?

Log in

No account? Create an account

Previous Entry | Next Entry

Password Management

Me: I'm David and I have bad password management.
Intarweb: Hi David!

So yeah, I have absolutely terrible password management. I have a few passwords I use everywhere, all strong passwords, and then a list of like another 30 in Excel that I don't use very often. Was encrypting this spreadsheet, but got tired of that so now put it in the trust of the security of one of my machines physical security. So all around, lame.

I need an app that works on Windows and Mac that contains an encrypted database of my passwords and integrates into web browsers. I want it to do form autofilling for usernames and passwords as well. Should be easy to sync between multiple computers, ideally automatically. Basically, no bullshit password management that just works. Also must have a good password, random and memorable, generator built in. Recommendations?

Comments

( 14 comments — Leave a comment )
mart
Dec. 7th, 2005 07:12 am (UTC)

For a little while I tried a slightly different approach. Rather than having a plethora of passwords, have a single strong password. Also have a program which takes that password along with a domain name, site name or other such identifier and computes some kind of hash of the combination and use that as the password. That way you don't ever have to store your password anywhere and you're good as long as it never gets compromised. There are some bad points, though:

  • you need that program everywhere you might want to enter a password. This didn't work too well for me since I was routinely using university computers at the time.
  • sometimes you really can't run a program at a point where you need to enter a password. A system login screen is an example of this.
  • If your single password gets compromised somehow then (assuming someone can figure out what hashing algorithm you used) you've opened up all of your accounts.
  • You still need to remember what token you used along with the password to create the hash. Not all things can be handled by using a domain name.
  • Some places make you change your password periodically. This means you need to have a new token each time and remember what the last token you used was, at which point you might as well be using a password.

It might work for you, though.

daveman692
Dec. 7th, 2005 07:19 am (UTC)
Yeah, I've heard about that method before, but I don't think it would be workable for every site unless it was a hashing algorithm I could do in my head. My guess is I'll end up with a few common passwords, but then passwords I don't memorize for sites I use less often. Even then it would still suck. :-\
janinedog
Dec. 7th, 2005 07:22 am (UTC)
I don't know about most of that, but if you're into Firefox extensions, there's a very good one that will generate random (and secure) passwords for you: https://addons.mozilla.org/extensions/moreinfo.php?application=firefox&id=135

It gives you a lot of options, as well.
daveman692
Dec. 7th, 2005 07:26 am (UTC)
Doesn't look like it stores them though. :-\
janinedog
Dec. 7th, 2005 07:35 am (UTC)
Yeah, it doesn't. I have heard of this one, which may do some of what you want, but I've never used it so I'm not sure how good it is.

Also, Google brings up http://passwordmaker.org/ , which I think I've heard of as well. It's worth looking into, anyway.
daveman692
Dec. 7th, 2005 08:17 am (UTC)
Both of those look interesting, but not fully complete. :-\

FireFox plugin isn't portable and the author seems lame for saying using MD5 hashing poses no security issues.

Second seems pretty dope except for not having browser integration into the form fields.

Also would be nice to have something that deals with non web apps as well.
scsi
Dec. 7th, 2005 07:24 am (UTC)
Entrust me with your passworrd list.. :)
daveman692
Dec. 7th, 2005 07:26 am (UTC)
Ooh, and you could be my personal concierege!
scsi
Dec. 7th, 2005 07:26 am (UTC)
Firefox has a password manager built in. I believe it twofish encrypts the main password database.
daveman692
Dec. 7th, 2005 07:34 am (UTC)
:P
Not portable and only for websites.

$frank -= 2;
rynfitz
Dec. 7th, 2005 03:08 pm (UTC)
I use this but no mac:
http://www.passkeeper.com/
(Deleted comment)
markpasc
Dec. 7th, 2005 05:55 pm (UTC)
I'm all about the Password Safe, but it doesn't autofill anything, doesn't have a memorable password generator, and the Mac version is Java. :/
( 14 comments — Leave a comment )