Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Best Tool For Remembering Passwords?

kdawson posted more than 4 years ago | from the encrypted-plain-text-file-on-a-stick dept.

Security 1007

StonyCreekBare writes "Lately I've been rethinking my personal security practices. Should my laptop be stolen, having Firefox 'fill in' passwords automatically for me when I go to my bank's site seems sub-optimal. Keeping passwords for all the varied sites on the computer in a plain-text file seems unwise as well. Keeping them in my brain is a prescription for disaster, as my brain is increasingly leaky. A paper notepad likewise has its disadvantages. I have looked at a number of password managers, password 'vaults' and so on. The number of tools out there is a bit overwhelming. Magic Password Generator add-in for Firefox seems competent, but it's tied to Firefox, and I have other places and applications where I want passwords. And I might be accessing my sites from other computers that don't have it installed. The ideal tool in my mind should be something that is independent of any application, browser, or computer; something that is easily carried, but which if lost poses no risk of compromise. What does the Slashdot crowd like in password tools?"

Sorry! There are no comments related to the filter you selected.

paper in your wallet (5, Interesting)

Gothmolly (148874) | more than 4 years ago | (#30054472)

Keep them on a slip of paper, in your wallet.

but DONT list what each is for - you can remember that part easily enough

Re:paper in your wallet (1)

AdmiralXyz (1378985) | more than 4 years ago | (#30054608)

I second this. If you have them in your wallet, they are immediately accessible, and if your wallet is lost/stolen, not identifying each password with a particular site will give you enough time to change the passwords before you can be compromised (since most people know pretty quick when their wallet goes missing). Obviously this would necessitate having a second copy somewhere, probably on an encrypted file on your computer that you would use only for the purpose of changing your passwords.

Re:paper in your wallet (4, Insightful)

JohnFen (1641097) | more than 4 years ago | (#30054822)

I agree.

100% security is impossible. Any data you transmit or store on a physical device can be recovered, regardless of encryption. All you can do is make it more costly to recover that data -- the best security makes it more expensive than it is worth.

Given that's true, then all security is a tradeoff. Storing passwords on a piece of paper in your wallet is actually very secure for the majority of people, more secure than you can really hope for without going to extreme lengths.

If you have communications or data that are so sensitive that you really have to go to extreme lengths to protect it, then you need the help of a security professional, not encryption and advice on password management.

So, make your passwords random, different for each thing that requires a password, and write it down on a cheat sheet. Guard that sheet like you would your credit cards. If your wallet is lost, immediately set all your passwords to something temporary then build a new password list all over again.

How about... (1)

bytethese (1372715) | more than 4 years ago | (#30054474)

Passwords in a file that you keep on an external drive locked in a safe? :)

Truecrypt (5, Insightful)

Wingman 5 (551897) | more than 4 years ago | (#30054486)

Do what I set up for my father, Truecrypt installed to a USB key, passwords in a plaintext file inside the arcive.

Re:Truecrypt (4, Insightful)

yttrstein (891553) | more than 4 years ago | (#30054630)

Where does he keep the Truecrypt password?

Re:Truecrypt (5, Funny)

Yvan256 (722131) | more than 4 years ago | (#30054698)

Inside the plain text file, of course!

Xmarks, KeePass and Encrypted Zip combination (1)

ancientt (569920) | more than 4 years ago | (#30054488)

I recommend this three step method:
Step 1) Memorize one very long complex password. Take your time and pick something out that is long enough that someone could watch you type it a dozen times and have absolutely no hope of getting close to it. Use this password to encrypt a zip file, 256 bit AES, with separate text files for each system where you need a password. Never type this password on a computer you can't trust implicitly and save the archive somewhere safe online and on a thumb drive. Update this password list several times a year. Practice mentally regularly.
Step 2) Use the Xmarks plugin with Firefox to gain portable bookmarks and passwords with a fairly complex master password.
Step 3) Pick a password manager that works well for you where you will use it most often. I like KeePass personally. (Much of my work is done from a Windows workstation, so this is a convenience choice.)

The master password file is your personal master backup, in case of a severe event in your life that would let your memory of your other passwords become lost or obsolete. It is what you refer to if you need to decrypt something or recall a password that you haven't used in years. The encryption is expected to remain solid for a long time and it is cross-platform. Xmarks will let you keep your passwords online encrypted and shared between systems and cover your most common needs. KeePass, or similar, will fill in the void for all the other times when you want to keep track of your passwords.

Re:Xmarks, KeePass and Encrypted Zip combination (0)

Anonymous Coward | more than 4 years ago | (#30054578)

one password to rule them all :P

an easier three step method:

1. open a dictionary
2. choose two words at random, memorise them and put them together.
3. add a three digit number to the end of it.

eg. mothbandit222, cyclonephone123, etc. etc.

change this every 6 months or so.

Re:Xmarks, KeePass and Encrypted Zip combination (1)

JWSmythe (446288) | more than 4 years ago | (#30054638)

    Did you ever play with AccessDiver? If I remember right, that was one of the default brute force cracking schemes.

Re:Xmarks, KeePass and Encrypted Zip combination (1)

RuBLed (995686) | more than 4 years ago | (#30054850)

I usually think of passwords as passphrases now.

I often use a combination of words, it could be composed of a constant special character, at least 3 numbers, a word that is relevant to the site or application, and a totally irrelevant word like a dog breed, anime characters, etc etc.

I just shuffle a limited number of combinations and it usually turns out to be something like this:
69slashdot?terrier69
42mail!shepherd42

Keepass (4, Informative)

gad_zuki! (70830) | more than 4 years ago | (#30054494)

Re:Keepass (2, Insightful)

digitalderbs (718388) | more than 4 years ago | (#30054590)

I run keepassx [keepassx.org] myself. It generates strong passwords for you, if you'd like, or it stores all of your passwords in an encrypted file. It gives you the option to copy a password to the clipboard for a given amount of time (10 secs) before it is delete--it removes them on close too.I admit that I was uncomfortable with this at first, but this is no different than decrypting the password, and storing it in memory, before it's shown on screen.

Keepassx also works great on Linux, Macs, and Windows, which I have not yet tried.

Re:Keepass (1)

ralzod (537241) | more than 4 years ago | (#30054692)

KeepassX recently released for the iPhone too.

Re:Keepass (1)

Chewbode (177307) | more than 4 years ago | (#30054628)

I agree. Been using KeePass and Password Safe (both OSS) for years now. Prefer KeePass, but both are great if you keep the database file on a flash drive.

Re:Keepass (1)

supersloshy (1273442) | more than 4 years ago | (#30054634)

Mod parent up. Keepassx, as another comment suggested, is great as well.

Re:Keepass (0)

Anonymous Coward | more than 4 years ago | (#30054668)

It's cross-platform and available as a portable app that runs off a USB stick. Another vote for KeePass.

Re:Keepass (1)

kitezh (1442937) | more than 4 years ago | (#30054718)

I second Keepass.You can have it suggest passwords based on length or acceptable characters. You can also organize your passwords by categories (like folders). Just don't forget your master password. If you don't like using a master password, you can use a digital key instead stored at a separate location (like a thumb drive). Plus, it comes not only for Windows, but there are ports for Linux/Max OSX, iPhone, Blackberry, Palm, etc.

Re:Keepass (1)

Areyoukiddingme (1289470) | more than 4 years ago | (#30054794)

No mod points, so posting. Keepass is the last password manager you'll ever need. Keepass 2 can even sync with a server via scp, with the appropriate plugin. Yes, it supports plugins.

if you use a mac... (2, Informative)

Anonymous Coward | more than 4 years ago | (#30054500)

1password for mac and iPhone/iTouch is a good product

Anonymous account (0)

Anonymous Coward | more than 4 years ago | (#30054504)

I only use the anonymous account. No one will ever know the password. Haha .. wait!

Use your head and quit your bitching. (1, Insightful)

Anonymous Coward | more than 4 years ago | (#30054506)

You underestimate the capacity of a human brain to store information.

Re:Use your head and quit your bitching. (1)

clang_jangle (975789) | more than 4 years ago | (#30054650)

Agreed, use it or lose it. Having said that, I do compromise a little -- I memorize a new 30 character password quarterly, and create several easy to remember variations to replace the original first 4 and last four characters. Then there is the one "easy" password used for everything non-critical. Of course, the idiots who run both banks I use hire coders stuck in the 90s who can only accomodate 8 character, alpha-numeric-only passwords, so I have to have unique passwords for those. I think it's crazy that one could brute force my bank account so much more easily than my root account, but that's the way it is. If the above sounds too hard to you, you probably just need to exercise your brain more.

Keepass (0)

Anonymous Coward | more than 4 years ago | (#30054508)

KeePass is a great application that runs on any platform - the file is encrypted ensuring that in the event your lappy gets stolen, your passwords will remain secret - that is unless your password is password.

Do you really need to ask? (0)

Anonymous Coward | more than 4 years ago | (#30054512)

Hasn't everyone heard of KeePass (and KeePassX)?

http://keepass.info/

http://www.keepassx.org/

Simple (2, Funny)

CrAlt (3208) | more than 4 years ago | (#30054514)

Just use the same password for everything. I use "1234".. its the same as my luggage combo

Re:Simple (1)

nelsonal (549144) | more than 4 years ago | (#30054556)

That's amazing. I've got the same combination on my planetary air shield.

Re:Simple (1, Informative)

Yvan256 (722131) | more than 4 years ago | (#30054734)

Then you remember wrong. Your planetary air shield combination is 12345.

Re:Simple (0)

Anonymous Coward | more than 4 years ago | (#30054864)

wow. not even funny by nerd standards. that hurts

Re:Simple (1, Informative)

Anonymous Coward | more than 4 years ago | (#30054728)

sorry, the password was 12345 if you're trying to be funny and quote spaceballs.

Re:Simple (2, Informative)

Lord Kano (13027) | more than 4 years ago | (#30054780)

Lazy ass. Even President Skroob used one more digit.

LK

The most secure place (1, Insightful)

areusche (1297613) | more than 4 years ago | (#30054518)

Is your head. Plain and simple. Never write a password down on your hand and NEVER on a sticky note on your monitor. Make at least two or three passwords. One for forum and slashdot and another for banking and secure sites. Use firefox's "master password" lock and set that password to your third password.

Re:The most secure place (1, Redundant)

AdmiralXyz (1378985) | more than 4 years ago | (#30054688)

Is your head. Plain and simple. Never write a password down on your hand and NEVER on a sticky note on your monitor. Make at least two or three passwords. One for forum and slashdot and another for banking and secure sites. Use firefox's "master password" lock and set that password to your third password.

Congrats on completely ignoring every part of the OP's question. Your head is not the most secure place if your memory ain't what it used to be, because you'll inevitably be writing it down, and the OP specifically mentioned that he is using Firefox for password management now and wants to move away from that.

It always baffles me when people obviously don't read the question on an Ask Slashdot before jumping in with an answer. What the hell makes you think you can solve someone's problem when you can't even be bothered to know what it is?

(also: writing it on your hand? Seriously? Who does that?)

Re:The most secure place (2, Insightful)

JWSmythe (446288) | more than 4 years ago | (#30054742)

    That's not the best idea. If a secure location becomes compromised, you just gave up access to everything you do. Not to say people don't do it, but people also set their passwords to "password".

    Here's an old post [slashdot.org] I did here 4 years ago on the subject. Users haven't gotten any smarter. Just poorer when their bank account gets compromised.

Re:The most secure place (1)

Cheech Wizard (698728) | more than 4 years ago | (#30054838)

Not to mention people who set their password to be the same as their user name.

Roboform! (1, Informative)

Anonymous Coward | more than 4 years ago | (#30054524)

The passwords are saved in files and are encrypted and you an password protect roboform so they can't access your passwords, after saving your passwords in roboform be sure to clear firefox or IE's saved passwords. Also get a USB stick and backup all you passwords, it's very easy to do. Then you can keep your master password to access editing the encrypted pass files as something you use all the time like your bank pin + some other word fudge factor you'll easiy remember

http://www.roboform.com/ [roboform.com]

Hashapass (2, Interesting)

PercentSevenC (981780) | more than 4 years ago | (#30054526)

Generates reasonably strong passwords that I don't have to worry about forgetting or storing. Works well for me. http://www.hashapass.com/ [hashapass.com]

Re:Hashapass (1)

rockNme2349 (1414329) | more than 4 years ago | (#30054744)

A hashed password is exactly as strong as the input to the hash.

Re:Hashapass (1, Insightful)

Anonymous Coward | more than 4 years ago | (#30054766)

I use such a method, except in my head. I have a master half-password that I combine with a quick hash of the name of the thing it's for.

For instance, suppose your master password is "UNIQUE" and you want to use it for Google.

Further suppose you've settled on the hash of second and last leters---(o,e) in the case of Google---and always split your master into two parts. Then you could form the password UNIoQUEe for Google.

For Yahoo, you'd pull out the (a, o) and similarly produce UNIaQUEo

For Microsoft (i,t) resulting in UNIiQUEt

etc.

Then you just have to remember that your password for anything is UNI(something)QUE(something else).

You can form this hash different ways and more complexly, of course--whatever works for you.

1password (2, Informative)

excalibur313 (920557) | more than 4 years ago | (#30054530)

If you have a mac, definitely get 1password. It encrypts all of your passwords in a database that is accessed via 1 password that temporarily unlocks it. You can have it generate very long passwords on the fly too to make it very secure. It stores passwords from all websites that can be recalled during a session by pressing apple+\ but it locks after a period of time where it asks for the master password. You can also store secure notes, and keychains from applications.

Re:1password (1)

rickyb (898092) | more than 4 years ago | (#30054572)

I second this. I've been using 1Password since it was 1Passwd (remember that?!) and it's saved tons of time and kept me secure. 1Password 3 is now in beta. It's a great program - unparalleled on the Mac or PC (passwords saved on Mac can be accessed on the PC through a secure html file - it's made to work well with Dropbox in particular).

Re:1password (2, Informative)

Jerry Rivers (881171) | more than 4 years ago | (#30054598)

I'll second this. 1Password also works with both Safari and Firefox (and maybe others), allowing you to disable the browser's ability to remember passwords. All you need to do is remember the master password. It's an excellent utility for corporate environments too.

Try Keepassx (2, Interesting)

willyg (159173) | more than 4 years ago | (#30054542)

I've used Keepassx for a few years now. It's cross platform (Windows / Linux) and stores the files encrypted. I tried one of Bruce Schneier's public domain solutions previously, but the Linux install (Password Gorilla ???) was rather painful on some systems if I recall correctly.

Just be sure to use a substantial password for the database...

PasswordSafe (5, Interesting)

Avenger546 (69810) | more than 4 years ago | (#30054544)

I first saw the link to PasswordSafe [sourceforge.net] from Bruce Schneier's site. If I have to take advice from someone on keeping something secure, it's Bruce.

Re:PasswordSafe (1)

darthwader (130012) | more than 4 years ago | (#30054648)

I agree. I haven't tried all the others, but I use and am happy with PasswordSafe. It's native Windows only, but there is a Java version by someone else which works just fine on Linux x86 (and x64 with some hacking). I don't think the Java one works on other Linux platforms, since it uses JNI and requires some native libraries.

Easiest one is... (2, Interesting)

JimboFBX (1097277) | more than 4 years ago | (#30054548)

Memorize an e-mail address and change the @ to a '2'. Instantly you have a 14 - 20 character password. Use a shorter 8 character password with a number you can rotate on for sites you dont necessarily trust (i.e. where an administrator could potentially google your username or e-mail and try out your password at other web sites)

Roboform bar none (0)

Anonymous Coward | more than 4 years ago | (#30054562)

I've been using Roboform for years. Highly recommended and works with IE, Firefox and Chrome.

Plain-text on a different computer? (2, Interesting)

Capsaicin (412918) | more than 4 years ago | (#30054564)

If you have access to any other box, how about a plain-text file there? Even a little security through obscurity (ie hidden file burried in the filesystem somewhere) would be better than letting Firefox automagically fill it in. I guess you could always encrypt the file so you only have a single one you absolutely must remember (shades of Flourish and Blott's losing all those copies of the Invisible Book of Invisibility though).

KeePass - fantastic software. (4, Informative)

clockwise_music (594832) | more than 4 years ago | (#30054574)

KeePass [keepass.info] .

* Stores all of your passwords in a secure encrypted file

* Has auto-type so you don't have to type or remember your passwords

* Has a great password generator tool, so that you can reset all of your passwords to something secure

* Easily transferable password database.

* Can run off a USB stick

I checked it out a month ago on the recommendation of a mate, and have been using it ever since.

It has everything that you need. Fantastic program and has been serving me brilliantly for the past month. I have now gone through all of the sites that I use regularly and have been resetting my passwords to something random. If any of those passwords are leaked then it won't be the disaster it could have been!

And on the plus side, for the sites that I login to very occasionally (eg, once every six months) I don't have to scrounge around in my memory trying to figure out what my username+password is.

And for those horrible sites that have mandatory minimum password requirements, it makes it really easy to generate a password that fits their bizarre criteria. (Eg, only 6-10 characters long, certain characters not allowed, must contain upper and lower case etc etc etc).

Don't use Firefox's password storage! They are all stored in plain text! Anyone can view them!!

MyPasswordSafe (0)

Anonymous Coward | more than 4 years ago | (#30054576)

on Linux, aka PasswordSafe on Windows (I think). Bruce Schneier first did the Windows version, and it's all open source, so it's should be safe and easy.

Hmm (1, Funny)

Anonymous Coward | more than 4 years ago | (#30054580)

The ideal tool in my mind should be something that is independent of any application, browser, or computer; something that is easily carried, but which if lost poses no risk of compromise. What does the Slashdot crowd like in password tools?"

I've come up with an incredible solution to your problem!

Used condom wrapper: It fits in your wallet. It's easy to come by. Almost nobody will stop to pick up and investigate your used condom wrapper for secret passwords.

Pros:
- It's highly likely to be thrown away by a pissed-off janitor if it is found
- It could be infected with a disease, so people won't want to touch it
- It gives you "this geek may have had sex cred", and believe you-me... That comes in handy

Cons:
- If you keep it in your pocket and it gets washed, you might have some 'splaining to do to your committed girlfriend or wife

Other than that, it's pretty much a perfect idea.

I'll Paypal you an invoice for my time. TIA.

Try using your brain. (0)

Anonymous Coward | more than 4 years ago | (#30054584)

Best tool I can recommend is the brain. It has an amazing capacity for remembering passwords when properly exercised. And if it's lost, well, then there's no reason to be concerned.

LastPass (0)

Anonymous Coward | more than 4 years ago | (#30054586)

I've using LastPass for the past few months and like it immensely. It integrates with almost every major browser. It also can generate a random password for you. Check it out: https://lastpass.com/

Password Manager XP (1)

RudySolis (1438319) | more than 4 years ago | (#30054588)

from http://www.cp-lab.com/ [cp-lab.com]

Works great, is inexpensive and secure.

We use it at work and can assign different users different permissions.

It's also portable, so you don't have to install it on your computer, you can copy it to a thumbdrive and take it with you anywhere.

Key Chains (1)

hillbilly1980 (137340) | more than 4 years ago | (#30054592)

First of when using firefox, use the password manager. From what i understand it encyrpts your passwords with your master password. For everything else from secure notes, ssl keys, to passwords i use a custom container in Key Chains. The built in password manager of any OS X machine.

Gator! (0)

Anonymous Coward | more than 4 years ago | (#30054594)

the best spyware password tool evar

Never store your passwords! (1)

JWSmythe (446288) | more than 4 years ago | (#30054600)

    Never ever ever ever (EVER!) store your passwords where they can be retrieved by unauthorized 3rd parties! That includes password storing utilities, scraps of paper under your keyboard, or a little note in your wallet.

    Written down, in a lockbox, in a safe, in the floor of your basement, under a rug, in your house that has an active alarm system (that you use), in a armed guard and gated community is ok. Ok, most of us can be a bit less secure than that, but I don't recommend it. :)

    Choose your passwords intelligently. Then they'll be easier to remember.

"W)Wg#jwe9^)SEG" is pretty hard to remember.

"BankPass" is a terrible password, but easy to remember. Don't use it.

"Wh3rzIzM!M0ny?" (Where is my money?) is easier to remember, even though it's a nice secure password. I dare any brute force attack to get that one. :)

    For the sake of legacy access (like, when you get hit by a bus, and your wife needs to get into your accounts), make sure a second *TRUSTWORTHY* person knows the combination to the safe in your basement.

Post-It Note on the Monitor (4, Funny)

Prototerm (762512) | more than 4 years ago | (#30054602)

Post-It notes have the distinct advantage that no computer virus or Trojan can steal it.

Re:Post-It Note on the Monitor (1)

ya really (1257084) | more than 4 years ago | (#30054658)

Doesn't account for "backdoor" exploits like curious girlfriends who might soon be ex's, pointy haired bosses or spiteful coworkers though :p

Ironkey (1)

xav_jones (612754) | more than 4 years ago | (#30054604)

I've been thinking almost the same thing for a little while now. One of the solutions I think might work is an IronKey [ironkey.com] . While remembering passwords isn't so much of an issue for me it will be for my wife if, heaven forbid, something should happen to me.I'd very much like her to have easy access to important information -- things like banking passwords, insurance and retirement accounts come to mind. I'd also probably put scans of important documents on there -- not that you could use a printed copy -- but more of a database to make ordering new documents easier if there was an emergency and those documents were lost. It is also important that it be as cross-platform as possible, since I may not be around to get it to work. :\ I haven't really come across a software-only solution that fulfills most of these criteria.

Mnemonics (1)

dandart (1274360) | more than 4 years ago | (#30054606)

Do as I say, not as I do! :
Da15,naId!
This and other security practices at my blog [blogspot.com] . Hope you find it useful here!

Opera Password Manager (1)

ya really (1257084) | more than 4 years ago | (#30054610)

Opera stores multiple passwords for sites (like say if you have a few gmails). Unlike normally with most built in password managers, Opera allows you to set a master password that prompts you to enter it before it'll show your current passwords for a website. It works sort of like this:

Opera does not store its Master Password in the plaintext format. Moreover, Opera doesn't even store its hash. The developers have chosen a different route: the password along with the salt participates in the encryption of a portion of data and then, to check the validity of the password, it uses the decrypted data hash and the original salt value.

source: http://www.passcape.com/choosing_master_password_decryption_method.htm [passcape.com]

Re:Opera Password Manager (1)

BlueWaterBaboonFarm (1610709) | more than 4 years ago | (#30054830)

Also, you can move the wand.dat file to another computer (with Opera). Then just use you're master password. Saves you from having to remember you're passwords on every computer.

Re:Opera Password Manager (1)

Lehk228 (705449) | more than 4 years ago | (#30054852)

firefox also allows a master password, i don't know the exact behavior of it WRT encryption though.

Text File w/ hints (1)

beernutmark (1274132) | more than 4 years ago | (#30054614)

I use a variation of the plain text file. I use a file but instead of listing the actual passwords I write memory hints to remind me what the passwords are and not the actual passwords. This does have the flaw that I am using many variations of a few passwords for most of my needs. The hints help me remember what variation of the password is for that site. If someone else got that file they wouldn't be able to make much use of it.

I also use simple throw away passwords combined with mailinator.com for websites/forums that I don't really care about security wise. If I forget the password I have it resent to mailinator.

--
Placeholder for future witty sig.

Can't be 100% secure (3, Insightful)

Darkness404 (1287218) | more than 4 years ago | (#30054620)

The first thing you have to realise is you can't be 100% secure. Keeping plain text files isn't that terrible of an idea in all honesty, your situation of where someone would steal your laptop and access all your files and look for passwords is unlikely. Your hardware is much, much, much more valuable to most thieves than your data. I bet most either A) just wipe with a clean install of Windows B) just randomly checks a few sites and gives up or C) scraps your laptop for individual parts. A laptop thief is not usually a tech person. When faced with encryption they aren't going to try to break in, after all your laptop is worth at least $50 on the black market no matter what the data is on there, so long as it boots up it is sellable.

Similarly, few thieves are going to be looking for passwords on old sheets of paper. Most thieves if they break into a house look for A) cash B) jewellery C) expensive-looking technology. Even though it is much more important to us geeks, a thief is going to go for sellable things, chances are your plasma is more sellable than your Pentium 4 tower, your monitor more than your external HDD and your PS3 more than your stack of back-up DVDs.

There is a -lot- more threat from crackers, viruses, keyloggers and other malware than the run-of-the-mill thief getting your laptop.

File Encryption or KeePass (0)

Anonymous Coward | more than 4 years ago | (#30054626)

You can try KeePass to store all your passwords or by far the easiest method is to to save all the passwords in a text file & encrypt the file using any file encryption tool like AxCrypt.

Write your own (2, Insightful)

mobets (101759) | more than 4 years ago | (#30054640)

I wrote my own password generator in vb.net. I'm sure it's not as random as it could be, but I think it's good enough.

Re:Write your own (2, Insightful)

MichaelSmith (789609) | more than 4 years ago | (#30054842)

I wrote my own password generator in vb.net. I'm sure it's not as random as it could be, but I think it's good enough.

Well okay but how do you remember it? Unless the password generator always generates the same password.

supergenpass ? (1, Informative)

Anonymous Coward | more than 4 years ago | (#30054646)

no one mentioned http://supergenpass.com ?
supergenpass hashes the base url with your main password. you can also customize the length of the final password.
it works in every browser (bookmarklet) and you can also use it if you aren't on your computer with the mobile version.

Firefox is okay (1, Insightful)

Anonymous Coward | more than 4 years ago | (#30054654)

The Firefox automatic password remembering thingy is okay. Not too worried about if the computer is stolen as I have a BIOS password plus there's not exactly enough money in my bank account to be worth bothering with, and my bank system doesn't actually let you do a lot without human intervention. My biggest worry, actually, was if Firefox would ever show me these saved passwords in case I do wish to make an attempt to remember. It can. Cool.

What I can't believe is how many people are giving their best ideas for remembering passwords. Was this a serious question or a cleverly disguised bit of social engineering?

Password Safe (2, Informative)

antic (29198) | more than 4 years ago | (#30054660)

I have to track a lot of personal passwords and also 200+ passwords for client websites, emails, etc. I use Password Safe and recommend it:

http://passwordsafe.sourceforge.net/ [sourceforge.net]

Hides when minimised and has a useful function that enables it to copy a password and minimise again when you double click a client name (i.e., if you need their main/default password). Quick and easy.

Used to have Filezilla set to remember client passwords until a PDF hole led to a bot stealing Filezilla's password store and auto-hacking a lot of sites that were a serious pain to clean up.

Re:Password Safe (1)

jomama717 (779243) | more than 4 years ago | (#30054788)

I have used Password Safe for a few years now and I have no complaints. It has a nice feature that lets you install it standalone on a USB key drive (no registry settings, etc.) so I can just carry the little drive around with me and plug it in where I need it.

The password DB is encrypted, the "safe" is password protected, the USB key is encrypted and password protected, so I feel pretty safe carrying around all 2-3 hundred (work and personal) passwords with me. I'm just not looking forward to the day that I inevitably lose the damned thing and have to reset all of my passwords...

KeePass (1)

bbdd (733681) | more than 4 years ago | (#30054670)

Another vote for KeePass

Use a formula (0)

Anonymous Coward | more than 4 years ago | (#30054680)

I use a memorized formula that does not change, but continuously generates new passwords as time goes on. That way my password is based on the time it was created, and another memorized section.

Gringotts (1)

elwinc (663074) | more than 4 years ago | (#30054682)

Gringotts used to be goog. Gringotts saves info in encrypted files. You still need 1 password to decrypt the file, but you can have copies of the file in multiple places. See http://directory.fsf.org/project/gringotts/ [fsf.org]

Re:Gringotts (1)

elwinc (663074) | more than 4 years ago | (#30054740)

Oops! Current maintained version of gringotts is at http://gringotts.berlios.de/ [berlios.de]

All kinds of solutions that work, really .... (1)

King_TJ (85913) | more than 4 years ago | (#30054686)

I've researched this one for my boss, as well as for personal use. I agree that for Mac users, 1password isn't too bad a program.

If you want a *hardware* based solution, I've looked at Mandylion Labs' Password Manager before too.

Personally, I thought the Mandylion Labs solution was overkill for anything less than corporate use, though. Its "strong points" are largely centered around an I.T. staff centrally administering password policies for the keyfob and so on.

Another basic, but potentially effective and useful solution is simply keeping track of your login info in a text document, but maintaining that document someplace like Google Docs. Then, wherever there's Internet access, there's the ability to get to the document and it's platform-neutral. No worries about a computer drive crash causing you to lose all your passwords either.

Keepass (1)

Lorien_the_first_one (1178397) | more than 4 years ago | (#30054690)

Keepass is cross platform works on PC and Linux. :) Makes it easy to keep different credentials for every site you go to. Keeps passwords in an encrypted file.

http://keepass.info/ [keepass.info]

Do what everyone does (1, Funny)

Anonymous Coward | more than 4 years ago | (#30054694)

Do what every idiot in my office does - use their name.

Sure, I try to change the password policy on the server, but of course management gets mad because they can't use "bill" to login and "bill" for a password.

Just this morning someone was all in a huff that there was an open document on their computer. Well, change the password retard, and logout at the end of the day.

BTW, I'm the sysadmin.

Seriously though, if you really can't remember, try using paper and pen in a very cryptic method so as to not shout "I'm a password list" or use a "base" password and addon specifics regarding the login site, for example, for facebook "billbook," for google, "billgoogle," you know, like the retards in my office.

Revelation + PasswordSafe (1)

talcite (1258586) | more than 4 years ago | (#30054704)

I use a split solution.

On my desktop running Gnome, I use revelation. It has a handy applet you can add to the gnome toolbar.

You can export your password file to something compatible with PasswordSafe and then do a USB key install on it. Since the file is encrypted, you don't need to worry about people getting access to your accounts if you lose the USB key.

Do you have a Blackberry? (0)

Anonymous Coward | more than 4 years ago | (#30054708)

I encrypt everything about myself in SplashID (passwords, credit cards, account info), and sync my home computer to my Blackberry. I have been doing this for years (first with my Palm), and it has always been a reliable method to carry all my secret data. All I have to do is never forget that *one* password.

How I remember passes (1)

ya really (1257084) | more than 4 years ago | (#30054710)

I make my passwords something totally ridiculous that would probably be offensive to most people or certain groups I dont care for, haha. Something like macFanb0ysRghey&. Sure, I remember it, but if there's ever a chance you have to share that password with someone else, you either have to change it or see the person's face look like O.o

Simple - a spreadsheet (1)

seifried (12921) | more than 4 years ago | (#30054724)

A spread sheet kept securely (encrypted file, not excel/etc. encryption but something like PGP or TrueCrypt). There are specific programs for this but I find a spread sheet works better.

3 steps (0)

Anonymous Coward | more than 4 years ago | (#30054730)

1: Pick 3 six digit passwords that are not dictionary words (one should have some numbers in it)
2: Use the simplest one for your low level password for sites that require one.
3: For other sites use a combination of the 3 passwords, either the same one repeated or 2 or 3 of them together as a group. Mix&Match, if you forget a password for a site, it is one of the combinations of those three.
extra credit: if you want, give each password a NAME that has nothing to do with the actual password. Then feel free to write down the NAMES of the passwords anywhere you want!

This has worked for me for a long time with no problems, I have had problems with the replacement passwords assigned to me like 7qyR&8T . I just forget them and have to write them down or save the email. someone once got into my email and got those passwords! Never again.
If I REALLY have to save info in a text file, I do that, but I add .jpg to the end of the file name. Casually clicking on it won't open the file, you get an error. If I open it from within the Text Editor program it then opens fine. Security through obscurity works well enough for me.
I also have a safe in my house. Everyone knows I have a safe. There is nothing in it.
I hide my valuables in a fireproof box elsewhere.

Definitely porn stars (1)

sgt_doom (655561) | more than 4 years ago | (#30054738)

Porn star names....definitely, always works for me. Plus, I can then guess other users' passwords much more easily and don't need to bother with those pesky password cracking software. Let's see....jjordan (jana jordan), mistiluv (misti love), brandytal (brandy talore).....

eWallet over paper (0)

Anonymous Coward | more than 4 years ago | (#30054746)

I use eWallet on my cellphone, with secured cleartext copy at home. Very convenient, relying on semi-trusted vendor/security and pretty much with me at all times... but when I lost my previous cellphone this summer on a bus, I was able to have access codes/passwords changed in hours. And subsequently have had NO indication that the *.wlt file was ever breached. Also, passwords are "scrambled" by a simple memorized algorithm; enter the text you see and you won't get in.

My wife, OTOH, kept this kind of info cleartext on paper in a "bag" (not her purse) and we had a major panic when that was stolen from her car in a smash-n-grab.

Password Gorilla (1)

Lord Kano (13027) | more than 4 years ago | (#30054754)

I had to address this same issue recently myself. I'm getting an increasing number of login/passwords. I won't use the same combination on any two sites and I'm in my 30s. I can't remember passwords like I could 10 years ago. For me Password Gorilla [www.fpx.de] was the product that fit all of my needs.

It's Free/OSS, runs on all major platforms, can be run from a flash drive and is compatible with the Password Safe file format.

LK

I use (0)

Anonymous Coward | more than 4 years ago | (#30054760)

1password for Mac OS X. Wait you meant for Linux, right?

This isn't my locker...

Prepended or Appended Passphrase (3, Interesting)

codermotor (4585) | more than 4 years ago | (#30054778)

Create a passphrase which you prepend or append to every important password. Don't divulge that passphrase to any but the most trusted (spouse, family attorney, etc.).

Keep a list of passwords sans the passphrase in a safe but accessible place in case you forget one. If someone finds that list, it'll do them little good since not only will they not know the passphrase, neither will they even know it exists.

I'm assuming you have no state secrets or other seekrit stuff which may be intimidated out of you by other means (pliers, electrodes, etc.).

In plain view (1)

MichaelSmith (789609) | more than 4 years ago | (#30054800)

Looking around I can see lots of words and phrases, such as

  • surface
  • mammoth
  • X Toolkit Intrinsics
  • exit
  • wsjp133 (the asset ID of my cube neighbors PC)
  • ADA 2005
  • Depression

...and so on. Remembering where your password can be seen is a good aid to memorising it. And if that doesn't work it is right there in front of you.

Cellphone contact list (0)

Anonymous Coward | more than 4 years ago | (#30054806)

Cellphone contact list...until your phone dies or goes missing

brain (1)

JeanBaptiste (537955) | more than 4 years ago | (#30054814)

I have literally hundreds of passwords memorized, yet I cannot match a face to a name without much effort =(

Hashing Works (5, Interesting)

Aaron_Pike (528044) | more than 4 years ago | (#30054828)

I use a mental hash for my less important passwords. That way all I have to do is look at the web site's name and run it through my hash function to come up with the password for that site. That way, I only have to remember the function and not the plethora of passwords.

A simple mnemonic (0)

Anonymous Coward | more than 4 years ago | (#30054832)

Make one good, difficult-to-crack master password. Then, for each site which requires a password, make up a unique one which is a function of your master password and the name of the site.

As a simplistic example, if your master password is "s3cr3t", then you can use "s3cr3t#slsh." for your slashdot account, "s3cr3t#b@nk" for your bank account, etc.

The overlap means that the amount of gibberish you have to memorize is minimized, yet each of your passwords is still unique.

use an algorithm (0)

Anonymous Coward | more than 4 years ago | (#30054848)

Create some basic algorithm that applies to all the passwords. For example you could shift the value of the first 5 letters in the domain name 5 places. Chase becomes hmfxj for example.

The hard part is remembering all the different rules that each site has for their password. You could keep that in a text file. So if chase requires a capital letter and a number in the password you'd note Chase=cap * + num and know to capitalize the first letter from your algorithm and append whatever number you always use.

This won't provide the strongest possible security, but if you're just worried about some petty thief taking your laptop this is probably adequate.

Like I'm gonna tel you. (1)

jazzmans (622827) | more than 4 years ago | (#30054868)

Like I'm gonna tell you what I do. . . Don't write them down, don't use the 'remember password' option for bank websites. That is all.

jaz

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?