password management tool

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,931
Location
USA
Does anyone here use a tool to manage all of their passwords? Any recommendations?
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,742
Location
Horsens, Denmark
Keep your list of good passwords short and don't share them with anyone; including password management apps. Just don't; it's more secure than if you do.

PUI.
 

Pradeep

Storage? I am Storage!
Joined
Jan 21, 2002
Messages
3,845
Location
Runny glass
The problem is a lot of passsword requiring devices keep a history of last used ones, and force you to come up with shit that you forget shortly thereafter.
 

Sol

Storage is cool
Joined
Feb 10, 2002
Messages
960
Location
Cardiff (Wales)
In that case sometimes just changing the password a few extra times helps... Generally you can turn that feature off unless your in a work environment where there is a password policy, and in that case the group that define that policy will generally be the same guys you have to call every 5 minutes to get your password reset so just call them...
 

Will Rickards

Storage Is My Life
Joined
Jan 23, 2002
Messages
2,012
Location
Here
Website
willrickards.net
http://www.keepass.org/

I use it and recommend it.
Sourceforge seems to be unavailable at the moment so that site is too.
But try back later.

It uses a master password and has password generators that accept random input from mouse or keyboard and generates a password for you. It also lets you customize how it generates those passwords. It can automatically type your passwords but I don't use that feature.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
Some of my customers use Roboform.

The simple hint I give to everyone is to take the stupid, common word you were going to use for a password and shift it up one row of characters on the keyboard. The result is almost always nonsense, but easily remembered.
 

MaxBurn

Storage Is My Life
Joined
Jan 20, 2004
Messages
3,245
Location
SC
Yeah, sometimes I like to make patterns on the keyboard too. Most of the time I am using the piece of notepaper in the wallet approach though. Sometimes it's just a challenge to remember all my user names across all of our systems, that and all the minimum length, special character etc limitations and alcohol induced memory loss pretty much guarantee that I have to write all that stuff down.
 

MaxBurn

Storage Is My Life
Joined
Jan 20, 2004
Messages
3,245
Location
SC
Oh, I would not trust ANY software to keep track of this stuff for me. Whether it's on line or encrypted on my HD.
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,931
Location
USA
There are some passwords that I value less than others, but I still need to keep track of them. That's why I was looking for ways to handle this. My current method involves excel and "reminders" of what the passwords are. Those reminders would not make sense to someone else reading it, but I'd rather not test that. I figured if it was at least encrypted in some tool, it would be better than nothing. I'll take a look at the tools suggested to see if they do what I need. I don't need this to be ultra secure...those passwords I remember and never write them down anywhere.
 

Gilbo

Storage is cool
Joined
Aug 19, 2004
Messages
742
Location
Ottawa, ON
I use Genpass for a number of web passwords (not my banking password). You give it a master password, which it hashes and mixes with a hash of the domain, so it creates strong, different passwords for every website that you visit. It works as java bookmarklet, and is very convenient.

For ssh, I use keychain so I don't need to keep decrypting my private key everytime I ssh into other systems using key-based authentication. I decrypt the password when I login, and it is stored encrypted in memory. Very convenient and as secure, for all intents and purposes, as typing it in each and every time. Just remember to logout when you leave your desk.

I use the KDE Wallet daemon to keep e-mail passwords for KMail and IM passwords for Kopete encrypted.

In my opinion the security benefits of using a password manager for at least some of your passwords outweigh the risks significantly. It allows you to use longer, stronger passwords and most of all discourages lazy reuse of passwords. I also keep every password & username I have on a pair of small pieces of paper.

For the curious, the heuristic I use to generate memorable passwords is to take a long phrase and use the first letter of every word combined with some substitutions (> for 'in', etc) and changes in capitalization.
 
Top