35 Comments

Summary:

There are multiple solutions available for generating, and remembering, authentication information for all the different sites and services that we use. Here are seven different ways to keep track of the explosion of passwords, from simple to complex. Depending on your situation (operating system, mobility, number of accounts) you should be able to find something to fit your needs.

ScreenshotOne inescapable facet of web work is the need to come up with, and remember, usernames and passwords. The days when you could get away with picking a single combination and using them everywhere are pretty much gone: that strategy reduces your security to that of the weakest site you use. It’s simply not worth risking that the person who gets hold of some Web 2.0 startup’s database can also get into your online banking.

Fortunately for those of us who don’t have superhuman memories, there are multiple solutions available for generating, and remembering, authentication information for all the different sites and services that we use. Here are seven different ways to keep track of the explosion of passwords, from simple to complex. Depending on your situation (operating system, mobility, number of accounts) you should be able to find something to fit your needs.

1. The simple text file. This is the easiest solution of all: each time you come up with a new password, put it in a text file (or spreadsheet, or outline file, or whatever other format appeals to you). When you need the password, open the file and look it up. This solution makes it easy to back up your passwords, and to move them from one computer to another, even across multiple operating systems. The big problem: it also makes it possible for someone to steal all of your passwords at once. If you go this route, you should use something like TrueCrypt to encrypt the file, just in case.

2. Let the browser remember them. Browser like Firefox will happily remember all of your password for you, and enter them back in when you go back to a site. Unfortunately, this ties you to a particular browser instance unless you jump through some hoops. On Firefox, you can use passwordexporter to export and import your password file, or Mozilla Weave (experimental) to synchronize multiple copies of Firefox.

3. Use a password store. Applications like CiphSafe for OS X or PassKeeper for Windows are designed as secure, client-site password stores. They save all your passwords in an encrypted list for you, so you don’t have to bother with encrypting your list with a separate application. They’re easy to use, but if cross-platform compatibility is important they’re a bad choice.

4. Use a password manager. These do-it-all client-side applications help you generate passwords, store them, and fill in online forms. On Windows, RoboForm is most often mentioned; on OS X, 1Password has a strong following. The main issues with this sort of application is that they are operating system specific, and it can be difficult to share passwords across multiple computers.

5. Regenerate as needed. This is the strategy taken by PasswordMaker. Available for Firefox, Windows, Mac, and more, PasswordMaker uses a one-way algorithm to generate a unique site password based on your master password and the URL of the site you’re visiting.

6. Use an online password manager. Applications like Clipperz or my1Password (currently in closed beta) store all of your passwords online and encrypted, accessible only by your own master password. When you need a particular password, you just visit their site from any browser and enter your master password to get going. This gives you excellent portability, though the user interfaces for these services have some tendency to be clunky.

7. Use a proxy service. This is the approach taken by PageOnce, which lets you set up a single account and then use it to access a variety of internet services. They do this by asking for, and storing, your credentials on those services, so how useful this is depends on how much you trust their security.

Did we miss your favorite way to manage passwords? Tell us about it!

Image credit: stock.xchng user victures

By Mike Gunderloy

You're subscribed! If you like, you can update your settings

Related stories

  1. You missed a new category online/offline password managers. Or rather, online password managers, with an (optional) Desktop application that syncronizes.

    http://passpack.wordpress.com/2008/07/01/passpack-desktop-for-the-freeware-lover-in-you/

    Share
  2. You’re right that sharing data between machines is one of the most difficult aspects of Password Managers.

    Our plan is to make 1Password synchronize your passwords across your Macs so it is as easy to switch between your Macs as it is to switch between browsers. We learned a lot writing the Sync for iPhone/iPod touch application and will be building this directly into 1Password soon.

    As for switching between operating systems, our plan is to use the my1Password web service to enable easy access to your data from anywhere “in the cloud”. Once my1Password exits closed beta it will be able to automatically sync itself with all your Macs.

    Cheers!

    –Dave Teare
    Co-author of 1Password

    Share
  3. I also use Passpack. Works well!

    Share
  4. I use PasswordSafe – works well and I really like it’s Auto-Type feature.

    Share
  5. What about web-based software for password management? I need a tool for my team/company to share passwords to all sorts of equipment and services. Ideally, I need something that can have different access levels too.

    A few years ago I wrote a tool like that for the company I was working for, but it wasn’t open sourced. There should be something similar from someone else….

    Share
  6. @leonid – i think that passpack will introduce sharing soon. check their blog

    Share
  7. I use roboform and synch my passcards between machines with Foldershare(www.foldershare.com).

    Share
  8. I remember all my passwords using a little brain-encryption.. here’s my article on how to do it:

    http://www.acleandesign.com/?p=4

    Share
  9. http://www.myvidoop.com

    A great open ID provider with a UNIQUE image-based login and a firefox plug-in that automatically fills in the passwords.

    Share
  10. quick and dirty solution for Mac users:
    Use disk utility to make a small disk image with AES encryption. Keep yourself a plain text file in it with your passwords in. Only mount the disk image when you need it, cut and paste, and unmount.

    Share
  11. Locknote is also a good option for keeping an encrypted text file of passwords.

    https://www.steganos.com/us/products/home-office/locknote/overview/

    Share
  12. Even easier : the Keychain Access under Mac OS : it stores password in a secure DB and it can be synched through MobileMe (former .Mac).

    :-)

    Share
  13. Another missing category: mobile password apps. They have a small application on the mobile device and a counterpart app on your computer. Passwords are sync’d between the two and encrypted using the same password. There are plenty of things, like bank account details, that you need to remember when you’re not in front of a computer and/or don’t have internet access.

    I used SplashID on my Palm for years but then found it a little slow and awkward on my Symbian phone. Now I use Handy Password Safe. Sure, they don’t integrate with you web browser but it seems like a small inconvenience compared to the benefit of having them always with you.

    Share
  14. I still like SplashID on my Palm. I could also export the password as csv file for backup. Using the Palm Desktop I could have the same set of data not only with my palm smartphone but across my home and office PC.

    Using a U3 enabled USB flash disk with a password manager installed is another way of storing and shuttling your passwords from one pc to another. Notable software to install in U3 devices includes Roboform and Signup Shield Passwords.

    Share
  15. DirtyDeuceDropper Sunday, July 27, 2008

    Tried many of them, roboform is the king on windows and 1password is the king on apple. It is possible to export roboform passcards to a file and then import into 1password. I put my roboform passcard files in my DropBox and now they are synched perfectly on all my windows computers. Works great. 1password is a little clunky compared to roboform, but the only game in town for browser integration. it also has a synch ability with mobile me, but i have not tried that yet on multiple macs.

    Share
  16. Nice tips but still annoying to keep all my passwords

    junO
    http://www.pinoycommunity.net

    Share
  17. I use Pageonce. Not only it saves my passwords, it also shows the most relevant information from my accounts on one page. Also works on iPhone, which was a must have for me.

    Share
  18. Check-out Password Dragon – Free, Easy and Secure Password Manager. Works on Windows, Linux and Mac. Can be used from USB Drive.

    This is a shameless plug and I’m the developer of Password Dragon.

    Share
  19. Shibbo is an online password manager and has a Portable version to run from a USB drive. It has also a password generator and analyzer.

    Share
  20. I am joining the list of folks who use SplashID. I like having all my passwords with me on my Palm, as well as having easy access to them on my desktop.

    Share
  21. An online service I have been using for a while is “www.just1key.com”. Otherwise, I either use one of my standard passwords, which if is stolen does not give you access to anything critical, or the truecrypt method.

    Share
  22. I used to keep these all in my head, but now they are in NoteScribe. Sometimes they need one number, sometimes two numbers, it’s all too much! Once I forgot too many, I finally started logging them in NoteScribe.

    Jake
    NoteScribe: Premier Note Taking Software

    Share
  23. I’ve been using
    PasswordSafe for ages now and its been extremely reliable. Its very easily portable (based on an encrypted flat file) and is very intuitive. It uses TwoFish (a faster alternative to DES) and was started by Bruce Schneier of the RSA fame…

    Share
  24. suggest you have a look at http://www.myvidoop.com. Its a free cross platform password manager and form filler.
    Its also an openID provider as well.

    Share
  25. I use RoboForm for all of my passwords.

    Share
  26. I actually love the RoboForm software myself. I use it all of the time and it takes all of the menial everyday tasks that I have to perform on my computer daily and shortens them extremely! What once took me fifteen minutes to complete now takes me only one second because RoboForm does the same task with just one click. In fact I wrote a Report about a lot of RoboForm’s capabilities for use that aren’t even touched on in the User’s Manual for RoboForm. You can get that Report here:

    http://www.booksbonkers.com/TheRoboFormReport!1.html

    Share
  27. Just as an FYI…. the myVidoop Firefox plugin supports form filling now. Thanks to everyone that mentioned Vidoop!

    Share
  28. Ray Johnson Monday, July 28, 2008

    One reason RoboForm is better than some of the others is it works with Windows logins that pop-up that annoying dialog.

    I also use RoboForm with FolderShare – and it works great. But why the heck do they no make a Mac client? Most 1Password users are former RoboForm users (including the developers) so they would have a market. Of course, the 1Password dudes refuse to build a Windows version.

    Web based password managers are cool – but not a full replacement for client side ones. (Windows basic auth is one technical reason.) The big issue is its not one-click if you first have to go to another site. It is very cool to have though when you are borrowing a computer…

    And do any of these solutions support entering passwords on a Flash app?

    The ideal solution has certainly yet to be made…

    Share
  29. Since Firefox is cross-platform, the ideal solution would be an extension for Firefox. Too bad Roboform2Go is Windows-only. I\’m looking for something that works in Windows, Mac, and Linux.

    Share
  30. What about keeping your passwords in a good doc? Is that safe?

    Share
  31. I use KeePass, http://keepass/info It’s a good open source program and synchs well with my HP Ipaq so I get full mobility and a desktop solution. The program will accept your own passwords or generate them for you.

    Share
  32. PasswordSafe – one of the best at
    http://passwordsafe.sf.net/

    Share
  33. I use three Windows PCs (1 Vista, 2 flavours of XP) and a Palm. The Windows passwords work fine, the Palm is problematic. To the best of my knowledge, the text file approach is the ONLY system that works across PCs and the Palm, but I’m not happy with that.

    Has anyone else here got a better suggestion?

    Share
  34. I use another online password manager called Mashed Life. This one fits in the third category and has a lot of different features such as iPhone compatibility and a Facebook application. It has top level security like the rest of its competitors but still stresses easy usability. Go check it out.

    Share
  35. Roboform has truly horrible & confusing User Interface, overly complexified; KeePass is overly intrusive and annoying as H3ll.

    CiphSafe is acceptable/easy if you can’t spend money. 1Password for mac is really excellent if you can spend a few $$ & the Windoze version is far far far better than KeePass or RoboForm!

    1Password is now available for windows PCs. Don’t know about the others, will investigate.

    Share

Comments have been disabled for this post