password management tool
- Thread starter Handruin
- Start date
Tannin
Storage? I am Storage!
I don't trust anything. The simplest and easiest way is to simply ... but no, if I tell you that, then I'll have to shoot you.
ddrueding
Fixture
Keep your list of good passwords short and don't share them with anyone; including password management apps. Just don't; it's more secure than if you do.
PUI.
PUI.
Pradeep
Storage? I am Storage!
The problem is a lot of passsword requiring devices keep a history of last used ones, and force you to come up with shit that you forget shortly thereafter.
Sol
Storage is cool
In that case sometimes just changing the password a few extra times helps... Generally you can turn that feature off unless your in a work environment where there is a password policy, and in that case the group that define that policy will generally be the same guys you have to call every 5 minutes to get your password reset so just call them...
Will Rickards
Storage Is My Life
http://www.keepass.org/
I use it and recommend it.
Sourceforge seems to be unavailable at the moment so that site is too.
But try back later.
It uses a master password and has password generators that accept random input from mouse or keyboard and generates a password for you. It also lets you customize how it generates those passwords. It can automatically type your passwords but I don't use that feature.
I use it and recommend it.
Sourceforge seems to be unavailable at the moment so that site is too.
But try back later.
It uses a master password and has password generators that accept random input from mouse or keyboard and generates a password for you. It also lets you customize how it generates those passwords. It can automatically type your passwords but I don't use that feature.
Mercutio
Fatwah on Western Digital
Some of my customers use Roboform.
The simple hint I give to everyone is to take the stupid, common word you were going to use for a password and shift it up one row of characters on the keyboard. The result is almost always nonsense, but easily remembered.
The simple hint I give to everyone is to take the stupid, common word you were going to use for a password and shift it up one row of characters on the keyboard. The result is almost always nonsense, but easily remembered.
sechs
Storage? I am Storage!
You know, that's a lot easier than using ROT13 passwords....
Yeah, sometimes I like to make patterns on the keyboard too. Most of the time I am using the piece of notepaper in the wallet approach though. Sometimes it's just a challenge to remember all my user names across all of our systems, that and all the minimum length, special character etc limitations and alcohol induced memory loss pretty much guarantee that I have to write all that stuff down.
There are some passwords that I value less than others, but I still need to keep track of them. That's why I was looking for ways to handle this. My current method involves excel and "reminders" of what the passwords are. Those reminders would not make sense to someone else reading it, but I'd rather not test that. I figured if it was at least encrypted in some tool, it would be better than nothing. I'll take a look at the tools suggested to see if they do what I need. I don't need this to be ultra secure...those passwords I remember and never write them down anywhere.
Gilbo
Storage is cool
I use Genpass for a number of web passwords (not my banking password). You give it a master password, which it hashes and mixes with a hash of the domain, so it creates strong, different passwords for every website that you visit. It works as java bookmarklet, and is very convenient.
For ssh, I use keychain so I don't need to keep decrypting my private key everytime I ssh into other systems using key-based authentication. I decrypt the password when I login, and it is stored encrypted in memory. Very convenient and as secure, for all intents and purposes, as typing it in each and every time. Just remember to logout when you leave your desk.
I use the KDE Wallet daemon to keep e-mail passwords for KMail and IM passwords for Kopete encrypted.
In my opinion the security benefits of using a password manager for at least some of your passwords outweigh the risks significantly. It allows you to use longer, stronger passwords and most of all discourages lazy reuse of passwords. I also keep every password & username I have on a pair of small pieces of paper.
For the curious, the heuristic I use to generate memorable passwords is to take a long phrase and use the first letter of every word combined with some substitutions (> for 'in', etc) and changes in capitalization.
For ssh, I use keychain so I don't need to keep decrypting my private key everytime I ssh into other systems using key-based authentication. I decrypt the password when I login, and it is stored encrypted in memory. Very convenient and as secure, for all intents and purposes, as typing it in each and every time. Just remember to logout when you leave your desk.
I use the KDE Wallet daemon to keep e-mail passwords for KMail and IM passwords for Kopete encrypted.
In my opinion the security benefits of using a password manager for at least some of your passwords outweigh the risks significantly. It allows you to use longer, stronger passwords and most of all discourages lazy reuse of passwords. I also keep every password & username I have on a pair of small pieces of paper.
For the curious, the heuristic I use to generate memorable passwords is to take a long phrase and use the first letter of every word combined with some substitutions (> for 'in', etc) and changes in capitalization.