I have very little knowledge of passwords and how to keep them protected. My "keep myself safe" strategy simply has different passwords for different websites - I try to keep special characters in.<p>It seems to me that with all these websites losing their data and seemingly(to the untrained eye) being completely incompetent I need a better system to manage my passwords.<p>Can anyone suggest a good system to protect my passwords? For example - If the best way is to save and use complex 20-30 digit long random passwords, then how do you save those passwords?Surely you're not memorizing passwords for all your services, so you're using some sort of password manager so any ideas on which password manager is good?
Or perhaps is it good to have a "passwords file", use some random password generator (or perhaps generate MD5 hash of some text and use that as a password) and then keep all of them under some protected file on your system?
Or is Mac OS X's Keychain Access any good for storing passwords?<p>I am asking this question here because there are people in this community who are known to be knowledgable about the security of systems, and that makes them more eligible than I to answer these questions. I have done a little reading on the subject and find discovering a good way to protect myself very difficult. I hope I can get some help in this community.<p>Thanks in advance.<p>(As always, any articles/information that educate me on this topic will be helpful)
I've started using 1password and as I sign in to services I use changing my passwords to one it generates. One big problem is I don't actually remember most of what I've signed up to over the years, but at least I can secure what I <i>do</i> actively use / remember so an old, compromised password won't get access to very much.<p><a href="http://agilebits.com/products/1Password" rel="nofollow">http://agilebits.com/products/1Password</a>
The biggest problem with online passwords is not how many characters you have or anything like that. It is password redundancy. If you use one password (or small variants on that password) for every site you use, then if one account is compromised, then all of your accounts are compromised. You want to have as many different passwords as possible.
Personally I use an online password manager. (Passpack)<p>This allows you to randomly generate strong unique passwords for each website, and have them accessible from anywhere.<p>You are obviously putting trust in the service, but you have to weigh up what is more of a risk; the service going AWOL and stealing your passwords, or someone breaking into your accounts due to bad/repeated passwords.<p>LastPass is another major online password manager.<p>KeePass is a great offline solution. There's also 1Password.
I suggest Keepass to generate and store your passwords with the password database shared via Dropbox.<p>It's multiplatform and works pretty much everywhere. After the initial setup even my non-geeky GF can use it.
there is always a trade-off between an online repository and an offline one. take into account the possibility that they can be compromised and also note how you can recover passwords if you lost the password repository (if there is a password recovery system).