Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security Software

Coping with the Avalanche of IDs and Passwords? 120

Posted by Cliff from the information-overload dept.
Bitwick asks: "The number of web sites and other systems I need IDs and passwords for is finally becoming overwhelming. Right now, I tend to use a small selection of IDs and passwords. I know this isn't an ideal situation, but so far it has been the most practical. However, it has become clear to me that this needs to change. I am planning to get a USB keyfob and a password manager to keep track of my IDs and passwords. What experience have you had with password managers? What's good, what's bad, what features are important? Are there other reasonable and secure alternatives?"
This discussion has been archived. No new comments can be posted.

Coping with the Avalanche of IDs and Passwords? More

Coping with the Avalanche of IDs and Passwords?

Comments Filter:
  • Password Corral [cygnusproductions.com] for Windows -- it's free, and the best one I've found, hands down.

  • Password manager? (Score:4, Funny)

    by Tanmi-Daiow ( 802793 ) on Friday July 08, 2005 @10:56PM (#13018652) Journal
    How about BugMeNot [bugmenot.com].

  • security at its best... (Score:2, Funny)

    by Anonymous Coward
    i love the post-it note method under the keyboard, now thats secure

  • Obsfucation? (Score:4, Interesting)

    by OneDeeTenTee ( 780300 ) on Friday July 08, 2005 @10:58PM (#13018656)
    A text file with your usernames and passwords slightly obsufucated may work depending on the sort of person you expect to find your thumbdrive.

    You can run Openoffice on a thumb drive and save your list of passwords in a encrypted document if you need added security.

    • Re: (Score:3, Interesting)

      by account_deleted ( 4530225 )
      Comment removed based on user account deletion

      • Re:Obsfucation? (Score:3, Interesting)

        by golgotha007 ( 62687 )
        But the problem remains if you log in from a public terminal or other computer.

        Look folks, it's easier to keep track of all those web registrations than you think.

        First of all, choose a highly unique username that is unlikely to be taken by someone else (like ajh1198).

        Next, choose a common word like pirate (change the i to a 1), so you end result is p1rate.

        Now, for each site you visit, take the first letter or first two letters of the site and add that to the beginning of your password. In this case, m
        • Building on the same idea

          Trunc(Base64(MD5([Website subdomain or IP] + [master password])),[Maximum allowed length])

          Here [voila.fr] is a webpage with client side javascript that does just that. I suggest saving a copy, modifying it to allow variable length truncation, and make it your home page.

          There is a bookmarklet of a similar script (no base64) here [angel.net]
        • That sounds great, but most sites have password restrictions (length, basis on a word). For me, it's always the one exception to the rule that I forget.
          • I keep a text-based list of all my logon IDs, with a very vague reference to the password.

            So here's what I go through. (names of been changed to protect the innocent) All my passwords are generally the same, with slightly different numbers. So let's say my MSN password is based on an obscure auto part called a hog ring. Here's what my list would look like:

            MSN
            auto12123

            Yahoo
            auto5

            And so on... So *I* know what 'auto' really means (for this example 'hogring), but no-one else ever will. If I change my pa
      • That assumes you only use passwords on the web.
        Some people have lives outside of the web.
        Some even have lives outside of their computers (ATM PIN, password on bank accounts, utility accounts, etc).

  • All eggs in one basket and watch that basket? (Score:4, Informative)

    by Creosote ( 33182 ) on Friday July 08, 2005 @10:59PM (#13018661) Homepage
    My system for quite a few years has been to keep passwords in an encrypted file located somewhere that I can easily get to it whenever I have an Internet connection. I'm sure that's less secure than keeping it on a USB device. But the risk of someone hacking the file I consider to be much lower than the risk of losing the file (via system crash, user stupidity, or whatever), so that ability to have it backed up is crucial. And unless you are scrupulous enough to regularly back up a file on a USB device to another offline device that you will always have and not lose, I don't see that it's a better system, all things considered. I'm willing to be convinced otherwise...

  • Password algorithm (Score:5, Insightful)

    by spineboy ( 22918 ) on Friday July 08, 2005 @11:06PM (#13018679) Journal
    You can have a different password for each site if you make an algorithm for your password that involves the website. I.E have a standard password and add a few letters of the sites name, or add game to it if it is a game site, pron if it is that type of site, etc - Be creative and make it easy and it should work for you.
    • Dude, that's a good idea. Never thought of that.
    • The firefox extension you are looking for is Password Composer [xs4all.nl]

      Takes the domain name (plus/minus the www. if you prefer) and runs an MD5 of that plus your password, chops it to I think 10 chars. Damn near freakin impossible to work backwards from even though the domain name starts the md5, and it's a dead easy algorithm that you could do manually from the shell if you so desired.

      Unfortunately, this only works well for web-based forms, though in theory one could do it via shell for other things.

      • One cup of hostname (with a pinch of subdomain as per taste) into a bowl, crack one master password into the bowl add and stir using an MD5 size spoon.

      • Re:Password algorithm (Score:4, Informative)

        by Philom ( 24273 ) * on Saturday July 09, 2005 @01:05AM (#13019193)

        Using MD5 and a single master password isn't such a good idea.

        Suppose a bad guy steals your password for one site and wants to learn your master password (which you input to the hash function along with the domain name of the site). He can perform a brute force attack by checking each possible input password up to a certain length to see whether hashing it produces the stolen site password.

        The problem is that MD5 is very fast to compute: for small blocks it takes <0.5us on a modern CPU. That means testing every possible password is surprisingly fast. For example, searching the space of all 8 character alphanumeric passwords (single case) would take only 16 days! With your master password in hand, the attacker can almost immediately determine your passwords for every other site where you employ this scheme. Of course, the attacker can work even faster if your password is in any way guessable.

        Splitting a password with a hash function *can* work very well, but doing it securely is tricky. See this paper [princeton.edu].

    • short sweet simple,

      now just to change them all...
    • This is what I do actually, I won't give it out (obviously) but it is fairly simple.

      I realise many people sign up with an email address, and give the same password as their email address to the website.

      Hahah, silly.

  • Password Safe (Score:5, Informative)

    by PktLoss ( 647983 ) on Friday July 08, 2005 @11:09PM (#13018690) Homepage Journal
    Password safe is awesome
    http://sourceforge.net/projects/passwordsafe/ [sourceforge.net]

    Bruce Schneier recomends it in many/most of his monthly crypt-o-grams
    http://www.schneier.com/ [schneier.com]
    • Password Gorilla [www.fpx.de] is also a very good Password Safe compatible client that runs on Windows, OS X and Linux.
      • oooh, i have an idea: password gator

        "this Desktop Pal(tm) remembers all your passwords for you! free download from the well known gator corporation"


        i thought it was funny until i looked to make sure the company was called gator (and not just the product). i was surprised to find the gator ewallet [gator.com] that fills out forms, holds passwords, and encrypts stuff, and now i don't know what to say.

        • The Gator eWallet has been around for years - I remember cleaning systems back in high school, from Windows 95 and 98 boxes - that had it, because it game in one of many ways. The free version of Sneed for Windows I think was one of the culprits...
    • If you like Password Safe, Password Gorilla [www.fpx.de] uses a compatible database, and it runs on many more platforms through the use of TclTk.

  • Let the avalanche come. (Score:5, Funny)

    by TheCamper ( 827137 ) <SporkMasterSpork@@@gmail...com> on Friday July 08, 2005 @11:10PM (#13018691) Homepage
    I have a separate password for EVERYTHING I have, no matter how obscure the website or service is. Each password is at least 10 characters long, with random uppercase/lowercase letters, numbers, and symbols; none of this "can be broken by a dictionary attack" crap.

    The trick is, you don't actually have to memorize your passwords; after you type each one about 20 times, your fingers retain it in muscle memory. I actually couldn't tell you what any of my passwords are, I have to type them on a qwerty keyboard. (If I ever lose one of my hands, I'm screwed.)

    Anyway, as backup, I have them all written down on a sheet of paper in an undisclosed location, with the format of login on one line, password on the line after it, with no identifying information on which login/password combo goes to what website, computer, etc. The text in this list is also encrypted using a one time pad encryption program (that I wrote myself), the key to which is in a different undisclosed location.

    So if my fingers happen to forget one of the passwords, I can still retrieve it (with a lengthy process). You'd be surprised how many different login/password combos you can remember, even months after you've used them last, if you type them several dozen times over the course of a few days. But to each his own. That's just my system.
    • The problem isn't remembering passwords, but remembering which password works with which login. If you have 20 logins and 20 passwords, there are on the order of 20! ways to mess up and compromise your other passwords.

    • The trick is, you don't actually have to memorize your passwords; after you type each one about 20 times, your fingers retain it in muscle memory.

      If you want to rely on that, be my guest, but please be aware that there is no such thing as "muscle memory". Your muscles don't remember anything; you're just talking about transferring the information to a different part of your brain.

      The problem with this approach, of course, is that the information you remember will shift slightly with time, and when y

  • Password Manager XP by cp-labs has worked good for us.

    http://www.cp-lab.com/index.html [cp-lab.com]

    Amongst many other features, it supports removable devices such as usb keyfobs and will install the necessary binaries on the device to run from.

  • From another /. story... (Score:1, Interesting)

    by Anonymous Coward
    hNo
    matter where I'm at, I am always ssh'ed into my server. So, I put the following into my .vimrc:

    augroup encrypted
    au!
    autocmd BufReadPre,FileReadPre *.gpg,*.asc set viminfo=
    autocmd BufReadPre,FileReadPre *.gpg,*.asc set noswapfile
    autocmd BufReadPre,FileReadPre *.gpg set bin
    autocmd BufReadPre,FileReadPre *.gpg,*.asc let ch_save = &ch|set ch=2

    autocmd BufReadPost,FileReadPost *.gpg,*.asc '[,']!sh -c 'gpg --decrypt 2> /dev/null'
    autocmd BufReadPost,FileReadPost *.gpg set nobin
    autocmd BufReadPost,File

  • Paper. (Score:3, Informative)

    by Pyromage ( 19360 ) on Friday July 08, 2005 @11:13PM (#13018703) Homepage
    No, seriously. Paper is an incredible solution. At our office we have a locked filing cabinets we store passwords in. Quite handy.

    An excellent personal solution is to keep a list in your wallet. Keep another list somewhere safe and stationary, so that if you lose the first one you have a complete list of sites to go down to change all the passwords.

    It's pretty much the simplest thing you could possibly have, secure, and responds well to failure.
    • Comment removed based on user account deletion
      • Ahh, but they're not lost. You pull the one out of your safe location and go change all your passwords.

        Keep in mind where you stand: yes, you can lose your passwords with everything else. But you've lost everything else then too; I'd be more worried about losing my drivers license, credit cards, etc., than I would the couple of passwords. Even if I lost my bank's website's passwords, how is that worse than losing my debit card?
      • It's called a "mugging attack"


        And your average mugger is going to know that how, exactly? You have a piece of paper in your wallet with "xyzzy, ncc1701a" and he's supposed to deduce that it's a username and password?

        The simple, obvious solution is just one *good* username and password for everything. The odds of that becoming compromised are much smaller than the odds of you forgetting/losing one of the multiple ones.
        • One *good* username and password may not be that good.

          First of all, let's completely rule out the trust issue you have to have with each of the site's sysadmins, which actually is something to consider (since nearly every forum around requires registration to write, and some require registration to read). You have to worry about sites being compromised. Even if the sites all store passwords encrypted, a compromised site could capture passwords in plaintext before they hit crypt(). If you use the same pa
          • First, let me say that I appreciate receiving a coherent, well thought out response to my post. That's becoming all too rare here on /.

            You're basically right. My suggestion is balancing odds, and I still think that odds are substantially that your username/pw won't be hacked, or captured by a "rogue" site. It's like losing my house key: if I lose it while fishing, I'll just get a new one (yes, my house has one key for all locks :-) because the small probability that the person who may have seen me drop the
            • I do agree that there needs to be a balance on the odds. That's why I think our solutions (sensitive passwords written down, generic passwords used across other sites) works rather well. It's the idea of using the same login/password on upwards of ... 50 sites, some of which may be run by unscrupulous people (yeah, I've got about 50 logins across the web and my job) kinda scares me. I still think that statistically, it's more likely that a person will have a problem with a compromised password being used
  • I have a few passwords that I use for all the various things that I need passwords for. The upside of this is that I don't have to remember as much. The downside is that if anyone ever did learn my password, it would compromise more than if I used a different password in each instance.

    However, as a countermeasure I've been known to make my few passwords very long and obscure (full sentence method).

    • Re:Pick a few (Score:3, Insightful)

      by Sancho ( 17056 )
      A long and obscure password means you are probably never going to be brute-forced. Good for you. But shorter, unique passwords for each site is better for security for your average person.

      Crackers don't want your login and password--they want any login and password--precisely because so many people reuse passwords across multiple sites. If they manage to recover your password through a site hack or phishing scam (yes yes, you're on Slashdot, you're not going to fall for one of those) or a cross-site scr
  • Password Safe [schneier.com]. Works great. You could just install on your USB fob, I imagine.
  • bla.com: u/xyz p/abc
    yada.com: u/abc p/def
    bbb.com: u/def p/ghi

    K.I.S.S. Why do anything more complex?
  • KisKis [sourceforge.net] is the best I've seen. Cross-platform, various templates, encrypt files too. I keep the database and the installer (which is also cross-platform, Java is cool) on my USB key.
  • I use S.T.R.I.P. "Secure Tool for Remembering Important Passwords" running on my palm OS handheld (Palm IIIxe). The encrypted DB is backed up when the palm hotsyncs so if I ever lose the handheld I can restore it to a new one.

    by having it on my handheld which is very nearly always with me I don't have to rely on the app running on whatever system I'm working on at the time (various windows, Linux, Solaris, MVS, and others)
    • S.T.R.I.P. is a little tempermental (as far as how to actually enter data - it's not as user-friendly as one would hope) but it is very useful for storing all kinds of information in a secure but easy to get to location.

      If you keep a Palm close by, look in to it!

  • A whacky idea (Score:3, Interesting)

    by sonamchauhan ( 587356 ) <sonamc.gmail@com> on Friday July 08, 2005 @11:55PM (#13018889) Journal
    Problem statelment: How to associate one string (domain name) with another string (username/password combination)? a.k.a. translate strings.

    Here's a whacky possible solution: use a translator pen, such as this:"SuperPen Translator" - which supports 'custom dictionaries' [languagere...online.com] , to store passwords. Run the pen across site's address bar displayed on the computer screen, and the pen translates it to your username/password for that site.

    Here's another of those pens: C-Pen [cpen.com].

    Of course, if none of their dictionaries are user-editable, and if they have no SDK, this won't work.

    Here's a more sensible solution: Javascript password generator [angel.net]
    (Video about it - flash format) [infoworld.com]
    • I like your idea. What I think would be interesting is the creation of a programming algorithm that takes the name of the site or service and converts it to a password string. The benefits of this that I see is that *no* password gets stored and each login receives a totally unique password. It would work on extremely low memory devices and would support a theoretically limitless number of accounts. :-)
      • Thanks. :) I hope it works if someone tries it. Perhaps it would be even possible to have easy-as "add password" mode - scan the URL on screen, then write down the username/password on a piece of paper (or notepad) and scan that. Destroy the piece of paper.

        Regarding an algorithm to generate a unique password, take a look at the page source of the Javascript password generator link to in my previous post - that guy has implemented the MD5 algorithm in Javascript (see "function core_md5(x, len)")! Is this wh
    • The SuperPan is not magical! It WILL burn you!
    • I know someone who used one of those cue-cat barcode readers that output an encrypted version of a barcode as a way of using objects on his desk like books or candy wrappers as user names and passwords.
      • Thanks! That's interesting. :) He'd better not lose those candy wrappers. :P

        At least one of the two pen readers I linked to above can translate barcodes.

        What would be cool is adding a bluetooth module to one of these readers so it can associate with a computer as an additional keyboard. Like so:

        Website requests authentication -> user scans browser address bar -> pen device brings up the associated credentials -> user sends them via bluetooth keyboard
  • We have standards for everything else, why not create a password-protection standard? If there was a standard set of requirements for a password, then people could use the same password for all standard-compliant systems.
  • What do you do when you dont trust the system you're at, enough to insert your USB keyfob (ie: internet kiosk, or needing the password to a customer's system while onsite)?

    How about a USB KeyFob with a built-in display, and a means of entering a password to decrypt the database. When you want to make a change, you use a tool like Password Safe to edit the text file from a trusted system (copy the text file for backups too!). Though when you're at an untrusted system, you just snatch your password using the
  • I keep mine in an email that I sent to myself. I am only in trouble if I forget the password to that email account. I think it's a pretty solid system. I can access it from anywhere, and somebody would have to hack a pretty solid email provider to get at my information.

  • Keyring (Score:5, Informative)

    by adolf ( 21054 ) * <flodadolf@gmail.com> on Saturday July 09, 2005 @12:26AM (#13019033) Journal
    I run Keyring [sourceforge.net] on my Palm Pilot. It works well. I carry my Palm with me literally everywhere but at rock concerts, and it's very nice to have every obscure, seldom-used password securely available wherever I happen to be.

    All of my passwords are there, and a few other bits of even more important personal information.

    Stuff is encrypted, and lives in the Palm's RAM where it will be destroyed instantly upon power loss. So, if left in a bus terminal, chances are that the data will be gone before the hapless thief finds a charger for it to keep the RAM alive, let alone manages to crack the database or even recognize its existance.

    All I have to do is remember one passphrase.

    Stuff is also backed up to the machine that I hotsync to, where it remains encrypted on disk. While non-volatile, the machine does have the advantage of vastly increased physical security.

    And that isn't much of a backup regime, so all of the work-related passwords and data that might affect Other People get beamed via IR to a co-worker with a similar rig. This usually happens in the windowless basement I call "work," and is thus also reasonably secure despite its plaintext-edness.

    I've used Keyring on everything from old-school black-and-green Handsprings, to Treo 650s. It Just Works(tm). It is free. It is GPL'd.

    I'd go on, but I shouldn't have to...

    • I've used Keyring on everything from old-school black-and-green Handsprings, to Treo 650s. It Just Works(tm). It is free. It is GPL'd.

      Yep! I use it too, and love it. It's especially handy for those occasions when somebody calls you up about work you did a couple of years ago. Those passwords have long ago faded from my memory, but not from my Palm's memory.

      So, if left in a bus terminal, chances are that the data will be gone before the hapless thief finds a charger for it to keep the RAM alive,

      Note th
    • When I realized that I needed to keep all my passwords unique, I looked around and bought a Palm Zire 31 and run Keyring on it. The Zire 31 is not too expensive and I can very easily back it up with an SD card.

      I also carry a Palm-based phone, but I don't trust it. It makes mysterious 10-second data calls on its own. I also don't particularly trust the Zire's software, but I keep it mostly incommunicado, so I don't have to trust it so much.

      -kb, the Kent who says: "Never reuse passwords, write down passw
  • Save the following html page to your computer or usb device

    http://angel.net/~nic/passwd.html [angel.net]

    Come up with a master password, enter the domain name of the particular site you are browsing and a unique password is generated for that site. All you have to remember is your master password. The page uses javascript, no data is passed to the internet. Whenever you need a password, just run the saved html page, enter master password, enter domain name, click generate button and you have your password
  • Comment removed based on user account deletion
  • Besides being a programmable day runner with alarm,
    Besides keeping cheatsheets, notes, & reference files

    You get a program that will keep passwords and encrypt the datafile. Not just is it unlikely someone will be able to "steal" your passwords, but a backup copy of the data will be available when you sync the PDA.
  • Personally I use yaps [msbsoftware.ch] on a Palm Pilot, though I could see using another PDA-based one. The cool trick about YAPS is that you can drag your pen across their keyboard for multiple inputs, effectively allowing you to draw very, very long passwords quickly.

    I would use either a PDA-based or a phone based system... something you carry with you at all times, no computer required. Mine has everything from password / logins to credit card information and bank numbers. You're not always near a computer when you n
  • I suggest you consider encrypting part of the drive, TrueCrypt [truecrypt.org] is a great little app and will run from the USB Thumb Drive as a way to store any info you wish to be secure.

    You might also want to consider EssentialPIM [essentialpim.com] or Getting Things Done tools like GTDTiddlyWiki or Next Action [trimpath.com] (requires firefox)

    Check out portablefreeware [portablefreeware.com] for more apps and Slashdot [slashdot.org]

    Microsoft usb flash manager [microsoft.com] is a way to backup you flash drive and keep the info safe, you might also want to consider a second flash drive

    (PS: Getting
    • A tidied up version

      I suggest you consider encrypting part of the drive, TrueCrypt [truecrypt.org] is a great little app and will run from the USB Thumb Drive as a way to store any info you wish to be secure.

      You might also want to consider EssentialPIM [essentialpim.com] or Getting Things Done tools like GTDTiddlyWiki [snapgrid.com] or Next Action [trimpath.com] (requires firefox)

      Check out portablefreeware [portablefreeware.com] for more apps and Slashdot [slashdot.org]

      Microsoft usb flash manager [microsoft.com] is a way to backup you flash drive and keep the info safe, you might also want to consider a second flash

  • If you're running OS X on a Mac, you're already covered. All of your logins and passwords can be stored in OS X's "Keychain", which allows easy access to all of your passwords by simply logging in to OS X. All of your passwords (that you allow) will be automatically remembered and will populate any appropriate fields. In addition, individual logins and passwords can be accessed by typing your login info (for your OS X account), and it will reveal your login info for that particular item.

    For more info o

  • KeePass [sourceforge.net] is what you are looking for I have been using it for years now and it fucking cool.

    It stores all you Username/Password DataBase using so called "most secure encryption algorithms currently known (AES and Twofish)" [sourceforge.net] while SHA-256 is used as password hash.

    YOu can Group your list with details on each password:
    Title,Username,URL,Password (with AutoGen & Quality Rating), Notes, Expire Date and File Attachment. [sourceforge.net]

    It fully open-source (OSI certified) runs under Windows and PocketPC with

  • How about a Firefox extension...Password Maker http://passwordmaker.org/ [passwordmaker.org]. I think this would work just fine!

  • My strategy: MD5 (Score:4, Interesting)

    by stewartj ( 525869 ) on Saturday July 09, 2005 @09:05AM (#13020099) Homepage

    I used to use a USB key with a list of sites, usernames and passwords on it. All protected using a secure zip drive. It became a pain in the ass to get the passwords out, so I gave up. It also concerned me as a single point of vulnerability (if someone stole it and cracked it they have access to my life).

    So now instead I use this algorithm:

    $password = MD5($sitename . $single_password)

    So I don't have any passwords written down, just the single global password in my head along with the algorithm. There's an MD5 calculator on every UNIX system, and there's javascript ones available on the web too.

    The benefits of this system:

    • I don't have to remember any passwords except my one global one
    • I don't have a list of passwords written down anywhere or on a USB key, so i'm not vulnerable
    • It's quick and easy to generate a new password for a new site
    • If someone gets a hold of one of my passwords they can't use it to guess passwords on other sites.
    • My passwords are 32 character random-looking strings, so they're virtually uncrackable.

    Some websites don't support 32 character passwords, for those I just use the first 10 or 20 characters of the MD5 hash.

    • What do you do when you are forced to change a password?

      What if the system you are forced to change a password on won't allow you to use a previously-used password?

  • The password manager I recommend is RoboForm [roboform.com]. It isn't free, but It has every feature I've ever wanted.
    * Secure encryption
    * Random Password Generator
    * Storage of automatic logins
    * Storage of "SafeNotes"
    * Ability to fill forms with one button (CC entry, etc.)
    * Storage of bookmarks (import from IE/Firefox)
    * Storage of contacts (import from Outlook or file)
    * Portable version that runs from a thumbdrive.
    * Palm add-on

    Quite nice.
    • Just one quick clarification.
      SafeNotes can either be password protected or cleartext. I use them to store secure pieces of information such as my driver's license and license plate numbers and other important information such as registration keys for my Palm software and such.
  • Since I work at a company that has a decent IT department, I have single signon at work. And, I only use websites that use microsoft passport.

    So, I only have two passwords to remember, ever.

  • Let's also not forget that you should regularly check and recheck the passwords of YOUR USERS , and enforce strong password strings (length, alphanumeric, punctuation at a minimum).

    Very recently, someone I know who is a very well-known talking head in the Open Source community had his box rooted, because a colleague of his had an account on his server with a default password, and never logged in.

    One of those recent ssh brute-force login bots came scanning along and got in using this account. They log

  • A very different idea, and im not saying its a great one that will work in all situations, is using mobile phone, e.g my college login was numberic, so i stored it as a phone number entry. The same can be done with passwords using the name, or saving text messages, perfect for on the move for those who dont have PDAs like me.
  • I have been playing around with KeYpass that has a CTRL-Right Click option to login. This is a very nifty feature, I wonder why you don't see it in other programs, like the open source ones. Does it have something to do with the development platform?
  • ActivCard is one such company. They have a full product suite that handles smart card issuance, storing passwords on the card, scripting to automate the password entry process, and even VPN access. You don't even have to type in the password to each application, the software does that for you.

    While there are plenty of home-grown and one-off solutions, it would probably be worth your time to look into the various SSO (Single Sign On) software providers and find a security product that works for you.

  • well, for system passwords, I just memorize them.
    For websites, though, I mostly use this:
    Click here if you've forgotten your password *click!*

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close