[digg=http://digg.com/security/7_Ways_to_Manage_Your_Passwords]One inescapable facet of web work is the need to come up with, and remember, usernames and passwords. The days when you could get away with picking a single combination and using them everywhere are pretty much gone: that strategy reduces your security to that of the weakest site you use. It’s simply not worth risking that the person who gets hold of some Web 2.0 startup’s database can also get into your online banking.
Fortunately for those of us who don’t have superhuman memories, there are multiple solutions available for generating, and remembering, authentication information for all the different sites and services that we use. Here are seven different ways to keep track of the explosion of passwords, from simple to complex. Depending on your situation (operating system, mobility, number of accounts) you should be able to find something to fit your needs.
1. The simple text file. This is the easiest solution of all: each time you come up with a new password, put it in a text file (or spreadsheet, or outline file, or whatever other format appeals to you). When you need the password, open the file and look it up. This solution makes it easy to back up your passwords, and to move them from one computer to another, even across multiple operating systems. The big problem: it also makes it possible for someone to steal all of your passwords at once. If you go this route, you should use something like TrueCrypt to encrypt the file, just in case.
2. Let the browser remember them. Browser like Firefox will happily remember all of your password for you, and enter them back in when you go back to a site. Unfortunately, this ties you to a particular browser instance unless you jump through some hoops. On Firefox, you can use passwordexporter to export and import your password file, or Mozilla Weave (experimental) to synchronize multiple copies of Firefox.
3. Use a password store. Applications like CiphSafe for OS X or PassKeeper for Windows are designed as secure, client-site password stores. They save all your passwords in an encrypted list for you, so you don’t have to bother with encrypting your list with a separate application. They’re easy to use, but if cross-platform compatibility is important they’re a bad choice.
4. Use a password manager. These do-it-all client-side applications help you generate passwords, store them, and fill in online forms. On Windows, RoboForm is most often mentioned; on OS X, 1Password has a strong following. The main issues with this sort of application is that they are operating system specific, and it can be difficult to share passwords across multiple computers.
5. Regenerate as needed. This is the strategy taken by PasswordMaker. Available for Firefox, Windows, Mac, and more, PasswordMaker uses a one-way algorithm to generate a unique site password based on your master password and the URL of the site you’re visiting.
6. Use an online password manager. Applications like Clipperz or my1Password (currently in closed beta) store all of your passwords online and encrypted, accessible only by your own master password. When you need a particular password, you just visit their site from any browser and enter your master password to get going. This gives you excellent portability, though the user interfaces for these services have some tendency to be clunky.
7. Use a proxy service. This is the approach taken by PageOnce, which lets you set up a single account and then use it to access a variety of internet services. They do this by asking for, and storing, your credentials on those services, so how useful this is depends on how much you trust their security.
Did we miss your favorite way to manage passwords? Tell us about it!
Image credit: stock.xchng user victures