Earlier this week we asked you to share your techniques for managing and organizing your passwords. Now we’re back to highlight the tools, tricks, and tips you use to wrangle your passwords and internet security.
Photo by Linus Bohman.
The response to our Ask the Readers on Wednesday was prolific; you guys logged hundreds of responses. The responses covered your favorite software, tricks you used to generate passwords without software, and more. Let’s start off by looking at the popular apps you used to manage your key rings.
LastPass, KeePass, and Passes of All Sizes
The majority of you are using a password manager of some sort to manage and organize your passwords. Using an application is a great way to keep track of your passwords as it essentially removes your brain from the entire equation and allows you to assign randomly generated passwords to every single login you use. Rare is the human who could remember 200 logins that were all as random as “&xv$v1oGkuXjs*OBfS79”. The following applications are ordered by the number of times they appeared in your comments.
LastPass: LastPass is a web-based solution that readers, as a whole, absolutely love. It makes good password management incredibly easy. Quite a few of you commented on how you had resisted trying LastPass until you finally gave it a whirl and loved it (this mirrors my own experience of holding out on LastPass only to find out that it was completely awesome when I finally started using it). Gouthaman highlights one of the best things about LastPass:
Kaylin notes that switching to LastPass has overhauled her approach to password security:
For the curious, Kaylin is referring to the LastPass Security Challenge. LastPass users can take the challenge—which does a local and secure analysis of your passwords—to see how good your password practices are. It scans your password vault and check to see if you’re using varied passwords, multifactor authentication, and the number of passwords you have stored and then assigns a score based off that.
LastPass offers a free service and a premium service that costs $12 per year. You can compare the free and premium services here.
KeePass: Many of you just weren’t comfortable with the idea of syncing your password keyring to the cloud, no matter how well encrypted and tested the mechanism might be. That ruled LastPass out, but made you a prime candidate for KeePass—an open-source password manager with a huge following. KeePass offers nearly all the same basic features that you’ll get with LastPass—random password generation, category-based organization—with just a little more hassle syncing things to your browser. You guys overcame the limitations of KeePass with a variety of hacks and fixes. Dave was one of the many readers who used Dropbox to sync their KeePass database between machines:
Doc uses KeePass and offers a stern word about using only a handful of simple passwords:
Roboform: Although not as popular as LastPass and KeePass—likely due to a very underpowered free option and a fairly high-priced commercial option—RoboForm still had a strong following. It’s available as both a web-based and a desktop-based solution. Robbie offers a solid overview of the service here:
To those that use “1 or 2 or 12 passwords for everything”…just wait until an account is hacked and somebody you thought you could trust is rummaging through your bank account and emails. If you’re that lax in keeping your password secure, you’re probably using your birthday, your middle name, etc. to generate all these passwords…and they’re easily cracked. Use uppercase and lowercase letters, numbers, and some punctuation to generate real random passwords and store them securely! Better yet, change a few of them each week just to be safer. (Just ask Sony how much pain a hacked account can cause!)
Roboform comes in three versions Free, Desktop ($30), and Everywhere ($20 per year, $10 for first year). You can compare the versions here.
Has the advantage of automatically (and securely) synchronizing your passwords across all your instances (unlimited).
Has a very nice configurable password generator feature for times when you want maximum security or when you don’t feel like thinking of a new password.
Also lets you attach notes to each login, allowing you to save things like answers to those annoying security questions that you’ll never remember the exact answer several years from now.
If you are using someone else’s computer or don’t want to install Roboform on a particular machine, you can look up your username & password on online.roboform.com.
Using Your Brain and Analog Solutions
As handy as application-based solutions are, some people prefer to stick with memory-based solutions or analog-based solutions instead. Quite a few readers shared their tricks for using mental algorithms. Jim offered the most detailed explanation:
While his technique is thorough, it’s certainly a bit more work than just letting a password manager randomly generate and recall the password for you.
And – for those ‘passwords’ that require numeric values the location within the string of the numeric that will be generated from the alpha code in the string – either a=1..i=9, j=10 etc.
And for those that require a non-numeric character there is the characters associated with the number on the keyboard that you get from using the number generator from the string
So – that’s 3 numbers, and optionally – another 1 or 2 numbers. You get to write down a 5 digit code that lets you re-create the passcode, but never write down the source string so no-one else can calculate it. For the number and special character – you decide if the clue number is going to be from the string start, from the startpoint (first number) , or from the end point 1st+2nd*3rd etc.
Once you have the algorithm pick a character to be the Capital letter, the number and the special character. Consistency makes it easy to remember the character selection algorithm/calculation/formula and after a while you won’t even have problems remembering the source string.
Source – string – what names etc. do you pass on the way to work – streets, shops, business names! Avoid bringing the relations [such as a spouses name] into it.
As a halfway between remembering them all and storing them digitally, several of you settled on a paper-based system. Driftwood writes:
Richard takes the passwords-as-recipes approach:
Edron goes the old school route:
Now some of you may be shaking your head at the idea of storing passwords on paper. Realistically speaking, however, the chances of somebody breaking into your house and stealing your passwords are next to zero. Even if your home is burglarized they’ll be there for the stuff they can sell easily like electronics and jewelry—and not for the long-con stuff like stealing your identity and trying to harvest money from your bank accounts. You can read more about our take on it in this previous article What’s Wrong with Writing Down Your Password.
For more information on how your fellow readers store their passwords, make sure to hit up the lengthy comments thread on the original article here. Have a tip or trick to share? Sound off in the comments here.