Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: How Do You Manage Your Passwords?

Posted by Soulskill on from the alternate-between-12345-and-54321 dept.

Albus Dumb Door writes "As an IT professional, I've got a problem common to many of you: dealing with a lot of passwords. Memorizing them all becomes harder with age and and an increasing number of passwords. I will forget them eventually. I am obviously unable to use something online, like Last Pass and 1Password. Using a single password for all the systems is also obviously out of the question. I know that there are a few apps for cell phones for managing passwords (like Phone Genie and mSecure), but a cell phone, unless it's kept in offline mode (and even then), is still a security risk and I'm pretty sure my employers wouldn't like me having their passwords on my cell phone. I've also taken a look at things like the YubiKey, but changing the authentication scheme of most of the systems is not an option. The only interesting option I've seen so far is the Pitbull Wallet, but they just started taking pre-orders on IndieGoGo and are not expected to deliver until August. Amazon has some hardware password managers as well, like the RecZone and Logio, but either the price or their reviews scared me away. So how do you guys prefer to manage your passwords and what do you recommend?"

11 of 445 comments (clear)

  1. Keepass by Anonymous Coward · · Score: 5, Informative

    extensible, open source, active project...what's not to like?

    1. Re:Keepass by Mr.+Flibble · · Score: 3, Informative

      The keyfile is in my dropbox folder, I have dropbox installed on all my devices. On the iphone or ipad I just need to select the keepass file and it will open in the keepass app.

      Then my passphrase is required to open the encrypted file that contains the list of my passwords.

      This step is only required on my iphone/ipad if the keystore is out of sync with the dropbox folder. Otherwise the file remains cached on my portable device.

      --
      Try to hack my 31337 firewall!
    2. Re:Keepass by Anonymous Coward · · Score: 5, Informative

      Combine this with a keyfile that is not stored on the online syncing service. So if the keydb itself is obtained, it's useless without the keyfile (never put online) and the keyphrase. If someone obtains your phone or other device, they'll have the keydb and keyfile but not the keyphrase. Of course, nothing will protect you if your device is compromised (i.e. file access + keylogging) without your knowledge.

    3. Re:Keepass by FuzzNugget · · Score: 4, Informative

      Yup, I've used a number of password managers over the years and this one is easily one of the best. There's just no reason not to use it.

      There are ports for just about everything, including Android, which is incredibly handy.

      I particularly like the Firefox extension (KeeFox), which can be configured to automatically enter credentials as well as save new credentials entered in Firefox with one click.

  2. Keepass by Mr.+Flibble · · Score: 5, Informative

    I use Keepass.

    I store my keepass database on dropbox, this way it is accessible from my iphone, ipad and all my laptops and desktops. Any changes I make are synchronized between devices automatically.

    Keepass will auto fill in websites with plugins like KeeFox for Firefox, or launch Putty.

    I don't even know what my Slashdot, eBay or Amazon passwords are, as they are all about 64 random characters each.

    If you choose to go this route, it makes sense to have a very strong passphrase, as such, my passphrase exceeds 128 bits. A key file is also an excellent option.

    --
    Try to hack my 31337 firewall!
  3. Re:There is but one true password manager by sconeu · · Score: 4, Informative

    I can understand not reading TFA, but did you even RTFS? What part of

    I am obviously unable to use something online, like Last Pass and 1Password.

    were you unable to understand?

    Now, I have absolutely no idea why poster "obviously" is unable to use it, but it's already ruled out.

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
  4. Re:There is but one true password manager by Garble+Snarky · · Score: 4, Informative

    every platform.... except desktop linux?

  5. Re:LastPass by AdamWill · · Score: 5, Informative

    They can't, because they don't have them. They have a bunch of encrypted blobs.

  6. Re:There is but one true password manager by Applehu+Akbar · · Score: 5, Informative

    Because the OP is totally wrong, is why. 1Password keeps its data file locally. There are all kinds of synchronization features, which you don't have to use if you want to avoid online operations.

    OP may have been thinking of 1PasswordAnywhere, which is the all-online version.

  7. Re:LastPass by danlor · · Score: 3, Informative

    The select the option on the website that allows you store your database in europe. (requires paid version currently)

    https://lastpass.com/use_eu.ph...

  8. Re:SuperGenPass by Anonymous Coward · · Score: 4, Informative

    I too use SuperGenPass and it's absolutely great, but I recently discovered that it has some well-known weaknesses: http://akibjorklund.com/2009/supergenpass-is-not-that-secure

    An alternative is PwdHash, but I haven't motivated myself to switch yet.