How do you manage your passwords?

[ch33zw1z]

I use my brain for all my own.

For all 30+ passwords for work, I keep those in a memopad on the work phone.

 

[Possessed Freak]

I have a post it note on the bottom of my keyboard.

Nah, memory.

 

[Vic Vega]

I keep them in my head. I'm leery of of using automated, and centralized tech solutions. It promotes laziness, and puts EVERYTHING in a single failure point. Every so often I look at a password manager, but so far I haven't bitten.

Indeed.

 

[kranky]

I use the brilliant strategy of memorizing all my passwords. I use a system whereby each is different. E.g., my generic password is something like 123boogeypizzaclowncarrots!*

For every site I go to, I insert a few characters between the 123 and boogey. For example, on AT, I could insert AT - but if one password was compromised, someone might figure that out. So, I refined that sytem. Say, instead of AT, I use ZS, since those are each of the letters preceding A and T. That also allows a mix of caps into the password. Thus, hotmail is either 123Gboogey.... (or it's 123GLboogie... depending on whether I add 1 or usually 2, but occasionally 3 or more letters.)

Of course, it's not really 123boogeypizzaclowncarrots - it's something long that my fingers can whip out in about 1 second.

That's my strategy also - a long-enough password that's unique to each site but I can memorize the unique part. I decided I have to be able to memorize them and not depend on a program.

The exception is three systems at work, which I eventually had to write down. The password rules are absurd, they change too often, so I caved in and started writing them down. (must be exactly 8 characters of which 1 must be a digit, change every month, cannot reuse any of the last 24.)

Just let me choose a very long password that has special characters, mixed case, and digits, then don't make me change it ever. That's safer than requiring a password that I have to change every month. You're just forcing me to write it down.

 

[Brainonska511]

I recently started using KeyPass. There are just too many sites where I need only once in a blue-moon to remember, and I don't want to use weaker passwords.

You could also try using words, like correct-horse-battery-staple

http://xkcd.com/936/

 

[Chiropteran]

For most pointless stupid accounts like forums and game accounts for non-MMO games I just use a short number + word password that is very easy to type and remember. Not incredibly secure but I don't really give a shit if someone hacks them.

Then I have a standard "secure" password of multiple characters and numbers and non-words, and while I know it's a bad practice but I use this password for multiple sites. I believe the risks of using the same password many places is less than the risk of being forced to write down the passwords and possibly losing them.

Accounts with actual direct or indirect monetary value are secured in a greater way.

WoW uses a standard password, but also requires an authenticator.

My banks use a different password, and additionally require other information if I haven't already logged on from a given computer.

My google account, because it can be used to reset my other passwords, has a completely different and more secure password than other sites.

And for maximum security, things I don't even need to log into regularly, I create a completely randomized password and I don't remember it or record it in any way. I simply reset the password if I ever need to get into these accounts.

And...

You could also try using words, like correct-horse-battery-staple

That is what i use to encrypt my bitcoin wallet. It's a nonsense phrase of 8 words including a made-up word that I have used for years and will never forget but a computer won't have in any dictionary.

 

[Kelemvor]

Well, after reading some more online as well, I'm going to give Lastpass a try. I like that it works as a browser add-on so I can use it at work and at home and at any other PC I might ever go to.

We'll see how it goes.

 

[Druidx]

Keypass +sugarsync
I rarely ever need it even though I use a different password for every site. I use a made up word that is typed differently based upon the name of the website.
Each hand on the home row will get shifted left,right, up or down based on the 1st and 2nd letter in the name. Then I will randomly add 2 numbers or symbols based on the next 2 letters in the name.

I have to look up my username more often than password.

I decided to never use the same password anywhere about 11 years ago when I learned the admin of a large forum was using a brute force program to decrypt member passwords, which he then used to access their accounts elsewhere.

 

[xanis]

I cycle between ~4 passwords.

 

[jacktesterson]

I use LastPass

I've got tons of different passwords for various databases, API credentials, etc at work. Wouldn't survive without it.

 

[Jeff7]

A Truecrypt archive, protected by a fairly lengthy password. Though I'm sure a government supercomputer could probably brute-force it in a day or two, or a $20k OpenCL cluster in a few weeks, given how insanely powerful computing technology has become. :\

 

[soulcougher73]

My brain at the moment.

 

[D1gger]

I used to use Keepass, but now I use Lastpass, as it works on windows, osx, linux, windows phone 7.5, android, iOS, etc.

 

[KeithTalent]

Notepad.

KT

 

[Red Storm]

I remember them. Not the best system I know, but it works for me.

Until I get amnesia. But even then, worst case I have to do a password recovery. I don't have anything where if I don't remember the password I'm royally screwed.

 

[BurnItDwn]

I've been using Password safe for a LONG time (ever since Our IT Security folks recommended it)

http://passwordsafe.sourceforge.net/

I have about 75 or so different accounts that I use it for at work.

 

[zinfamous]

I make one text file with all logins and passwords to all of my accounts.

then, I mail it out to everyone that I have "friended" on Facebook, so that I know I have some backup.


<--smarts

 

[SagaLore]

It's encrypted with AES256 into a MySQL Database. The key is actually the password to login to it. Downside with that method is I can't change my password without decrypting and re encrypting with the new password but the upside is if someone was to manage to steal the database it would take a long time to reverse it giving me enough time to go through and change all the passwords.

Or they could just snoop while you're entering or accessing the passwords, since that page is not behind HTTPS. :sneaky:

 

[SagaLore]

I used to use Keepass, but now I use Lastpass, as it works on windows, osx, linux, windows phone 7.5, android, iOS, etc.

That.

 

[lord_emperor]

Paper.

Really if someone mugs me or breaks into my house I have bigger problems.

 

[Train]

Or they could just snoop while you're entering or accessing the passwords, since that page is not behind HTTPS. :sneaky:

Where did he say anything about a page? Or even accessing the DB over a network?

 

[Blueychan]

keepass

 

[clamum]

KeePass and a USB thumb drive.

 

[paperfist]

A notebook locked in a safe.

 

[Aikouka]

Hmm I kind of wish that KyPass (iOS Keepass app) had the ability to generate passwords like the Windows Keepass app can. Is there an iOS Keepass app that is Keepass 2.x compatible and is capable of generating passwords? Heck, even a separate app/utility would be fine since I could just paste between them.