Quick Links

Earlier this week we asked you to share your techniques for managing and organizing your passwords. Now we're back to highlight the tools, tricks, and tips you use to wrangle your passwords and internet security.

Photo by Linus Bohman.

The response to our Ask the Readers on Wednesday was prolific; you guys logged hundreds of responses. The responses covered your favorite software, tricks you used to generate passwords without software, and more. Let's start off by looking at the popular apps you used to manage your key rings.

LastPass, KeePass, and Passes of All Sizes

2011-04-29_110338

The majority of you are using a password manager of some sort to manage and organize your passwords. Using an application is a great way to keep track of your passwords as it essentially removes your brain from the entire equation and allows you to assign randomly generated passwords to every single login you use. Rare is the human who could remember 200 logins that were all as random as "&xv$v1oGkuXjs*OBfS79". The following applications are ordered by the number of times they appeared in your comments.

LastPass: LastPass is a web-based solution that readers, as a whole, absolutely love. It makes good password management incredibly easy. Quite a few of you commented on how you had resisted trying LastPass until you finally gave it a whirl and loved it (this mirrors my own experience of holding out on LastPass only to find out that it was completely awesome when I finally started using it). Gouthaman highlights one of the best things about LastPass:

All my passwords are offered automatically by LastPass when creating an account and they pop-up whenever I need to login. This means that I use a different password for every single web service and yeah, I don't even remember my Twitter/Facebook/Google password, but my LastPass does!

Kaylin notes that switching to LastPass has overhauled her approach to password security:

LastPass Premium remembers passwords for me. Before that, I had one or two major passwords that I used for most sites. Then I came to realize that method is risky. My LastPass score was only 13 when I started using it, and now I have a much better score because I have changed my habits, thanks to LastPass.

For the curious, Kaylin is referring to the LastPass Security Challenge. LastPass users can take the challenge---which does a local and secure analysis of your passwords---to see how good your password practices are. It scans your password vault and check to see if you're using varied passwords, multifactor authentication, and the number of passwords you have stored and then assigns a score based off that.

LastPass offers a free service and a premium service that costs $12 per year. You can compare the free and premium services here.

2011-04-29_120115

KeePass: Many of you just weren't comfortable with the idea of syncing your password keyring to the cloud, no matter how well encrypted and tested the mechanism might be. That ruled LastPass out, but made you a prime candidate for KeePass---an open-source password manager with a huge following. KeePass offers nearly all the same basic features that you'll get with LastPass---random password generation, category-based organization---with just a little more hassle syncing things to your browser. You guys overcame the limitations of KeePass with a variety of hacks and fixes. Dave was one of the many readers who used Dropbox to sync their KeePass database between machines:

KeePass, on Dropbox for access by my several machines. On crucial sites (banking, credit cards, &c.) I use 20+ character gobbledygook passwords generated by KeePass. On many forum-type sites I use the same old user name and password, since the worst that could happen is that someone could post something in my non-recognizable name.

Doc uses KeePass and offers a stern word about using only a handful of simple passwords:

KeePass Portable on my D: drive, with another copy (program & database) on my USB drive...password protected, of course.

To those that use "1 or 2 or 12 passwords for everything"...just wait until an account is hacked and somebody you thought you could trust is rummaging through your bank account and emails. If you're that lax in keeping your password secure, you're probably using your birthday, your middle name, etc. to generate all these passwords...and they're easily cracked. Use uppercase and lowercase letters, numbers, and some punctuation to generate real random passwords and store them securely! Better yet, change a few of them each week just to be safer. (Just ask Sony how much pain a hacked account can cause!)

Roboform: Although not as popular as LastPass and KeePass---likely due to a very underpowered free option and a fairly high-priced commercial option---RoboForm still had a strong following. It's available as both a web-based and a desktop-based solution. Robbie offers a solid overview of the service here:

Roboform (now known as Roboform Anywhere).

Has the advantage of automatically (and securely) synchronizing your passwords across all your instances (unlimited).

Has a very nice configurable password generator feature for times when you want maximum security or when you don't feel like thinking of a new password.

Also lets you attach notes to each login, allowing you to save things like answers to those annoying security questions that you'll never remember the exact answer several years from now.

If you are using someone else's computer or don't want to install Roboform on a particular machine, you can look up your username & password on online.roboform.com.

Roboform comes in three versions Free, Desktop ($30), and Everywhere ($20 per year, $10 for first year). You can compare the versions here.

Using Your Brain and Analog Solutions

2011-04-29_115151

As handy as application-based solutions are, some people prefer to stick with memory-based solutions or analog-based solutions instead. Quite a few readers shared their tricks for using mental algorithms. Jim offered the most detailed explanation:

[I use] 3 stages:

1) a set of words -- sentence, phrase, addresses etc that you can remember -- needs to make a string that is at least 50 characters long

2) an algorithm that allows you to get a set of characters from that set of words -- such as every 'n' characters

3) write down the start point in that string, and the value of 'n' that you will use and the number of characters...

And -- for those 'passwords' that require numeric values the location within the string of the numeric that will be generated from the alpha code in the string -- either a=1..i=9, j=10 etc.

And for those that require a non-numeric character there is the characters associated with the number on the keyboard that you get from using the number generator from the string

So -- that's 3 numbers, and optionally -- another 1 or 2 numbers. You get to write down a 5 digit code that lets you re-create the passcode, but never write down the source string so no-one else can calculate it.

For the number and special character -- you decide if the clue number is going to be from the string start, from the startpoint (first number) , or from the end point 1st+2nd*3rd etc.

Once you have the algorithm pick a character to be the Capital letter, the number and the special character. Consistency makes it easy to remember the character selection algorithm/calculation/formula and after a while you won't even have problems remembering the source string.

Source -- string -- what names etc. do you pass on the way to work -- streets, shops, business names! Avoid bringing the relations [such as a spouses name] into it.

While his technique is thorough, it's certainly a bit more work than just letting a password manager randomly generate and recall the password for you.

2011-04-29_115854

As a halfway between remembering them all and storing them digitally, several of you settled on a paper-based system. Driftwood writes:

As my spouse is not computer literate (read that geek) we keep our passwords in a binder near the computer. It's not elegant nor geeky, but it works well for us, and if I'm not available someone else that needs in can get there.

Richard takes the passwords-as-recipes approach:

Since 1981, I've used index cards and index card file box. Low tech and always handy.

Edron goes the old school route:

I have a composition notebook with all my passwords and save it in a 2 ton safe where my birth certificate and gold are stored.

Now some of you may be shaking your head at the idea of storing passwords on paper. Realistically speaking, however, the chances of somebody breaking into your house and stealing your passwords are next to zero. Even if your home is burglarized they'll be there for the stuff they can sell easily like electronics and jewelry---and not for the long-con stuff like stealing your identity and trying to harvest money from your bank accounts. You can read more about our take on it in this previous article What's Wrong with Writing Down Your Password.


For more information on how your fellow readers store their passwords, make sure to hit up the lengthy comments thread on the original article here. Have a tip or trick to share? Sound off in the comments here.