Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: How Do You Manage Your Passwords?

Posted by Soulskill on from the alternate-between-12345-and-54321 dept.

Albus Dumb Door writes "As an IT professional, I've got a problem common to many of you: dealing with a lot of passwords. Memorizing them all becomes harder with age and and an increasing number of passwords. I will forget them eventually. I am obviously unable to use something online, like Last Pass and 1Password. Using a single password for all the systems is also obviously out of the question. I know that there are a few apps for cell phones for managing passwords (like Phone Genie and mSecure), but a cell phone, unless it's kept in offline mode (and even then), is still a security risk and I'm pretty sure my employers wouldn't like me having their passwords on my cell phone. I've also taken a look at things like the YubiKey, but changing the authentication scheme of most of the systems is not an option. The only interesting option I've seen so far is the Pitbull Wallet, but they just started taking pre-orders on IndieGoGo and are not expected to deliver until August. Amazon has some hardware password managers as well, like the RecZone and Logio, but either the price or their reviews scared me away. So how do you guys prefer to manage your passwords and what do you recommend?"

5 of 445 comments (clear)

  1. Keepass by Anonymous Coward · · Score: 5, Informative

    extensible, open source, active project...what's not to like?

    1. Re:Keepass by Anonymous Coward · · Score: 5, Informative

      Combine this with a keyfile that is not stored on the online syncing service. So if the keydb itself is obtained, it's useless without the keyfile (never put online) and the keyphrase. If someone obtains your phone or other device, they'll have the keydb and keyfile but not the keyphrase. Of course, nothing will protect you if your device is compromised (i.e. file access + keylogging) without your knowledge.

  2. Keepass by Mr.+Flibble · · Score: 5, Informative

    I use Keepass.

    I store my keepass database on dropbox, this way it is accessible from my iphone, ipad and all my laptops and desktops. Any changes I make are synchronized between devices automatically.

    Keepass will auto fill in websites with plugins like KeeFox for Firefox, or launch Putty.

    I don't even know what my Slashdot, eBay or Amazon passwords are, as they are all about 64 random characters each.

    If you choose to go this route, it makes sense to have a very strong passphrase, as such, my passphrase exceeds 128 bits. A key file is also an excellent option.

    --
    Try to hack my 31337 firewall!
  3. Re:LastPass by AdamWill · · Score: 5, Informative

    They can't, because they don't have them. They have a bunch of encrypted blobs.

  4. Re:There is but one true password manager by Applehu+Akbar · · Score: 5, Informative

    Because the OP is totally wrong, is why. 1Password keeps its data file locally. There are all kinds of synchronization features, which you don't have to use if you want to avoid online operations.

    OP may have been thinking of 1PasswordAnywhere, which is the all-online version.