Ask Slashdot: How Do You Manage Your Passwords?

Albus Dumb Door writes "As an IT professional, I've got a problem common to many of you: dealing with a lot of passwords. Memorizing them all becomes harder with age and and an increasing number of passwords. I will forget them eventually. I am obviously unable to use something online, like Last Pass and 1Password. Using a single password for all the systems is also obviously out of the question. I know that there are a few apps for cell phones for managing passwords (like Phone Genie and mSecure), but a cell phone, unless it's kept in offline mode (and even then), is still a security risk and I'm pretty sure my employers wouldn't like me having their passwords on my cell phone. I've also taken a look at things like the YubiKey, but changing the authentication scheme of most of the systems is not an option. The only interesting option I've seen so far is the Pitbull Wallet, but they just started taking pre-orders on IndieGoGo and are not expected to deliver until August. Amazon has some hardware password managers as well, like the RecZone and Logio, but either the price or their reviews scared me away. So how do you guys prefer to manage your passwords and what do you recommend?"

Write them down.

[khasim]

For work, write them down on physical paper and keep them in your physical wallet.

You'll notice if your wallet goes missing.

For home, write them down on physical paper and keep that somewhere safe.

LastPass

[ZerXes]

Why is LastPass not an option? The password database is always synced to your laptop/cellphone so there is no problem accessing your passwords when you are offline. The security is the most robust I have found when it comes to password management, especially when you use 2-factor auth.

Re:Write them down.

[Anrego]

For an extra layer of security, come up with some really basic cypher that you can do in your head. It doesn't have to withstand rigorous cryptanalysis, just has to hold up long enough for you to notice your wallet is missing and change all your passwords.

Even something silly like taking the third character and sticking it on the end is probably enough.

Re:"Obviously" not Last Pass or 1Password

[andrews]

I don't see the "obviously" either. I use 1Password and it's not web based, the secure password database file sits in Dropbox and is synced to all my computers and my iPhone. Works great.

Re:Keepass

[jakeguffey]

Came here to say this.

I've used KeePass (or, in my case, KeePassX since I'm on *NIX) for about 6 years and it's been great. Encrypted local storage that I can sync between devices if I want, with an Android app (KeePassDroid) available makes life easy. It's also the only approved password storage method where I work.

Re:Passport belt

[vux984]

A failing memory means that you are not suitable for the job and should find something else, like working in a retirement home.

Yeah, how many passwords like: R;3m|/|iv%{^B$
do you have memorized? I have several passwords on that scale of arbitrary, that I did not pick, that I cannot change, that are changed on someone else's schedule, cannot be re-used, and that I tend to need to actually enter maybe once a quarter, if that.

Re:Write them down.

[khasim]

Sounds good.

And you might also want to keep a few additional passwords on that piece of paper. For those circumstances where you're suddenly required to have a new one (X characters, Y capitals, Z numerals) for a new application or whatever. Always nice to have one ready instead of trying to think one up on the spot.

Re:Write them down.

[khasim]

If your passwords are in your wallet, and your wallet is missing, how do you change your passwords?

If they're in your wallet then they're work passwords. So you contact the other admin and have her change your passwords.

And, you still need to have a list of all the accounts which have passwords somewhere, so you know what needs to be changed.

And for work this should be documented already. Along with reset procedures and contact numbers.

For home, having them stolen is less of a risk. But you can always keep a copy (encrypted or not) with someone else in your family or a trusted friend or a safety deposit box. You're probably more at risk of them being destroyed in a fire or something. So treat them the same as any other important document.

Re:"Obviously" not Last Pass or 1Password

[Anonymous Coward]

If the file is encrypted before it goes on dropbox, then its as secure as your encryption. And if you don't trust any encryption, then why are you trusting any website with any data that would require you to put up a password to protect?

Re:Passport belt

[mythosaz]

Systems that generate passwords like that - that you can't change - pretty much demand users write them down on a post-it note under their keyboard :(

Re:Passport belt

[Anonymous Coward]

i think he was also saying "i am a fucking dick".

haha, captcha: "elderly"