Slashdot Mirror

← Back to Stories (view on slashdot.org)

Best Tool For Remembering Passwords?

Posted by kdawson on from the encrypted-plain-text-file-on-a-stick dept.

StonyCreekBare writes "Lately I've been rethinking my personal security practices. Should my laptop be stolen, having Firefox 'fill in' passwords automatically for me when I go to my bank's site seems sub-optimal. Keeping passwords for all the varied sites on the computer in a plain-text file seems unwise as well. Keeping them in my brain is a prescription for disaster, as my brain is increasingly leaky. A paper notepad likewise has its disadvantages. I have looked at a number of password managers, password 'vaults' and so on. The number of tools out there is a bit overwhelming. Magic Password Generator add-in for Firefox seems competent, but it's tied to Firefox, and I have other places and applications where I want passwords. And I might be accessing my sites from other computers that don't have it installed. The ideal tool in my mind should be something that is independent of any application, browser, or computer; something that is easily carried, but which if lost poses no risk of compromise. What does the Slashdot crowd like in password tools?"

8 of 1,007 comments (clear)

  1. paper in your wallet by Gothmolly · · Score: 5, Interesting

    Keep them on a slip of paper, in your wallet.

    but DONT list what each is for - you can remember that part easily enough

    --
    I want to delete my account but Slashdot doesn't allow it.
  2. PasswordSafe by Avenger546 · · Score: 5, Interesting

    I first saw the link to PasswordSafe from Bruce Schneier's site. If I have to take advice from someone on keeping something secure, it's Bruce.

  3. Prepended or Appended Passphrase by codermotor · · Score: 3, Interesting

    Create a passphrase which you prepend or append to every important password. Don't divulge that passphrase to any but the most trusted (spouse, family attorney, etc.).

    Keep a list of passwords sans the passphrase in a safe but accessible place in case you forget one. If someone finds that list, it'll do them little good since not only will they not know the passphrase, neither will they even know it exists.

    I'm assuming you have no state secrets or other seekrit stuff which may be intimidated out of you by other means (pliers, electrodes, etc.).

  4. Hashing Works by Aaron_Pike · · Score: 5, Interesting

    I use a mental hash for my less important passwords. That way all I have to do is look at the web site's name and run it through my hash function to come up with the password for that site. That way, I only have to remember the function and not the plethora of passwords.

  5. Re:Truecrypt by Korin43 · · Score: 4, Interesting

    Why make them mount a Truecrypt volume and search through text files? KeePass gives you an encrypted searchable password database that's much easier to use: While it's running, click the system tray icon, type in your password and your passwords are listed and searchable. When you're done, minimize it back to the tray and it's locked again.

  6. Re:Truecrypt by darkpixel2k · · Score: 3, Interesting

    Do what I set up for my father, Truecrypt installed to a USB key, passwords in a plaintext file inside the arcive.

    Why bother with passwords?

    Start authenticating with your GPG key. (http://gpgauth.com)

    Your GPG key logs you in, compromised sites don't hurt you.

    --
    There's no place like ::1 (I've completed my transition to IPv6)
  7. Notecard In Wallet For Life by Enti · · Score: 3, Interesting

    While you initially discount paper, a folded notecard in my wallet has been the most reliable method thus far Honestly, when is the last time you've lost your wallet? For me this was eight years ago. Just as you cancel your credit/debit cards when losing a wallet, significant passwords can also be changed. Consider it a security feature Besides, the slight inconvenience of taking out your wallet for a forgotten password encourages you to remember it (I have a straight-terrible memory, and this has worked)

    --
    In these days, bleeps and bloops mean something more
  8. PassGorithm - One Algorithm, infinite passwords by abdielillo · · Score: 4, Interesting

    I invented this method and has worked for me perfectly since then. What I did was to develop an algorithm by which I can reconstruct my passwords based on the website or account. For example: 1) Take the first letter on the website name eg : slashdot = 's' 2) Count letters in the website name: eg : slashdot = '6' 3) Count the vowels eg : slashdot = '2' 4) Take the last letter eg : slashdot = 't' 5) Add and underscore and a keyword in common to the end of the 4 previous characters eg : 's62t_w00t' Here's another example with google.com 1) 'g' 2) '3' 3) '3' 4) 'e' 5) 'g33e_w00t' Be creative with the rules... like for example, if its a bank account, make all letters UPPERCASE. Hope this helps. Note: the above example is not my PassGorithm :D