Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: How Do You Manage Your Passwords?

Posted by Soulskill on from the alternate-between-12345-and-54321 dept.

Albus Dumb Door writes "As an IT professional, I've got a problem common to many of you: dealing with a lot of passwords. Memorizing them all becomes harder with age and and an increasing number of passwords. I will forget them eventually. I am obviously unable to use something online, like Last Pass and 1Password. Using a single password for all the systems is also obviously out of the question. I know that there are a few apps for cell phones for managing passwords (like Phone Genie and mSecure), but a cell phone, unless it's kept in offline mode (and even then), is still a security risk and I'm pretty sure my employers wouldn't like me having their passwords on my cell phone. I've also taken a look at things like the YubiKey, but changing the authentication scheme of most of the systems is not an option. The only interesting option I've seen so far is the Pitbull Wallet, but they just started taking pre-orders on IndieGoGo and are not expected to deliver until August. Amazon has some hardware password managers as well, like the RecZone and Logio, but either the price or their reviews scared me away. So how do you guys prefer to manage your passwords and what do you recommend?"

62 of 445 comments (clear)

  1. Air Gapped Box by Anonymous Coward · · Score: 4, Interesting

    It's not portable, and this is just what I do at home so may not scale well to the office, but I've basically got an old intel atom box (MSI Wind PC) running linux (slackware) with no network connection and full disk encryption just using luks/dm-crypt. I keep passwords, banking numbers, and other bits of sensitive info on there. No fancy management software, just plain old text files. I have it hooked up through a KVM and I just leave it running all the time (with locked screen), so it's nothing to switch to it when I need to use an old password or update a password when I change one.

    Files are backed up locally using rsnapshot (for history), and then that's periodically copied to one of 2 (also encrypted) USB thumb drives (I leave on plugged in the back and periodically swap them).

    Primitive, but sometimes that's what works. You could probably do the same with a raspberry pi at this point (disk encryption might be fun though).

    Also this topic comes up like once a month, and the answer has not changed in years. Stop asking!

    Completely off topic: what would be the best way to physically disable the wifi capability of a device. Obviously you can disable in software, but I'm the paranoid sort, and would love a way of knowing that my IP web cam is not gonna be doing anything with that wifi antenna. Thinking maybe some kind of terminator or some other way of "absorbing" the signals.

    1. Re:Air Gapped Box by Lanforod · · Score: 2

      Find and physically remove the wifi chip?

    2. Re:Air Gapped Box by user32.ExitWindowsEx · · Score: 2

      Apple will remove the camera on any of their shiny things for $99.

      --
      "Evil will always triumph because good is dumb." -- Dark Helmet
  2. passwords.txt by Anonymous Coward · · Score: 4, Funny

    on my desktop.

  3. Keepass by Anonymous Coward · · Score: 5, Informative

    extensible, open source, active project...what's not to like?

    1. Re:Keepass by jakeguffey · · Score: 4, Insightful

      Came here to say this.

      I've used KeePass (or, in my case, KeePassX since I'm on *NIX) for about 6 years and it's been great. Encrypted local storage that I can sync between devices if I want, with an Android app (KeePassDroid) available makes life easy. It's also the only approved password storage method where I work.

    2. Re:Keepass by Mr.+Flibble · · Score: 3, Informative

      The keyfile is in my dropbox folder, I have dropbox installed on all my devices. On the iphone or ipad I just need to select the keepass file and it will open in the keepass app.

      Then my passphrase is required to open the encrypted file that contains the list of my passwords.

      This step is only required on my iphone/ipad if the keystore is out of sync with the dropbox folder. Otherwise the file remains cached on my portable device.

      --
      Try to hack my 31337 firewall!
    3. Re:Keepass by gmuslera · · Score: 4

      Also works or have alternatives that use the same data files for most OSs, including mobile ones. You can backup/sync your password file between devices using online services while have a secure enough master password for it. Of course, you must keep in mind that if you have a keylogger in the device you are using that password file it will become compromised. Maybe having different password files for different uses would make it safer.

    4. Re:Keepass by Anonymous Coward · · Score: 5, Informative

      Combine this with a keyfile that is not stored on the online syncing service. So if the keydb itself is obtained, it's useless without the keyfile (never put online) and the keyphrase. If someone obtains your phone or other device, they'll have the keydb and keyfile but not the keyphrase. Of course, nothing will protect you if your device is compromised (i.e. file access + keylogging) without your knowledge.

    5. Re:Keepass by FuzzNugget · · Score: 4, Informative

      Yup, I've used a number of password managers over the years and this one is easily one of the best. There's just no reason not to use it.

      There are ports for just about everything, including Android, which is incredibly handy.

      I particularly like the Firefox extension (KeeFox), which can be configured to automatically enter credentials as well as save new credentials entered in Firefox with one click.

    6. Re:Keepass by Scryer · · Score: 2

      I exchange the Keepass password file by superencrypting it with a (presumably) strong encryption algorithm before stuffing it up into the cloud. That should make it easier to break into my house physically than ripping my keys.

    7. Re:Keepass by John.Banister · · Score: 2

      I think there could be a market for a hybrid between YubiKey and the inexpensive ($10-$20) usb stick fingerprint scanners available. If it acted like YubiKey does now but only released the password string on receipt of the fingerprint biometric information used to store it, that could also reduce the worry about losing the key. With also a battery and an RFID transceiver, the same losable key could be used for cars and doors.

    8. Re:Keepass by streampotato · · Score: 2

      Yes. I use Keepass on my Ubuntu desktop, Windows 8 notebook (don't judge me,) and Moto X. While my db requires a password and is sync'd on Dropbox, I have a keyfile locally on each device.

  4. Write them down. by khasim · · Score: 4, Insightful

    For work, write them down on physical paper and keep them in your physical wallet.

    You'll notice if your wallet goes missing.

    For home, write them down on physical paper and keep that somewhere safe.

    1. Re:Write them down. by Anrego · · Score: 4, Insightful

      For an extra layer of security, come up with some really basic cypher that you can do in your head. It doesn't have to withstand rigorous cryptanalysis, just has to hold up long enough for you to notice your wallet is missing and change all your passwords.

      Even something silly like taking the third character and sticking it on the end is probably enough.

    2. Re:Write them down. by msauve · · Score: 2

      If your passwords are in your wallet, and your wallet is missing, how do you change your passwords? Not everything with a password will email you a new random one.

      And, you still need to have a list of all the accounts which have passwords somewhere, so you know what needs to be changed.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    3. Re:Write them down. by khasim · · Score: 3, Insightful

      Sounds good.

      And you might also want to keep a few additional passwords on that piece of paper. For those circumstances where you're suddenly required to have a new one (X characters, Y capitals, Z numerals) for a new application or whatever. Always nice to have one ready instead of trying to think one up on the spot.

    4. Re:Write them down. by khasim · · Score: 4, Insightful

      If your passwords are in your wallet, and your wallet is missing, how do you change your passwords?

      If they're in your wallet then they're work passwords. So you contact the other admin and have her change your passwords.

      And, you still need to have a list of all the accounts which have passwords somewhere, so you know what needs to be changed.

      And for work this should be documented already. Along with reset procedures and contact numbers.

      For home, having them stolen is less of a risk. But you can always keep a copy (encrypted or not) with someone else in your family or a trusted friend or a safety deposit box. You're probably more at risk of them being destroyed in a fire or something. So treat them the same as any other important document.

    5. Re:Write them down. by Archimonde · · Score: 2

      That's pretty much what I do during my contract on the ship. I don't have a wallet, but have a pocket notebook and there I write down the network configuration, some usernames/passwords for some servers etc (every ship is different). With time, I remember all of this stuff so I destroy the papers anyway.

      I never write down which credentials are used for what, this is what I know, and always add some logical sounding letters/number to every piece of information but in some way that I always know what is garbage and what is real information. If I lose the notebook I don't think anyone onboard would be able to figure out what information is used for what, and also what piece of garbage to remove. Even if someone would be resourceful enough to do it, I would still have a much better head start because I would notice that my notebook is missing and I would have plenty of time to change the passwords.

      All of this is much better than having a document on a usb drive with your password list which has to be decrypted every time you want to read it. Of course, all of the info and much more is stored on some document which is encrypted for safekeeping.
       

      --
      Trolls are like broken clocks. They show the truth two times a day. The rest of the day they talk nonsense.
  5. LastPass by ZerXes · · Score: 5, Insightful

    Why is LastPass not an option? The password database is always synced to your laptop/cellphone so there is no problem accessing your passwords when you are offline. The security is the most robust I have found when it comes to password management, especially when you use 2-factor auth.

    1. Re:LastPass by neiras · · Score: 2

      That and Lastpass encrypts/decrypts the password store on the client side. Only the encrypted database is ever sent over the wire. It's not perfect, but Lastpass has been great for me. Worth the $12/year. I don't know any of my passwords now except one, and my yubikey protects the Lastpass master password.

    2. Re:LastPass by gmuslera · · Score: 4, Interesting

      What if they are required by the NSA (along with the "don't disclose that we are asking this") to give them your passwords? Giving the control to an US company could go very wrong. Even Hushmail that promised to have all your information encrypted gave it to the feds... and they are Canadians.

    3. Re:LastPass by AdamWill · · Score: 5, Informative

      They can't, because they don't have them. They have a bunch of encrypted blobs.

    4. Re:LastPass by danlor · · Score: 3, Informative

      The select the option on the website that allows you store your database in europe. (requires paid version currently)

      https://lastpass.com/use_eu.ph...

    5. Re:LastPass by CauseBy · · Score: 2

      since LastPass is closed source you are taking their word for it.

      I see comments like this all the time on Slashdot. The implication is that if you aren't willing to do the following, then you are an idiot who can expect zero security:

      1. Get a dual PhD in electrical engineering and computer security.
      2. Build your own personal chip manufacturing plant with no contractors or help of any kind, because one of them could be a spy.
      3. Personally develop your own CPU instruction set and personally implement it on a chip using your personal manufacturing plant.
      4. Personally develop your own computer language with absolute perfect security, which you personally audit because you are a PhD in computer security
      5. Write your own software stack for keeping passwords.
      6. Run your software, written in your language, on a computer built in your manufacturing plant.
      7. Do all this in a physically security building which, again, you personally built with no help from anyone else, because they could be spies.

      I suggest that you consider the possibility that there could be levels of security which are adequate and trustworthy short of that standard. But, while you consider that, I give you props for, apparently, being the only human on the plant to complete those 7 steps, who has a password wallet which requires no trust of anyone else ever anywhere in the chain. Congratulations to you, but the rest of us are too busy to do that.

  6. Keepass by Mr.+Flibble · · Score: 5, Informative

    I use Keepass.

    I store my keepass database on dropbox, this way it is accessible from my iphone, ipad and all my laptops and desktops. Any changes I make are synchronized between devices automatically.

    Keepass will auto fill in websites with plugins like KeeFox for Firefox, or launch Putty.

    I don't even know what my Slashdot, eBay or Amazon passwords are, as they are all about 64 random characters each.

    If you choose to go this route, it makes sense to have a very strong passphrase, as such, my passphrase exceeds 128 bits. A key file is also an excellent option.

    --
    Try to hack my 31337 firewall!
  7. Why by Liquidretro · · Score: 2

    Why are you unable to use one of the online systems like Lastpass? It's been very well vetted, offers offline and online modes. I personally find 1pass to be very Mac centric and expensive but it's a good product too. Keypass is a good opensource alternative, although its a local program so there are those downsides. It has android and iOS apps too so you can have access on a mobile device if needed.

  8. "Obviously" not Last Pass or 1Password by immaterial · · Score: 4, Interesting

    Maybe I'm an idiot but I don't get why these options are obviously bad. I use 1Password on a regular basis.

    1. Re:"Obviously" not Last Pass or 1Password by andrews · · Score: 3, Insightful

      I don't see the "obviously" either. I use 1Password and it's not web based, the secure password database file sits in Dropbox and is synced to all my computers and my iPhone. Works great.

    2. Re:"Obviously" not Last Pass or 1Password by Anonymous Coward · · Score: 5, Insightful

      If the file is encrypted before it goes on dropbox, then its as secure as your encryption. And if you don't trust any encryption, then why are you trusting any website with any data that would require you to put up a password to protect?

    3. Re:"Obviously" not Last Pass or 1Password by noh8rz10 · · Score: 2

      more info please. I got the email yesterday, but I didn't see how it related to the NSA.

      thanks.

    4. Re:"Obviously" not Last Pass or 1Password by unrtst · · Score: 3, Interesting

      What if he doesn't trust the implementation of the encryption in the password manager?

      These "what if's" are getting a bit silly. I'm not saying he should trust that implementation, but if he has reason not to, I'd hope that he's also smart enough (or believes he is) to pick an encryption scheme he does trust. We're really just talking about how paranoid someone wants to get with passwords that will be used on a lot of hosts, many of which are problem secured weakly. IE. seems like you're trying to create a flow chart out of this thread :-)

      * 1password +dropbox or similar stuff? - don't trust dropbox
      * 1password + your own sync or backup? - don't trust 1password encryption
      * clipperz + your own sync or backup (btw, clipperz is open source)? - not sure what you/he may not trust
      * name-your-own-encryption + a text file? - maybe you don't trust your own network connected OS
      * any of those, put inside a vm?
      * any of those, put inside a vm using full disk encryption in the vm?
      * ... with the vm files mounted via loopback encrypted again?
      * any of those on separate hardware (Raspberry Pi, an old android phone, HDMI dongle PC, etc)? ... this list can keep getting longer and longer.

      The orig question was "what do you use?", not "what should I use if I'm a paranoid schizophrenic that doesn't trust anything, especially the aliens that keep talking to me in my sleep?"

      To answer the orig question: I use an encrypted text file. I occasionally check out some of the offerings out there like lastpass, keepass, clipperz, etc, and even recommend those to others, but my simple encrypted text file has served me well for a long long time, and it is by far the fastest interface there is (vim). There is a security risk with it - one could do memory scraping while it's open to read the buffers, or use a key logger to snag the password for the master key, etc; and there's portability issues - it's trivial for me to get access setup once I'm on a linux OS anywhere in the world, but I don't always have that on me, and that hasn't been a problem.

  9. Encrypted Databases by kroby · · Score: 2

    I keep a KeePass database for each of my consulting clients and encrypt them with a unique master password for each client that gets shared with the client. Then, another KeePass database with all of the client's master passwords inside of it encrypted with yet another master password that gets shared with my fellow consultants. This lets me give my clients access to their password documentation without having to give them the master password for all of my clients' databases. It also ensures that my colleagues have access to my client's passwords should they need to cover for me. Or, if you want to spend some money on a commercial product, look at Secret Server.

  10. KeePass by ZenMatrix · · Score: 2

    I like KeePass it uses a database file that you can copy manually and you don't need to sync, or you could place the file on a dropbox share and use it from there. The file is encrypted and you need to enter a Master password each time. If you ever needed to give someone passwords you can export just the ones you need to share and set a new password so they can use it. Its been my favorite one to use since I use crazy complex passwords for everything online.

  11. http://passwordsafe.sourceforge.net/ by Capt.DrumkenBum · · Score: 2

    PasswordSafe works for me.
    Several passwords I need commonly, are written in my wallet, with nothing to indicate what, or what usernname, or system they are for. There are about 5 passwords written on a sticky note stuck to the back of a seldom used credit card.
    Everything else is in PasswordSafe.

    --
    If I were God, wouldn't I protect my churches from acts of me?
  12. passwords management Allen Ludden style by turkeydance · · Score: 2

    randomly. three options. 1. slashdot starts with s: password is sw23edcx. 2. two s words: semaphoreslinky. 3. for those that require combos: Sw@3edcx.

  13. Re:There is but one true password manager by sconeu · · Score: 4, Informative

    I can understand not reading TFA, but did you even RTFS? What part of

    I am obviously unable to use something online, like Last Pass and 1Password.

    were you unable to understand?

    Now, I have absolutely no idea why poster "obviously" is unable to use it, but it's already ruled out.

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
  14. Re:There is but one true password manager by Garble+Snarky · · Score: 4, Informative

    every platform.... except desktop linux?

  15. Re:Passport belt by vux984 · · Score: 5, Insightful

    A failing memory means that you are not suitable for the job and should find something else, like working in a retirement home.

    Yeah, how many passwords like: R;3m|/|iv%{^B$
    do you have memorized? I have several passwords on that scale of arbitrary, that I did not pick, that I cannot change, that are changed on someone else's schedule, cannot be re-used, and that I tend to need to actually enter maybe once a quarter, if that.

  16. Answer too long to fit in subject line by WilliamGeorge · · Score: 2

    A text file, encrypted locally with a long password (something I can remember easily, but quite long) and then uploaded to Google Docs for easy access anywhere that I have the decryption software. If I need a password, I just open that file up and copy / paste the password needed - then close it again. If I make a change to a password I can just change it once and that populates to all the other locations where my Google Docs are stored, but it is fully and safely encrypted the whole time.

    I even have an app for my phone in case I need it, but there is three factor authentication: my phone's login, a short PIN for the app, and then my full encryption password.

    --
    William George
    1. Re:Answer too long to fit in subject line by sylvandb · · Score: 2

      A text file, encrypted locally with a long password (something I can remember easily, but quite long) and then uploaded to Google Docs for easy access anywhere that I have the decryption software

      This. However s/password/passphrase/ and I don't use google docs but similar propagation.

      My text file also contains credit card account and phone numbers in case I need to cancel a card, routing and account numbers for if I need to set up direct deposit or other EFT, my kids social security numbers, and other similarly confidential reference information. I've even at times (not currently) kept a regularly needed signing cert in the file as my backup.

      I've tried many of the desktop password apps. But I've been doing my text file for about 20 years and nothing else is nearly as useful -- flexible and with ubiquitous availability.

      I recommend also to print a copy every now and then, with a date, sealing it up in an envelope or two, and keeping it with important "should I die or be incapacitated" papers (such as your will), replacing and shredding the older version.

      Write the date also on the envelope. The dates are so it is easy to tell which is the most recent in case multiple copies are found (e.g. a copy with your lawyer and a copy in the fireproof safe in the basement that is updated more frequently). The envelope(s) are to tell if someone has compromised the passwords so seal it up however makes you comfortable depending on who has access and how often you check (and update).

  17. I'd love to tell you, but... by wonkey_monkey · · Score: 4, Funny

    ...that would be a security risk.

    --
    systemd is Roko's Basilisk.
    1. Re:I'd love to tell you, but... by CCarrot · · Score: 4, Funny

      ...that would be a security risk.

      Security through obscurity? Has this site taught you nothing?!? :)

      --
      "I love animals! Some are cute, others are tasty, what's not to like?" - Betsy Schroeder, Jeopardy contestant
  18. SuperGenPass by Chelloveck · · Score: 5, Interesting

    For the most part I don't save or memorize passwords. I regenerate them as needed with SuperGenPass. SuperGenPass algorithmically generates passwords by hashing the site's domain name together with a single memorized password. This always generates the same password for any given site. So, I don't have to remember them or store them anywhere, I just need to know how they're generated.

    But what if I'm at someone else's computer without SGP installed? The SGP website has a "mobile" version, which is just javascript that runs entirely within the browser. Go there, type in the domain and password, and generate it. (Yes, I've checked the javascript. It's not sending your password out to the mothership or saving anything locally.)

    I do keep a notebook in a plaintext file with all the sites I use. This contains the domain name that the site had when I first signed up. Domain names sometimes change, or are ambiguous (ie., the same site is available via both foobar.org and foobar.com). The text file lets me keep track of what I need in order to regenerate the password.

    What about sites that require periodic password changes? I use the domain and just suffix my memorized password with a sequence number. And I write the sequence number in my notebook.

    What's that? Security questions? I generate the answer by hashing the question itself rather than the domain with my memorized password. And of course, I copy the question verbatim into my text file so I can regenerate the answer when I need to.

    The only failing is when I hit a site that doesn't allow certain punctuation, or has length limits, or something of that nature. Then I modify the parameters that I give to SGP and write down the specific parameters that I used.

    The notebook is stored on my home fileserver in an svn repository which gets backed up every night. I'm completely screwed if I ever forget my one secret, but it's one I've been using for literally decades now. It's going to be one of the last things to go when my brain develops bit rot.

    --
    Chelloveck
    I give up on debugging. From now on, SIGSEGV is a feature.
    1. Re:SuperGenPass by Anonymous Coward · · Score: 4, Informative

      I too use SuperGenPass and it's absolutely great, but I recently discovered that it has some well-known weaknesses: http://akibjorklund.com/2009/supergenpass-is-not-that-secure

      An alternative is PwdHash, but I haven't motivated myself to switch yet.

  19. Safely by AidenWright · · Score: 2

    Memorized the passwords. Know your limit on how many random letters, numbers, symbols you can memorize and then remember them. This is especially useful because my data dies with me.

  20. I hide it plain sight. by 140Mandak262Jamuna · · Score: 2

    These cyber criminals are babes in the woods, compared to my brilliance. I pull wool over their eyes easily. See? I enter the password in the username textbox and the username in the password textbox when I created the account. That is the last place they will look while trying to hack my password. haa haaa. The jokes on you script kiddies...

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  21. KeePass by CreatureComfort · · Score: 4, Interesting

    KeePass. With the encrypted datafile in dropbox.

    --
    "Unheard of means only it's undreamed of yet,
    Impossible means not yet done." ~~ Julia Ecklar
  22. TrueCrypt and a Safe by beerdragoon · · Score: 2

    I keep all my work passwords in a file that is saved in a TrueCrypt volume. This volume is kept on a network share where only domain admins can access it. I also keep some of the important passwords on a piece of paper that is locked in a safe in the data center. Generally I remember all the passwords I need, but sometimes (especially after a vacation) I need to refer to the TrueCrypt volume. If I ever forgot the password to access the volume, I have it stored in the safe. If I forget the combination to the safe...I'm screwed. Thankfully that hasn't happened yet.

  23. Re:There is but one true password manager by rk · · Score: 2

    This is called "challenging the assumptions." You, he, (and I for that matter) agree that it's not obvious why he's unable to use it. If the article poster is unaware that LastPass or 1password can work completely offline, then perhaps that information would change why they're ruled out. He might have another reason, but since it's not as obvious to us as it is to him, it's more than fair to raise it, especially when you're getting the advice for free.

    Personally, I only tolerate not being able to question assumptions when I'm getting paid to do it, and even barely at that. :-)

  24. Re:write them on a piece of paper by joe_frisch · · Score: 2, Interesting

    I also have them written on a piece of paper, but it wouldn't do you much good if you stole it. if you see "god#" what would you type? It reminds me of what password I actually used (which doesn't contain English words).

    Now if someone REALLY wanted access to my accounts they could probably use that hint to reduce their search. If they had cracked some accounts, they could probably figure out some of the schemes I use as reminders and quickly figure out the rest.

    Of course they could also just hack my home wireless, or put me in a van and drill holes in my kneecaps until I told them.

  25. Re:Passport belt by mythosaz · · Score: 3, Insightful

    Systems that generate passwords like that - that you can't change - pretty much demand users write them down on a post-it note under their keyboard :(

  26. Re:There is but one true password manager by Applehu+Akbar · · Score: 5, Informative

    Because the OP is totally wrong, is why. 1Password keeps its data file locally. There are all kinds of synchronization features, which you don't have to use if you want to avoid online operations.

    OP may have been thinking of 1PasswordAnywhere, which is the all-online version.

  27. Re:write them on a piece of paper by Anonymous Coward · · Score: 5, Funny

    I also have them written on a piece of paper, but it wouldn't do you much good if you stole it.

    Same here. I use the names of common fruits and vegetables as my passwords. So if anyone steals my wallet, they will assume that my list of passwords is a grocery shopping list.

  28. Re:Insecure but secure enough to keep most people by CCarrot · · Score: 2

    What I use is a text file on a thumb drive also backed up on several local drives.

    The text file contains the first half or so of the password, enough to remind me of what the password is should I forget. The rest is stored in my brain.

    For rarely used passwords and places I will put a hint under the half pass.

    I am trying to get away from these long 20 character passwords though... I really wish some one would invent a better system. Maybe a thumb drive that combines storage and a thumb print scanner in one package.

    Youy mean like this?

    Yeah, they're a bit pricey, but not totally out of the ballpark for the concerned user :)

    --
    "I love animals! Some are cute, others are tasty, what's not to like?" - Betsy Schroeder, Jeopardy contestant
  29. Re:There is but one true password manager by sconeu · · Score: 2

    Because the story poster said, 1password was off the table.

    Instead of just saying, "Use 1password", you should have challenged the assumption, and asked *WHY is it off the table?*, and then gone on with the benefits. Applehu Akbar also never mentioned its offline capabilities.

    In addition, the subject line "There is but one true password manager" smacked of fanboism. It sounded like, "I don't care what story poster said, I like mine."

    I'm quite willing to take my lumps, now that the false assumption in the story/summary was pointed out. Applehu should also be willing to take his for the flaws in his near first post.

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
  30. Re:Passport belt by bobbied · · Score: 2

    Systems that generate passwords like that - that you can't change - pretty much demand users write them down on a post-it note under their keyboard :(

    Yea. Stupid rules end up with stupid results, and having passwords that are too complex is nuts.

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  31. Re:Passport belt by vux984 · · Score: 2

    I have 26 like that.

    So if I generate 26 more, you'll have no trouble memorize them all? Assuming that is the case, good for you, you are a special flower.

    To suggest that anyone else is unfit to work in any field requiring security is absurd.

    I also have a generic "Password123" password for sites that are use once and forget.

    I agree this is sensible.

  32. Re:Passport belt by dnavid · · Score: 2

    To suggest that anyone else is unfit to work in any field requiring security is absurd.

    I think he was saying if you're in an environment where you both need to use very strong passwords *and* its not acceptable to write them down in something you carry securely all the time, *then* that suggests you either have to have a very good memory or you're not qualified to operate with those restrictions.

  33. Re:Passport belt by rjr3 · · Score: 2

    I love my wife and her name is lesa 53

    good luck with cracking the below
    Ilvemywfenderamesesa53
    GRC 2 X 10 ^ 39

    or

    my car is a 2004 vw jetta
    YaRSa004WettA
    GRC 2x10^23

    next car is a 2014 nissan leaf sv
    NexCaIA201NissaLeaS

    It really is not that hard.

  34. Re:Passport belt by Anonymous Coward · · Score: 3, Insightful

    i think he was also saying "i am a fucking dick".

    haha, captcha: "elderly"

  35. LastPass.com by jess_wundring · · Score: 2

    I've been using them for years, and I love it so much that I subscribe to their premium service, even though I don't have a use for it, to provide support for them...their basic service is free.

    It autofills my username and password on any machine where I have the app installed. If I don't have the app installed but need to get to my username/passwords, they have an online vault I can log on to.

    And searching is easy - I can search by username or site or keyword in description. They auto-filter my passwords as I type into the search box.

    https://lastpass.com/