35 Comments

Summary:

There are multiple solutions available for generating, and remembering, authentication information for all the different sites and services that we use. Here are seven different ways to keep track of the explosion of passwords, from simple to complex. Depending on your situation (operating system, mobility, number of accounts) you should be able to find something to fit your needs.

ScreenshotOne inescapable facet of web work is the need to come up with, and remember, usernames and passwords. The days when you could get away with picking a single combination and using them everywhere are pretty much gone: that strategy reduces your security to that of the weakest site you use. It’s simply not worth risking that the person who gets hold of some Web 2.0 startup’s database can also get into your online banking.

Fortunately for those of us who don’t have superhuman memories, there are multiple solutions available for generating, and remembering, authentication information for all the different sites and services that we use. Here are seven different ways to keep track of the explosion of passwords, from simple to complex. Depending on your situation (operating system, mobility, number of accounts) you should be able to find something to fit your needs.

1. The simple text file. This is the easiest solution of all: each time you come up with a new password, put it in a text file (or spreadsheet, or outline file, or whatever other format appeals to you). When you need the password, open the file and look it up. This solution makes it easy to back up your passwords, and to move them from one computer to another, even across multiple operating systems. The big problem: it also makes it possible for someone to steal all of your passwords at once. If you go this route, you should use something like TrueCrypt to encrypt the file, just in case.

2. Let the browser remember them. Browser like Firefox will happily remember all of your password for you, and enter them back in when you go back to a site. Unfortunately, this ties you to a particular browser instance unless you jump through some hoops. On Firefox, you can use passwordexporter to export and import your password file, or Mozilla Weave (experimental) to synchronize multiple copies of Firefox.

3. Use a password store. Applications like CiphSafe for OS X or PassKeeper for Windows are designed as secure, client-site password stores. They save all your passwords in an encrypted list for you, so you don’t have to bother with encrypting your list with a separate application. They’re easy to use, but if cross-platform compatibility is important they’re a bad choice.

4. Use a password manager. These do-it-all client-side applications help you generate passwords, store them, and fill in online forms. On Windows, RoboForm is most often mentioned; on OS X, 1Password has a strong following. The main issues with this sort of application is that they are operating system specific, and it can be difficult to share passwords across multiple computers.

5. Regenerate as needed. This is the strategy taken by PasswordMaker. Available for Firefox, Windows, Mac, and more, PasswordMaker uses a one-way algorithm to generate a unique site password based on your master password and the URL of the site you’re visiting.

6. Use an online password manager. Applications like Clipperz or my1Password (currently in closed beta) store all of your passwords online and encrypted, accessible only by your own master password. When you need a particular password, you just visit their site from any browser and enter your master password to get going. This gives you excellent portability, though the user interfaces for these services have some tendency to be clunky.

7. Use a proxy service. This is the approach taken by PageOnce, which lets you set up a single account and then use it to access a variety of internet services. They do this by asking for, and storing, your credentials on those services, so how useful this is depends on how much you trust their security.

Did we miss your favorite way to manage passwords? Tell us about it!

Image credit: stock.xchng user victures

You’re subscribed! If you like, you can update your settings

  1. You missed a new category online/offline password managers. Or rather, online password managers, with an (optional) Desktop application that syncronizes.

    http://passpack.wordpress.com/2008/07/01/passpack-desktop-for-the-freeware-lover-in-you/

  2. David A Teare Sunday, July 27, 2008

    You’re right that sharing data between machines is one of the most difficult aspects of Password Managers.

    Our plan is to make 1Password synchronize your passwords across your Macs so it is as easy to switch between your Macs as it is to switch between browsers. We learned a lot writing the Sync for iPhone/iPod touch application and will be building this directly into 1Password soon.

    As for switching between operating systems, our plan is to use the my1Password web service to enable easy access to your data from anywhere “in the cloud”. Once my1Password exits closed beta it will be able to automatically sync itself with all your Macs.

    Cheers!

    –Dave Teare
    Co-author of 1Password

  3. I also use Passpack. Works well!

  4. I use PasswordSafe – works well and I really like it’s Auto-Type feature.

  5. Leonid Mamchenkov Sunday, July 27, 2008

    What about web-based software for password management? I need a tool for my team/company to share passwords to all sorts of equipment and services. Ideally, I need something that can have different access levels too.

    A few years ago I wrote a tool like that for the company I was working for, but it wasn’t open sourced. There should be something similar from someone else….

  6. @leonid – i think that passpack will introduce sharing soon. check their blog

  7. I use roboform and synch my passcards between machines with Foldershare(www.foldershare.com).

  8. I remember all my passwords using a little brain-encryption.. here’s my article on how to do it:

    http://www.acleandesign.com/?p=4

  9. http://www.myvidoop.com

    A great open ID provider with a UNIQUE image-based login and a firefox plug-in that automatically fills in the passwords.

  10. coldclimate Sunday, July 27, 2008

    quick and dirty solution for Mac users:
    Use disk utility to make a small disk image with AES encryption. Keep yourself a plain text file in it with your passwords in. Only mount the disk image when you need it, cut and paste, and unmount.

Comments have been disabled for this post