7 Ways to Manage Your Passwords


Screenshot[digg=http://digg.com/security/7_Ways_to_Manage_Your_Passwords]One inescapable facet of web work is the need to come up with, and remember, usernames and passwords. The days when you could get away with picking a single combination and using them everywhere are pretty much gone: that strategy reduces your security to that of the weakest site you use. It’s simply not worth risking that the person who gets hold of some Web 2.0 startup’s database can also get into your online banking.

Fortunately for those of us who don’t have superhuman memories, there are multiple solutions available for generating, and remembering, authentication information for all the different sites and services that we use. Here are seven different ways to keep track of the explosion of passwords, from simple to complex. Depending on your situation (operating system, mobility, number of accounts) you should be able to find something to fit your needs.

1. The simple text file. This is the easiest solution of all: each time you come up with a new password, put it in a text file (or spreadsheet, or outline file, or whatever other format appeals to you). When you need the password, open the file and look it up. This solution makes it easy to back up your passwords, and to move them from one computer to another, even across multiple operating systems. The big problem: it also makes it possible for someone to steal all of your passwords at once. If you go this route, you should use something like TrueCrypt to encrypt the file, just in case.

2. Let the browser remember them. Browser like Firefox will happily remember all of your password for you, and enter them back in when you go back to a site. Unfortunately, this ties you to a particular browser instance unless you jump through some hoops. On Firefox, you can use passwordexporter to export and import your password file, or Mozilla Weave (experimental) to synchronize multiple copies of Firefox.

3. Use a password store. Applications like CiphSafe for OS X or PassKeeper for Windows are designed as secure, client-site password stores. They save all your passwords in an encrypted list for you, so you don’t have to bother with encrypting your list with a separate application. They’re easy to use, but if cross-platform compatibility is important they’re a bad choice.

4. Use a password manager. These do-it-all client-side applications help you generate passwords, store them, and fill in online forms. On Windows, RoboForm is most often mentioned; on OS X, 1Password has a strong following. The main issues with this sort of application is that they are operating system specific, and it can be difficult to share passwords across multiple computers.

5. Regenerate as needed. This is the strategy taken by PasswordMaker. Available for Firefox, Windows, Mac, and more, PasswordMaker uses a one-way algorithm to generate a unique site password based on your master password and the URL of the site you’re visiting.

6. Use an online password manager. Applications like Clipperz or my1Password (currently in closed beta) store all of your passwords online and encrypted, accessible only by your own master password. When you need a particular password, you just visit their site from any browser and enter your master password to get going. This gives you excellent portability, though the user interfaces for these services have some tendency to be clunky.

7. Use a proxy service. This is the approach taken by PageOnce, which lets you set up a single account and then use it to access a variety of internet services. They do this by asking for, and storing, your credentials on those services, so how useful this is depends on how much you trust their security.

Did we miss your favorite way to manage passwords? Tell us about it!

Image credit: stock.xchng user victures



What about keeping your passwords in a good doc? Is that safe?


Since Firefox is cross-platform, the ideal solution would be an extension for Firefox. Too bad Roboform2Go is Windows-only. I\’m looking for something that works in Windows, Mac, and Linux.

Ray Johnson

One reason RoboForm is better than some of the others is it works with Windows logins that pop-up that annoying dialog.

I also use RoboForm with FolderShare – and it works great. But why the heck do they no make a Mac client? Most 1Password users are former RoboForm users (including the developers) so they would have a market. Of course, the 1Password dudes refuse to build a Windows version.

Web based password managers are cool – but not a full replacement for client side ones. (Windows basic auth is one technical reason.) The big issue is its not one-click if you first have to go to another site. It is very cool to have though when you are borrowing a computer…

And do any of these solutions support entering passwords on a Flash app?

The ideal solution has certainly yet to be made…

Kevin Fox

Just as an FYI…. the myVidoop Firefox plugin supports form filling now. Thanks to everyone that mentioned Vidoop!

Omarra Byrd

I actually love the RoboForm software myself. I use it all of the time and it takes all of the menial everyday tasks that I have to perform on my computer daily and shortens them extremely! What once took me fifteen minutes to complete now takes me only one second because RoboForm does the same task with just one click. In fact I wrote a Report about a lot of RoboForm’s capabilities for use that aren’t even touched on in the User’s Manual for RoboForm. You can get that Report here:



I’ve been using
PasswordSafe for ages now and its been extremely reliable. Its very easily portable (based on an encrypted flat file) and is very intuitive. It uses TwoFish (a faster alternative to DES) and was started by Bruce Schneier of the RSA fame…


I used to keep these all in my head, but now they are in NoteScribe. Sometimes they need one number, sometimes two numbers, it’s all too much! Once I forgot too many, I finally started logging them in NoteScribe.

NoteScribe: Premier Note Taking Software

Scott S

An online service I have been using for a while is “www.just1key.com”. Otherwise, I either use one of my standard passwords, which if is stolen does not give you access to anything critical, or the truecrypt method.

Trina E, Roach

I am joining the list of folks who use SplashID. I like having all my passwords with me on my Palm, as well as having easy access to them on my desktop.


Shibbo is an online password manager and has a Portable version to run from a USB drive. It has also a password generator and analyzer.


I use Pageonce. Not only it saves my passwords, it also shows the most relevant information from my accounts on one page. Also works on iPhone, which was a must have for me.


Tried many of them, roboform is the king on windows and 1password is the king on apple. It is possible to export roboform passcards to a file and then import into 1password. I put my roboform passcard files in my DropBox and now they are synched perfectly on all my windows computers. Works great. 1password is a little clunky compared to roboform, but the only game in town for browser integration. it also has a synch ability with mobile me, but i have not tried that yet on multiple macs.


I still like SplashID on my Palm. I could also export the password as csv file for backup. Using the Palm Desktop I could have the same set of data not only with my palm smartphone but across my home and office PC.

Using a U3 enabled USB flash disk with a password manager installed is another way of storing and shuttling your passwords from one pc to another. Notable software to install in U3 devices includes Roboform and Signup Shield Passwords.

Jamie Lawrence

Another missing category: mobile password apps. They have a small application on the mobile device and a counterpart app on your computer. Passwords are sync’d between the two and encrypted using the same password. There are plenty of things, like bank account details, that you need to remember when you’re not in front of a computer and/or don’t have internet access.

I used SplashID on my Palm for years but then found it a little slow and awkward on my Symbian phone. Now I use Handy Password Safe. Sure, they don’t integrate with you web browser but it seems like a small inconvenience compared to the benefit of having them always with you.


Even easier : the Keychain Access under Mac OS : it stores password in a secure DB and it can be synched through MobileMe (former .Mac).



quick and dirty solution for Mac users:
Use disk utility to make a small disk image with AES encryption. Keep yourself a plain text file in it with your passwords in. Only mount the disk image when you need it, cut and paste, and unmount.


I use roboform and synch my passcards between machines with Foldershare(www.foldershare.com).


@leonid – i think that passpack will introduce sharing soon. check their blog

Leonid Mamchenkov

What about web-based software for password management? I need a tool for my team/company to share passwords to all sorts of equipment and services. Ideally, I need something that can have different access levels too.

A few years ago I wrote a tool like that for the company I was working for, but it wasn’t open sourced. There should be something similar from someone else….

David A Teare

You’re right that sharing data between machines is one of the most difficult aspects of Password Managers.

Our plan is to make 1Password synchronize your passwords across your Macs so it is as easy to switch between your Macs as it is to switch between browsers. We learned a lot writing the Sync for iPhone/iPod touch application and will be building this directly into 1Password soon.

As for switching between operating systems, our plan is to use the my1Password web service to enable easy access to your data from anywhere “in the cloud”. Once my1Password exits closed beta it will be able to automatically sync itself with all your Macs.


–Dave Teare
Co-author of 1Password

Comments are closed.