Slashdot Mirror
Best Tool For Remembering Passwords?
StonyCreekBare writes "Lately I've been rethinking my personal security practices. Should my laptop be stolen, having Firefox 'fill in' passwords automatically for me when I go to my bank's site seems sub-optimal. Keeping passwords for all the varied sites on the computer in a plain-text file seems unwise as well. Keeping them in my brain is a prescription for disaster, as my brain is increasingly leaky. A paper notepad likewise has its disadvantages. I have looked at a number of password managers, password 'vaults' and so on. The number of tools out there is a bit overwhelming. Magic Password Generator add-in for Firefox seems competent, but it's tied to Firefox, and I have other places and applications where I want passwords. And I might be accessing my sites from other computers that don't have it installed. The ideal tool in my mind should be something that is independent of any application, browser, or computer; something that is easily carried, but which if lost poses no risk of compromise. What does the Slashdot crowd like in password tools?"
http://keepass.info/download.html
KeePass.
* Stores all of your passwords in a secure encrypted file
* Has auto-type so you don't have to type or remember your passwords
* Has a great password generator tool, so that you can reset all of your passwords to something secure
* Easily transferable password database.
* Can run off a USB stick
I checked it out a month ago on the recommendation of a mate, and have been using it ever since.
It has everything that you need. Fantastic program and has been serving me brilliantly for the past month. I have now gone through all of the sites that I use regularly and have been resetting my passwords to something random. If any of those passwords are leaked then it won't be the disaster it could have been!
And on the plus side, for the sites that I login to very occasionally (eg, once every six months) I don't have to scrounge around in my memory trying to figure out what my username+password is.
And for those horrible sites that have mandatory minimum password requirements, it makes it really easy to generate a password that fits their bizarre criteria. (Eg, only 6-10 characters long, certain characters not allowed, must contain upper and lower case etc etc etc).
Don't use Firefox's password storage! They are all stored in plain text! Anyone can view them!!
Firefox has a "master password" feature. Use it, and remember just one password. It'll prompt you for the master password the first time it visits a site that has a saved password.
I prefer the built-in Mac Keychain. With the Mac OS Keychain plugin, Firefox will save its passwords there as well (and it can share them with Safari).
One important consideration - change your Keychain password so it's different than your login password. Use something that's easy to remember but hard to guess, e.g. the price of a cheese pizza and a large soda at Panucci's Pizza ($10.77).
#DeleteChrome
I do something similar, but its the default output of pwgen. All I have to do is recall the first few syllables, the general grid location of the password, or just a part of the password.
I carry this around in my wallet, sure my password is on there, but with no real frame of reference its hard to decipher and make a guess.
Also, suggest printing with a fixed width font.
$ pwgen
gah5eiP2 Ga4cie3c ya6gaiTi eic1EeCo Shaisae5 ChaeXah2 Jaet0ooz ahThai3j
Yie7UH9f Iefie1ja ooghu8Oh uot7aeL0 gughes2M fahGh9ah Ohz7ohto wae2Seh1
avah3Oog Iechie2f eiPhoZi9 Mavohli9 Kohshis7 Meilo8ce Queis5hu Eiz9aij8
Pae9ahPu Equ0zoo9 Oothahk3 pich2Xao IeZai3ae aiLa7Ath Eol2aes7 aeZ5raht
AVai9nee Aam7ahzo Ioch2oqu faiGh0th eYae2ohl si7Te0we einai3Wa oash6Ahj
Eik5uul2 opai8zoY ohw5Ihaf Mi7keix9 aevi1Wa3 mo9ohJ5I Piek2yoR Si1phieZ
Ahc9luch ohNg6Oon daghieP9 reCh7jas joo4ooVi yooR6yeu eeph5Aip shie3Ahp
quoVeg8U Nee3phah CahXee0r aoD8Thai Ai5Aigha eePh0zee Cheip5Ch xeebe0Oy
laeFeez4 Ag9sheeR Ga4gooph Oijae9da aePao2ta ahz8ieNg bu9EhieS quooWoo3
ahghea7N Bot9hieC He3eeGhi ouli8Oof ik3Ohsoh Rahz9Che aeXaNg1e soh3Thee
Ahkith6u Ahs2Zuid eth6Ej0o Go0iho1d xaPhah9z aiNg1yoh Aer8Eet3 juZ3aThu
gee4KooK Hee9iqu3 Duh4aipu AiP6ahph Shaec5ne neeXa6Re Roh6fief Baef9ieM
eeGoo4ie eva1aeQu lu4hiJoh sae2DuYu fahGae7b Doh5Ifi6 jeish9Ae Rierieb5
Eedae7Iu moo6aiG3 ohNei0ie ew9ieHeu xoh5caeL NeiD0ohs iipe4aeP Lich0xak
Oozei5ao gaNgieV2 Dei0ae9l us3Loh8k phal5aeN aip0KeeV Aeg1rais oth1Ahdi
was3ow8Y Oquud1bu emee7Ohr iewa6baJ ao8Airie beegooL9 heiveF7u ongooD9w
iic4uGh0 Ohn9zeiC Neen4noh kei1Seng chieV3oh QuuQu2ju Eex1gaf3 aot8Dah1
EDoh1aej eaBae1ri Eih0woh6 Eiw3Johp Yi3aizuu Og9shohl ho6mi6Xu AeT8eihu
Iev5ohph lies0Iev eeV4jiek Tha1xoo8 gua9biiT aa4Maiga ohXoh3ai eisi8Jee
Ieloh3mo Quoch6sh Eecha0Ra zahnguM8 ieP5Jeye Mao5maec Ephae8af quihei8A
keepass is available for windows linux and osx. You can run the windows version as a standalone binary.
I keep my keyfile and db on usb key (with backups of the db strewn around all over the place), and the master password in my head
keepass is available for windows linux and osx
Dunno why you'd need it on Mac OS X though, the built-in Keychain and Keychain Access.app does the same thing and more. It will do autofill, autofill after asking you for the master password, or you can just use it to store the passwords and look them up manually.
Keychain can also store secure notes and certificates for websites and such. It's pretty nifty how well it all works, you hardly ever have to worry about manually managing passwords and certificates.
Sapere aude!
KeepassX is a truly cross platform version of keepass. It does not run under wine and is just about indistinguishable from the windows-only keepass.