Memory Tools for Password Management? 125
New Media Blogger asks: "A co-worker of mine recently got burned hard because they used the same password for all of their online accounts. This experience led me to compile a list of easy-to-use password management memory tools (all free, of course), which make it infinitely easier for me to keep track of my dozens of passwords. I am sure many of the Slashdot crowd have memory tools of their own — what are you favourite password memorization tools?"
I just use KeePass (Score:3, Informative)
passwordSafe (Score:5, Informative)
But the better answer is:
Get a program like passwordSafe. It's GPL and it works great it even can generate the random passwords for you with whatever rules the given site or system allows. Just copy the database file to a backup every so often and all is well.
or hashapass (Score:1, Informative)
I used to use a password-storage tool, but these days for trivial website passwords, I use hashapass [hashapass.com], which does a one-way hash (surprise!) of a seed password with a salt like the website domain name.
That way, if I'm on a different computer or can't pull up my password storage for some reason, I can still generate my password for a website. But intercepting that individual password won't help anyone figure out any of my other passwords.
It's still weak in that the master password, not only unlocks but also determines the rest. Still, for stuff like non-financial website logins, it's a godsend.
Password Safe (Score:3, Informative)
Re:Hiding (Score:5, Informative)
http://passwordmaker.org/ [passwordmaker.org]
http://angel.net/~nic/passwdlet.html [angel.net]
http://www.xs4all.nl/~jlpoutre/BoT/Javascript/Pas
Re:Password Safe (Score:5, Informative)
I've recently discovered password safe [sourceforge.net].
If you use *nix, then MyPasswordSafe is your friend. It uses the same file format as password safe.
If you use Mac OS X, then Password Gorilla is your friend. It too uses the same file format, though it is a tad slow on open and save operations.
MyPasswordSafe is Qt-based (but it is better than the GTK-based equivalent password management program out there, and I generally prefer GTK-based apps over Qt-based apps). It should theoretically run on Mac OS X and Windows. I don't know about its status on Windows, but I know it doesn't work on Mac OS X. I have managed to get it to compile, but it segfaults. Once the semester is over, I intend to delve into it a little.
Password Gorilla also runs on practically everything. However, it is a Tcl/Tk application and looks ugly on every platform except for Mac OS X (thank you Apple for making some of these GUI toolkits not so ugly).
The neat thing about having all these programs out there is that they are compatible and make it a cinch to move your password database across machines and have it be usable everywhere.
Re:passwordSafe (Score:4, Informative)
Strip (Score:2, Informative)
Re:Hiding (Score:5, Informative)
I don't think you understand how it works. What you do is you enter the password (it can be the same for all sites), then enter the name of the site (which can be pulled from a bookmarklet). A bit of Javascript on the client then hashes that information using the MD5 algorithm, and spits the result back out as a secure password.
The beauty of this is that no one has your password except you. And if you forget the generated password, you can always regen it by entering the exact same information. However, since hashes can't be reversed, your master password will not be compromised even if a lame admin compromises your generated password on his site.
Re:I just use KeePass (Score:2, Informative)
Re:Passreminder (Score:2, Informative)
Re:Hiding (Score:4, Informative)
So get a downloadable version [passwordmaker.org] and back it up.
The online version is common because these passwords are for websites. So making a web-enabled version is a no-brainer. But the algo is so straightforward that it was pretty easy for the guys who made it to port it to different platforms.
Re:Hiding (Score:2, Informative)
Maybe if I memorized the table for a simple substitution cipher. Like ROT13, but less common.
The best system is one that you can keep in your head.