Password management methods: what do you use?
Last night I received a general question from jkOTR reader Steve about security and password management. Good timing because I was actually reading WebWorkerDaily’s "7 Ways to Manage Passwords" article when Steve’s note came in. First and foremost, I think security and password management approaches will vary by individual: we all have different risk-factors and likely prefer different methods. As I’ve said before, I’m willing to provide some personal data in order to gain from more personalized services; of course, I expect my personal data to be handled professionally and securely. Others may not want to share personal data of any type and that’s fine too.
In terms of password management, I’m still working my way towards the best solution for me. I have high hopes for Mozilla’s Weave project: a prototype we’ve covered here before. Essentially, I’ll store all of my passwords right in Firefox and Weave would sync them, as well as bookmarks, cookies and more, to other mobile devices I use Firefox on. James is a huge fan of Roboform on the PC side and I swear by 1Password for Macs. Since I use an iPhone, I appreciate how 1Password now has a free client for my handset ; it even syncs the passwords from my Mac, which reduces the amount of redundant data entry. From a Windows Mobile standpoint, I’ve used eWallet in the past: it’s great for keeping important account numbers safe and handy, but works fine to remember passwords as well.
These days I’m generally using a single computing device for my web-only challenge, so I’m still considering what strategy is best. A single device owner can probably get by with basic password management included in a browser (at least for web passwords) and/or a simple text file. I’d probably password it though. ;) Multiple device owners face more of a challenge however, and if your devices run on different platforms, things can get complicated. Since the web is pretty ubiquitous across platforms, I’d again gravitate towards a web-based method. I haven’t yet seen an application that will offer password management across Mac, PC and all of the various mobile platforms like Windows Mobile, iPhone and S60, but that would be ideal.
How about it: what are you using for password management and why?
Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.
I use KeePass, since it has apps for Mac, Windows and WinMo. I haven’t tried the Linux, J2ME, BlackBerry or Palm versions, but I do think I’ll be installing the Linux one tonight.
I use my personal predictability. I just try to remember what mindset I was in, and the data to go with it, when I made the password. So basically I don’t remember passwords, I regenerate them.
I use the same password for all accounts because it is easy to remember.
I have been using KeePass. I recently though started to change back to using one strong password for most of the sites I use (Twitter, FriendFeed). I still use 20+ character passwords from KeePass for really secure sites (mint, home banking). I changed from using these long passwords for everything to make accessing the sites on my Blackberry (and LG Chocolate) easier.
The wand feature of Opera has always served me well.
I use Password Safe – http://passwordsafe.sourceforge.net/
It is open source and works very well.
I used it when I was system admin for a medium sized company – I would use the password generator feature to create very complex passwords for root and admin access then I would create users with slightly easier passwords. It was very effective.
For cloud computing you may want to try Clipperz: http://www.clipperz.com/
I use Password Manager XP. Passwords are encrypted. Same license can legally be used on multiple devices and memory cards by the same user. Syncs and installs on memory cards. Can generate passwords for you. Will even remind you to change passwords if you want, at refular intervals. Works well on both XP and Vista. I highly recommend it.
I use Password Manager Deluxe from Kristanix Software. I used Password Corral for a long time but PWD works very nicely and even includes Drag and Drop for putting usernames and passwords into websites.
I have eWallet to track my cards, numbers and accounts.
..wiley
NW Harris County
SplashID on my PC and Palm TX.
TrueCrypt
http://www.truecrypt.org/
all my machines are WDE (Whole Disk Encrypted) as well as my external data HDD’s. so all i have to do now is use a simple text file.
i would never trust an encryption program that isnt open source. too many possibilities of backdoors, improper coding security risks, or improper algorithm implementation.
but there are still many other open source encryption programs that are useless if they do not support not on-the-fly (means they create temp files on the disk) and/or if they dont encrypt the entire system will also page out the key to the swapfile.