Slashdot Mirror
Memory Tools for Password Management?
New Media Blogger asks: "A co-worker of mine recently got burned hard because they used the same password for all of their online accounts. This experience led me to compile a list of easy-to-use password management memory tools (all free, of course), which make it infinitely easier for me to keep track of my dozens of passwords. I am sure many of the Slashdot crowd have memory tools of their own — what are you favourite password memorization tools?"
The methods described in this article don't seem to be very useful. I have seen one method that works fairly well. Come up with a sentence you know you can remember. It can be something out of the blue like: "I prefer accessing Gmail in Firefox for the skins extension." Then make your password "IpaGiF4zse". The first letter of each word, the number 4 or 2 for for or to, too, etc. Even other ones can be used like 8 for ate and 3 for a word starting with e. The z makes sense for a replacement of t in the because if you use the pronunciation of the that sounds like thee, z and thee are fairly similar. Those types of schemes make sense.
But the better answer is:
Get a program like passwordSafe. It's GPL and it works great it even can generate the random passwords for you with whatever rules the given site or system allows. Just copy the database file to a backup every so often and all is well.
Use an MD5 password generator. You can use the same password across sites, but it won't get compromised. Ever. There are a few sites like these that can help you generate these passwords:
s wordComposer/
http://passwordmaker.org/
http://angel.net/~nic/passwdlet.html
http://www.xs4all.nl/~jlpoutre/BoT/Javascript/Pas
Javascript + Nintendo DSi = DSiCade
I've recently discovered password safe [sourceforge.net].
If you use *nix, then MyPasswordSafe is your friend. It uses the same file format as password safe.
If you use Mac OS X, then Password Gorilla is your friend. It too uses the same file format, though it is a tad slow on open and save operations.
MyPasswordSafe is Qt-based (but it is better than the GTK-based equivalent password management program out there, and I generally prefer GTK-based apps over Qt-based apps). It should theoretically run on Mac OS X and Windows. I don't know about its status on Windows, but I know it doesn't work on Mac OS X. I have managed to get it to compile, but it segfaults. Once the semester is over, I intend to delve into it a little.
Password Gorilla also runs on practically everything. However, it is a Tcl/Tk application and looks ugly on every platform except for Mac OS X (thank you Apple for making some of these GUI toolkits not so ugly).
The neat thing about having all these programs out there is that they are compatible and make it a cinch to move your password database across machines and have it be usable everywhere.
I don't think you understand how it works. What you do is you enter the password (it can be the same for all sites), then enter the name of the site (which can be pulled from a bookmarklet). A bit of Javascript on the client then hashes that information using the MD5 algorithm, and spits the result back out as a secure password.
The beauty of this is that no one has your password except you. And if you forget the generated password, you can always regen it by entering the exact same information. However, since hashes can't be reversed, your master password will not be compromised even if a lame admin compromises your generated password on his site.
Javascript + Nintendo DSi = DSiCade
So get a downloadable version and back it up.
The online version is common because these passwords are for websites. So making a web-enabled version is a no-brainer. But the algo is so straightforward that it was pretty easy for the guys who made it to port it to different platforms.
Javascript + Nintendo DSi = DSiCade