How do you keep track of passwords?

[David1961]

How do you all keep track of the different usernames and passwords on the numerous web sites you are registered on? "Experts" say to never write a password down, but there is no way I can keep track of all this in my head. And when you register on a site, do you try to use the same username and password that you use on other sites to make it simpler?

For some sites, I'm not that concerned if someone gets into my account, but financial accounts are a different story.

A funny story, but when I worked, the computer security experts wanted us never to write our passwords down. One time, I was in his office and he tried to log onto a site and could not remember his password. He got a piece of paper out from his briefcase, looked at it, logged on and said "You didn't see this"

[frayne]

I keep a hard copy of all my passwords, probably have over thirty. Plus I don't like to keep them anywhere on my computer.

[Katsmeow]

I use Roboform a password manager. I have some variation of a password that I use (it is customized for each site) that I use for non-critical sites. For financial passwords and my email passwords I use a unique password for each one. I do have a hard copy (not on the computer of a few critical passwords).

[easysurfer]

My passwords are randomly generated and stored in a good password manager.

[target2019]

I use an old rolodex-type program - PalmPilot. The file is stored in an encrypted volume.
A secure password manager is much better, though. Something like lastpass works fine.

[zinger1457]

LastPass is a good tool for managing your online passwords. It will auto generate and save very complex passwords for you so you don't have the problem of trying to remember them which usually results in people using the same and/or simple to guess passwords.

[Midpack]

Our sensitive passwords (about 8) are hard copy and backed up to a flash drive. All my other passwords (another 30) are on a spreadsheet on my PC. I used to go to some length to protect them all until I realized the consequences of losing most of them weren't worth the effort. What's the downside if someone gets my ER.org password really? There are several ways to deal with it.

[sengsational]

Quote:

Originally Posted by zinger1457 LastPass is a good tool for managing your online passwords. It will auto generate and save very complex passwords for you so you don't have the problem of trying to remember them which usually results in people using the same and/or simple to guess passwords.

I also use LastPass. I like that it is not an advertising business model; you get the web version for free and pay 10 bucks a year if you want to use it on mobile devices. The encryption is all done locally in JavaScript, so what is saved on the LastPass servers is an encrypted blob that is pretty close to impossible for anyone to decrypt, including LastPass. I honestly only have memorized one password... Actually a pass phrase because longer is better...and that's my LastPass pass phrase. If you run with the browser plug-in, you authenticate with LastPass one time, and it populates user name and password when it "sees" a login page. It also recognize s when you do a password change and chunks the new password into it's memory. You can download the blob so that you can have access to your passwords offline. It is not open source, but some smart folks have looked at the JavaScript code and also sniffed the traffic without finding anything suspect, so I trust it to keep my stuff safe.

[TrvlBug]

Quote:

Originally Posted by Midpack Our sensitive passwords (about 8) are hard copy and backed up to a flash drive. All my other passwords (another 30) are on a spreadsheet on my PC. I used to go to some length to protect them all until I realized the consequences of losing most of them weren't worth the effort. What's the downside if someone gets my ER.org password really? There are several ways to deal with it.

+1

[RonBoyd]

Don't I remember this conversation taking place only a couple of months ago?

[pb4uski]

I have one or two passwords that I use for non-critical sites (sites where if my password was compromised the implications are not very dire). For financial sites, I have a particular scheme but the password for each site ends up being different.

[Sunset]

I use keepass, its like lastpass but not on the web.
So I don't worry that a web server will be hacked (it must be a big target).
The encrypted file is stored locally on my machine and I can copy it to a flash drive or other machine (laptop) to travel.
I only need to remember 1 password to open it and then have access to 100's of different usernames and passwords for the sites I visit.
I also own some domains, so I have unlimited email accounts for the sites that need you to use email for the username.
I forward all these disposable emails to a real email account so I can get reminders/spam

[bUU]

Quote:

Originally Posted by sengsational I also use LastPass. I like that it is not an advertising business model; you get the web version for free and pay 10 bucks a year if you want to use it on mobile devices. The encryption is all done locally in JavaScript, so what is saved on the LastPass servers is an encrypted blob that is pretty close to impossible for anyone to decrypt, including LastPass. I honestly only have memorized one password... Actually a pass phrase because longer is better...and that's my LastPass pass phrase. If you run with the browser plug-in, you authenticate with LastPass one time, and it populates user name and password when it "sees" a login page. It also recognize s when you do a password change and chunks the new password into it's memory. You can download the blob so that you can have access to your passwords offline. It is not open source, but some smart folks have looked at the JavaScript code and also sniffed the traffic without finding anything suspect, so I trust it to keep my stuff safe.

LastPass is our solution as well. I especially like the new enhancements that make it more useful on Android devices: https://blog.lastpass.com/2014/03/lo...just-got.html/

[Fishingmn]

I use KeePass for all of my financial sites and an Excel spreadsheet for the 200+ usernames/passwords for sites that won't impact me financially.

[braumeister]

I've been using 1Password for nearly eight years, and I still like it very much.

[VaCollector]

Most of my passwords for my general sites are from of the same 8 to 12 character password and so I can usually guess but just in case, I keep a list that is coded for quick reference...my family was in the furniture business and we use to "code" our cost on items that we were intent on moving out the door....so you can use any 10 letter word or phrase where the letters do not repeat (money talks was one of them that I thought most appropriate at the time).

I also use old phone numbers as I learned them as a child ~ back when they included the 1st 2 numbers as a letter designation....heck, I have one account where my PW is my ex-in-laws telephone number from almost 40 years ago...why not? They are long gone and it's burned into my memory so why not use it for something??

[photoguy]

Are people worried that last pass will be subject to the same issues as lavabit?

Sent from my Nexus 5 using Early Retirement Forum mobile app

[imoldernu]

Just counted my website links... 134...
Pretty easy to store all those passwords in memory, but maybe I should write them down, just in case.

[timo2]

I use Norton Identity Safe. It's in the cloud, so I can also access it from places other than home.

[zinger1457]

Quote:

Originally Posted by photoguy Are people worried that last pass will be subject to the same issues as lavabit?

Not sure how the lavabit email encryption worked but with lastpass your encryption key is unique to you and stored locally on your computer, any data stored on the lastpass server is first encrypted locally on your computer then sent to the server. Lastpass does not have the ability to unencrypt your data that's on their server which means if you forget your lastpass password you're screwed. Is there some secret key that the NSA has to get around it? Who knows, I figure if the NSA is coming after me they can/will get anything they want, I use it for typical hacker protection.