Passwords, logins and security
Lately I have noticed that I am utterly overwhelmed with usernames and passwords. I have several different logins and passwords at work — one to sign on to the corporate network, another to log into the Web-based helpdesk, another for a monitoring tool that we use, yet another for our contact-management system and so on. I easily have ten different username/password combinations just for work.
Then there’s the plethora of e-mail username/password combinations for my personal e-mail, my free Webmail accounts, my logins for my home computers, logins for various online services such as my online banking, student loan management, online bill paying interfaces for Qwest and other companies, other username/passwords for online shopping… various (annoying) required username/password combinations for things like the New York Times online, Washington Post, Salon.com, Slashdot, kuro5hin.org, Freshmeat, etc.
Bottom line: I’m drowning in passwords and usernames. I have about five different usernames I use with freebie services that I’ve picked because they’re easy to remember, and about ten different passwords that I rotate between those freebie services that would be no big deal if they were cracked.
Then I have to come up with unique passwords for things like online banking, billpaying and shopping — it would be a big problem for someone to be able to log into my online banking at will if they figured out my password.
My question is how one should keep track of these things securely. Assuming that one does not have a memory like a steel trap, how are you supposed to keep track of some fifty or more username/password combinations and the services they match up with? It’s definitely a security hazard to write them down or store them in some unencrypted form on your home computer. How can you keep a record of these things securely?
kevin wrote:
If you are a KDE user, you might look at the kde wallet (new in 3.2 I think).
It can store web form data, passwords, etc.
Also, firefox can store some items like that.
Posted on 12-May-04 at 4:53 pm | Permalink
jzb wrote:
Yeah, I’m aware of those things… doesn’t help much when you switch computers regularly, and it doesn’t do much for passwords for remote computer logins, db logins and so forth — I use Firefox/Mozilla’s password features pretty heavily, but there are a number of sites/pages where they don’t work.
Posted on 12-May-04 at 5:08 pm | Permalink
citizen428 wrote:
Sending yourself a GPG-encrypted mail with all the stuff inside, so you only have to remeber the mantra. Works best with mutt on a remote server, so you can access it from everywhere.
Posted on 14-May-04 at 5:35 pm | Permalink
Martin wrote:
I have been using strip - http://www.zetetic.net/solutions/strip/ - a free password manager for palm OS to manage all my passwords - allows me to use unique passwords for everything. I wish it has a desktop app to sync with but still very handy. One word of warning - i have heard there is a flaw in the password generator so don’t let it pick your passwords for you.
Posted on 05-Jun-04 at 1:30 pm | Permalink
Brian wrote:
Encrypt a file with the passwords, mail it to yourself. If you move around to diffrn’t systems, try emailing to a service that allows you to get it from webmail.
Or leave it on your secure desktop at home and SSH to it. This might be more trouble than it’s worth …
Not foolproof, and I wouldn’t (myself) leave it on a web-based anything. YMMV.
Posted on 25-Jun-04 at 7:11 pm | Permalink
matthew wrote:
Keep reusing 3 passwords over and over
Posted on 18-Aug-04 at 6:03 pm | Permalink
matt wrote:
i store them encrypted in a file and view/edit with vim. so as to not ever have the file unencrypted on disk i start vim like so:
vim -b -n -c ‘%!gpg 2>/dev/null’ -c ‘map :wq :%!gpg -e -r me 2>/dev/null:w:q ‘ $HOME/secretfile
and then :wq writes out the buffer encrypted
Posted on 24-Nov-04 at 12:29 am | Permalink