I spend my time working with public cloud services for a large number of organizations. That means many, many different user accounts to keep track of. The tool I use most to interact with these services is the web browser. As you all know browsers try to make life easy for their users, and therefore they cache a lot of information, including logins, cookies and AuthN tokens (these are cookies too). All in an effort to make it easy for an end user to get to his stuff quickly. But we are not end users are we…? For me all this caching is very inconvenient when I need to be someone other than my own identities, which is all the time. And not only that but at the same time that i want to operate as myself. Here is how I have this set up today.
For me Google Chrome works best. It has the features I need, simple as that. My reasons are laid out below.
Securing Login Information
I keep all my login information secure in a KeePass 2 database. I choose KeePass 2 because it has good encryption (AES-256), great multi-platform support, lots of plugins, good security features like automatic workspace lock, is open-source and free. I keep my KeePass databases in a cloud storage account protected with Multi-Factor Authentication (MFA). KeePass lets me generate long, complex passwords easily so I never (ever) reuse passwords anywhere.
Accessing Login Information Easily
I mentioned that KeePass has great plugin support. One of my favorite plugins is KeePassHttp, which exposes password entries securely over HTTP. It creates a local HTTP endpoint that authorized clients can talk to. Authorization is controlled in KeePass and is thus protected by the KeePass master password and any other factors you may have chosen.
KeePassHttp together with the Chrome extension chromePass completes this setup by serving up the necessary login information based on URL. chromePass connects to KeePassHttp and retrieves the login information from the KeePass database that matches the URL of the site you are visiting. If several entries match you get a list to choose from. By default KeePass will not just serve up the login information, you have to approve it from a prompt displayed by KeePass.
Multiple Personalities – in a good way
The final piece of the puzzle is the Chrome plugin MultiLogin. It takes care of the problem of the browser trying to cache your login information and state in cookies. Whenever you hit the MultiLogin button Chrome starts a completely clean browser tab that is not related in any way to what is going on in any other tabs. Each new MultiLogin tab is identified by a number so you can easily tell them apart. All tabs with the same identifier share the same state, so you can have several tabs where you are the same user. Everything in the MultiLogin tabs is destroyed when you close Chrome so nothing will be remembered.
I use regular Chrome tabs for my own private web surfing, and Chrome caches my logins and stores cookies just like normal. For everything else I use MultiLogin tabs. This also has the added security benefit of never storing any session or AuthN cookies when you close Chrome.
Unfortunately the developer has removed MultiLogin from the Chrome Store for unknown reasons, and I have not been able to find a replacement. I was lucky enough to install it when it was available, so thanks to Chrome’s roaming extension feature I get it on all my computers. If you still want to get MultiLogin there are instructions here for installing it manually.
UPDATE 27.10.2016: A new Chrome extension called openMultiLogin has been released that replicates the functionality of MultiLogin. Check it out in the Chome extensions store.