frequentfoulup

I admit it, my ability to remember all my passwords is long gone. I have always resisted recording them all on a portable laptop for security reasons but now I am overwhelmed. Any successful practices or useful tips are appreciated especially by road warriors in the same boat.

Gynob001

Alas, we live in a world of stupid internet security. Kazillion logins and passwords! I am a scientists and I review scientific articles for over 50 journals. All of them require logins and passwords. Since many journals are now controlled by publishers, often you can't keep the same login and password.
My work place is paranoid; I don't work directly with patients and yet, the level of security is outrageous. Yet, I hear of security breach every other day.
I hate the almost hourly "security updates".
I am convinced that some of the very common websites (not objectionable sites) leave more than cookies. The operating systems and web browsers are so full of holes, unless you stop surfing the web, you can't avoid these intrusions. Yes, there are password vaults, storage programs, etc. I bought one of them but they change so frequently that you need to keep buying their updates.
Computer business is for crooks. I switched to Mac and have less of these problems but it appears to be toothless.

pdxer

1Password is essentially a keychain for all your passwords and other information (secret questions, etc.), software serial numbers and even secure notes.

everything is encrypted and it can also auto-populate web pages so you don't need to type in long cryptic passwords. you can optionally use dropbox so it can sync multiple computers (mac or windows), iphones and ipads.

SkeptiCallie

Easiest way at home is to use a dedicated address book.

Traveling, scraps of paper, same as recording credit card numbers--except that I use a simple code, in case the papers are lost--i.e., number 1 2 3 becomes number 2 3 4 or some such. I suppose "Password" could be written "Qwttxpse" or whatever.

davef139

i keep mine abbr. in a notepad its fairly easy to do if you use a variation of word(s)/combos

ie.
password base is: flyertalk

American: FT1 (flyertalk1)
US: FT11 (flyertalk11)
UA: FT1- (flyertalk1-)
Delta: 11FT1 (11flytertalk1)

I have sites that require other chars and some that do not allow which is quite annoying. I have also used a number base so I could just use the # sign instead of the real number.

richard

Firefox has a (I believe) safe encrypted password "vault" that works pretty well, and they now have a sync system that lets you sync amongst different computers. I use it AND I use 1Password. I don't like the fact that 1Password is not open source. But I use it anyway.

The nice thing is that you can use complicated passwords and you don't need to remember any of them (except the master password)

broadwayblue

I've been in the market for something like 1Password. Is that generally considered one of the best of its kind?

I've also been meaning to revamp all my passwords. I'm long overdue. For years I only had a couple of passwords...1 for secure sites like online banking, and another for forums and similar less secure sites. But over time I started making different variations so that I wouldn't have the same password at dozens of sites. Now I'm all over the place and just this afternoon couldn't figure out how to log in to an email address I don't use on a regular basis.

I read a good article about taking a phrase you like or your favorite song lyric and taking the letters/numbers from that. For example...happy birthday to you, happy birthday to you would become hbtyhbty...and from that you could make Hb2u.Hb2u. To further differentiate you could then put a few of the letters of each site in the password...so for Flyertalk you could go with Hb2u.FT.Hb2u. That way you have a different password for every site but you can easily remember each one.

LIH Prem

The browser methods are not that great as they don't save everything and anything. They save some things. And the data is only good in that browser. This is a place where an external program with browser plug-ins can do a much better job and it can also save any type of data (credit card numbers, pins, whatever) you want in a very secure manner, and support automated backup and x-platform secure sharing of the data.


1passwd is what mac users use. Though it has both a pc and a mac version if you use both, that's a good choice. The browser integration on the pc is not as good as roboform. (it's not a huge problem, you get a pop-up instead of a pull down from the menu bar.) You only need to pay once per platform for 1passwd. (buy the mac version, and you can install it on all your macs. Buy the pc version and you can install it on all your pcs.) 1passwd supports roboform passwd import, with instructions on how to do it on their web site. 1passwd supports dropbox integration, so if you are using another backup, you can just get the free space for dropbox and just use that for dropbox sync across all your machines.

AI Roboform is what PC users use. It's great. But you need a license for each device you use it on, so it can get a little expensive. You can use any of the online backup methods for x-platform sync with roboform, including, I think, their own free method. (goodsync).

Both of those have app versions for i<devices>, which you may or may not like, at least you can get the passwd on those devices and copy/paste it, but the browser integration in them is basically non-existant or terrible. Both of those also have strong password generators, and they will typically remember the generated passwd for you when you use it, though you have to be careful about that with some web sites.

I've used both, but when I started buying Mac's last year, I has to switch over to 1passwd, since roboform does not have a mac version.

There's also something called lastpass, which is an alternative, but I've never tried it. You should check it out also. I just checked their web site, it is x-platform. If we have a x-platform lastpass user here, hopefully they will post it's good points and bad points in this thread.

-David

gfunkdave

Bruce Schneier, the security expert, has a free and open-source program called Password Safe that does this.

http://www.schneier.com/passsafe.html

richard

the browser doesn't save everything perfectly, but the sync works very well to share amongst computers, and 1password doesn't save everything either. Nothing is perfect.

In particular, banks use more sophisticated methods with multiple page logins, security questions and images you need to recognize, and nothing seems to work perfectly with these.

LIH Prem

For multi-page logins, I usually have one entry named xxx - login, and a 2nd one xxx - passwd, and that works fine, in both roboform and 1passwd.

security images, questions that change, etc, sure, none of them can really do that today. though you can save your answers in passcards in the external programs if you really need to/want to. ING direct has made their PIN so complicated, and you can't save that either, but I have a passcard (safenote in 1passwd) for it, in case I forget what the 6 - 10 digit PIN is.

But I really don't have an issue with missing items in 1passwd or roboform, because you can always save the stuff manually if it doesn't recognize the page as a login screen, and once saved, it will fill those in. You can't do that with the browser built-in stuff. That's what I meant by the stuff the browser misses, not the image stuff and security questions from financial institutions.

Certainly some of this is personal preference. If something different works well for you, I think that's great. Personally, I use a combination of methods, including firefox sync, but firefox sync won't get me login/passwd/form data into IE or Safari or Chrome.

Does xmarks copy login/passwd data between different browsers? 1passwd/roboform, etc are all multi-browser. They have plugins for most browsers.

-David

chx1975

The ultimate answer is supergenpass. Use an extension for your favorite browser not the original bookmarklet (or the mobile page from the latter)

https://chrome.google.com/extensions...lknncolofnaead
https://chrome.google.com/extensions...ibbaenpnnodkhk
https://chrome.google.com/extensions...dlbpfgegcibkjo
https://addons.mozilla.org/en-US/firefox/addon/52490/

jerryss

I use Lastpass (Lastpass.com). Works from most browsers, Is secure and syncs on the web.

I heard about it on the security Now podcast (twit.tv)

rybob1

I use a password vault program called "Keepass". I'm not necessarily endorsing it, although I'm happy with it.

I have one master password that is roughly 25 characters long, includes letter (upper & lower), numbers and spaces. Its essentially a phrase I'll remember. This password is used to gain access to my keepass database vault. Within the vault, I have all of my usernames and passwords, stored. When I setup a new account, I use keepass to generate a secure, random password, for each site.

The program then allows you to use two keyboard shortcuts to copy the username (CTRL-B) and password (CTRL-C). Or I can drag the user/password into the appropriate boxes on the program or website.

I additionally sync it with Windows Live Mesh, a cloud based storage provider. I chose mesh because I can easily access the files by logging into a website from any computer in the world (remember, I have a 25 char long password on the file, so even if someone hacks my password on mesh, they still have to break my master password - also my mesh password is easy enough to remember).

I now have a way to keep my password file in sync across my work, home and laptop computers, plus can access it on the road or at a friends house, if I don't have my laptop for some reason.

Because the passwords are random, I honestly couldn't tell you what my password was for any site, and if a person gains access to my flyertalk password, they won't be able to get into my bank account, trading accounts, FF...you get the idea.

Sometimes I miss the days of having a single easy to remember password across all sites, but after having my wife's email account hacked a while back, I'm convinced random passwords on all sites is the way to go.

cblaisd

The free or premium version?