m quite happy with it as a complement to Apple’s own Keychain Access.

The best thing is that its donationware and you may even use it for free, without any nag screens. Try out Pastor today.

del.icio.us tag this | digg this | permalink | ping

11 Comment(s)

Legend:

Guest

Article Author

Contributor

Tara Kelly said on

August 27th, 2007 at 8:29 am

You might also be interested in an online alternative. Online password managers let you access your logins even when you’re on a different computer.

This cuts back drastically on the cross platform issues Mac users often encounter when using (someone else’s) PC.

Here’s a online/offline comparison on my company blog:
http://tinyurl.com/3ba3et

Greg Holdsworth said on

August 27th, 2007 at 9:24 am

I have been using Pastor for years and it’s AWESOME. One of the few utilities I cannot be without. Would gladly pay a shareware price for it.

Sigurður Ármannsson said on

August 27th, 2007 at 9:32 am

I also use Pastor and I have tried many others too. Althogh Pastor does not support Unicode Encoding for “foreign” languages I prefer it over all the others password keepers I have tried.

K said on

August 28th, 2007 at 6:41 am

It’s quite nice, but:
1) RC4 encryption is outdated, unsafe,
2) I could not find any kind of search functionality

Bart Stalkingfox said on

August 28th, 2007 at 7:20 am

Hi K,

Thanks for taking the effort to write your comment. However stating that: “RC4 encryption is outdated, unsafe” Is a bold statement with out providing any backup. As this might confuse readers I need to ask you to backup your statement as soon as possible, e.g. with some links to articles discussing the safety of RC$

Your remark that there’s no search option was already discussed in the article.

Thanks and hope to hear from you soon

Tara Kelly said on

August 28th, 2007 at 9:05 am

RE: RC4

This from Wikipedia:

“While remarkable in its simplicity, RC4 falls short of the high standards of security set by cryptographers, and some ways of using RC4 can lead to very insecure cryptosystems (an example being WEP). It is not recommended for use in new systems. However, some systems based on RC4 are secure enough for practical use.”

For strong security usually AES or Blowfish or Serpent are recommended.

Bart Stalkingfox said on

August 28th, 2007 at 9:40 am

Hi Tara,

Thanks for posting your link Wikipedia is a great For those interested: RC4 page in Wikipedia

I am not a cryptographer, but what I understand the main problem with RC4 occurs when you a party has access to a hug amount of encrypted data, like you have with Wireless WEP. Using RC4 in Pastor with only a small amount of data makes it less vulnerable than in the WEP implementation. So I think you password will not likely being easily hacked.

Nevertheless, this is good information to keep in mind when using Pastor. I certainly would welcome a new version of Pastor which uses a strong encryption protocol.

Tara Kelly said on

August 28th, 2007 at 12:52 pm

Hi Bart,
Oops, sorry. I’d forgotten the link. Thanks.

I’m not the developer in our group, but RC4 does have vulnerabilities. If used in very specific circumstances, it’s just fine. Outside of those boundaries though, it’s not effective.

If you like using an offline password manager, there are plenty out there that use stronger algorithms. For mac, KeepassX comes to mind. You’ll have to check the features to see if it compares to Pastor on the other features you like.

Of course, there are always online solutions using AES

Bart Stalkingfox said on

August 28th, 2007 at 5:02 pm

IMPORTANT NOTE OF THE AUTHOR

Hi, I got aware of the fact the editor chanced some key information in my original article. Normaly that’s fine, but this time there are things I would never write myself and I think it’s important to notify, you as readers of this.

The article states.
Pastor is built on RC-4 encryption; in fact you might already be using this standard elsewhere. If you happen to use WEP encryption over WiFi, or even SSL, you’ll be happy to know that the same technology is keeping your passwords safe.

I would never write this myself, cause the falls suggestion of safety WEP encryption isn’t save, as a lot of you know. Use WPA instead.

SSL isn’t synonym for RC4 actually SSL a transport layer. The encryption options are configured at the webserver side. The sever administrator determines which encryptions may be used and which not. More details on Wikipedia TLS

I am also not happy with the 1 Password quote the editor put in. I makes me look like I am a fan of 1 Password which I am not. I think OS X’s build in keychain is just a fine and elegant autofill tool and I favor it over 1 Password. Best of all if your run at least OS X 10.4 it’s already there

ErichD said on

August 28th, 2007 at 6:05 pm

Another App that I like in this category is Data Guardian. It works through Apple’s Keychain Access, like pastor, but also then can fill in forms using Safari’s auto-fill feature. It offers 448-bit Blowfish encryption and can ahndle multiple databases.
More info on it is here: http://www.koingosw.com/products/dataguardian.php

I smell a ripe opportunity for a application showdown!

Steve Hurley said on

May 20th, 2008 at 6:13 am

Excellent program. Fast to load. Easy to use.
Completly idiot-free (if you can remember on login password
I have a backup on my USB stick so I can access when I travel.