where do you store your passwords?

pohopo

So I have quite a few ids and passwords for various sites on the internet and I was wondering where people saved this information. On a paper? Text file? Or do you use something that safely stores the id/pw on your desktop, is free, and you would like to recommend to me? 🙂

phpshift

Well, a piece of paper can easily be lost. If you don't want to download anything, I think the best way to go would be to have a .txt file somewhere on your computer in a very remote directory with all that info in it. You might also want to back that up on floppy in case your computer crashes. Other than that, your head is the only safe place in case your computer is destroyed.

Weedpacket

http://www.phpbuilder.com/board/showthread.php?t=10268365 But if you have to write them down make it really complex (because you don't have to remember it), and physically bind it to something else you need to keep secure (car/house keys, e.g., which are basically passwords set in steel). Or do it by indirection (pick a book, and pick a passage from the book. You don't need to remember the passage letter-perfect, just be able to find it when you need it). Or if you're willing to use something as fluid as the net, come up with a distinctive passphrase containing some key word you can search on, and use it in a forum post (even better, use the word in the post, but not as part of the phrase). It can be expected to last as long as you need it to before you change it.

pohopo

I don't like using same passwords because if someone was to find what that pw was then they could get into a whole lot of sites. And I have seen this happen which is why almost every pw I have is unique and difficult. Since my brain is not able to handle 50+ unique ids and passwords I am looking at what secure options exist.

Weedpacket

I use different passwords as well. Generating them from context can help. Was that statement a reply to something?

If you want some app to do it, I've heard good stuff about Password Safe (though from a biased source). It's a Sourceforge project.

But several problems with that idea: (you need the app and its store with you when you need your password, if someone gets the password to the store they have all your passwords, etc.)

Jason_Batten

I write them on the back of my hand. Don't you?

dalecosp

No, the palm is more secure unless you're a cheerleader, a Pentecostal, or a traffic cop. 😃

This might be becoming an issue. Most of my family and associates think that my pw's are too complex and too numerous; but I know this isn't the case.

For example, the other day I was running Ethereal on my gateway box, and noticed that fetchmail is sending account pw's in the clear despite my telling it to use an SSL protocol. Something's borked in Danemark, and so for who knows how long I've been broadcasting this info over 18 hops ...

bradgrafelman wrote:
For some secure or confidential information/passwords/etc. regarding other companies/clients/etc., I have one .rar file filled with different .txt files containing that information. That .rar file itself is encrypted and password-protected, labeled with an ambiguous name, and hidden a few directories deep. It is only used in cases where I've forgotten something, otherwise I try to keep all of it in my head.

Sounds like a pretty good idea. What do you use for the encryption, if you don't mind my asking. Some time back I had a crypt/decrypt algo in PHP, but it wasn't mine and I forget where I hid it 😉

I would never recommend writing it on a piece of paper. Even if it's a small piece that you keep in your wallet, there's still the possibility of you whipping out a 20 and it accidentally falling on the ground unbeknownst to you.

Yup; makes me very uncomfortable. Even though it has to be done in some cases. Say I configure some LAN 50 miles away, and I don't want to have to drive there everytime they need to do something. The clients expect me to write down as much info about their network as I can, including credentials. A difficult issue, this ....

dream_scape

My own, either in my head or in my Keychain (OS X). Surely Windows has something similar to Keychain?

For clients, I would probably keep in a file somewhere, and all of my files are in FileVault, and daily backups are also encrypted (I use Dantz Retrospect Express to backup which has its own encryption option). Surely Windows has something similar to FileVault?

For secure data I need to take on the go, I have a Lexar JumpDrive Secure that has 256bit AES encryption. You can also make a PGP image or similar on a normal USB thumb drive, but the thing I like about the Lexar is that if you plug it into a machine that doesn't have the software to read an encrypted volume on it, it will install it right quick for you, and the software is cross platform.

😉

madwormer2

A guy that I worked with on work experience had so many 1, i, I, and l's that when written down they were pretty much indistinguishable.

Now THAT's the way to keep it secure.

It took a team of 3 guys 10 minutes to log in... not the most efficient workforce in England, but hey, they do only work for one of the biggest global telecommunications firms.

vaaaska

I have a few methods. First of all, I have a few canned passwords I use for things. Simple.

For clients I write them down on random pages in my notebooks so they don't look to conspicuous. Of course, when I need to retrieve one you'll find me digging through my massive collection of notebooks from over the years.

Today I emailed my password information to my website to a bunch of people. Ummm, I got mixed up and thought it was the dev server ftp thing. Luckily, they were quick to change my password once I told them how stupid I was.

dalecosp

Vaaska: You need to link your .sig to the correct thread, or you'll confuse m^Heveryone...

😃