Super UserHow do you keep track of all your passwords?
[+124] [75] Sam Saffron
[2009-07-15 08:15:46]
[ software-rec passwords password-management ]

How do you keep track of all your passwords?

Personally I host a personal copy of clipperz [1], I used keepass [2] and passpack [3] in the past.

What password manager would you recommend, what features does it have that make it awesome?

Now at 70+ "answers" it's a pretty good bet that your favourite program is already mentioned. Upvote that if that's the case.
If you can't yet upvote, come back when you've gained enough reputation instead of posting a duplicate answer.

(3) This is a good question. I have over 70 passwords I need to remember for work alone. Including emails, web sites, internal web apps, databases, security cameras, local apps, network shares, wireless AP keys... it's endless. - T Pops
(19) Post-its, of course! - DrJokepu
(6) For the people that say "I use my memory": I just checked my 1Password database and I have over 100 logins in there for websites. If I stored them in my head then I'd most likely be using the same password repeatedly, and that would be BAD -- see Jeff Atwood's recent-ish post about using the same passwords on different sites being a source of cross-site attacks. - Stewart Johnson
Self hosted Clipperz sounds intriguing. RSolberg how do you like it as a solution? - AlexD
@Stewart Johnson actually it's not too hard to memorize large numbers of passwords yet have them all different. The technique i use involve a "base" and a keyword for each site, account etc. Pretty much what I do is I have a keyword for each site/account, ex "superuser" (i know it uses openid, just an example) and then use an algorithm to mash it with my base password. So let's say the base is 123456 and the keyword is superuser, the password would end up being 12super34user45 (not actual algorithm). Using this, I've never had to open keepass. I have about 80 passwords memorized like this. - wizjany
[+204] [2009-07-15 08:18:34] jtimberman

I use KeePass [1]. Features I like:

  • Strong encryption
  • Cross platform - I use it on Windows, Linux and Mac OSX daily
  • Password quality meter
  • Excellent random password generator, with customizable "character type" selection.
  • Open Source Software. This is very important for an encryption program!
  • Extensible with Plugins [2].
  • Export/import between databases.

The big win for me was the cross-platform capability and the ability to export and import databases.

There's also an iPhone app [3] in the works (independent project, yay open source software!).

Those who want to store in the cloud can look into dropbox [4].

There's not a lot of Firefox plugins, but LastPass [5] will import from KeePass into Firefox.


(6) The only issue I have with keepass is that its a bit painful to keep it in sync between multiple computer (as it does not live in the cloud) also you don't have your passwords everywhere. When I used keepass I paired it with windows live sync (foldershare) and it was fairly successful. - Sam Saffron
(39) @Sam Saffron - Use Dropbox to keep your KeePass paswords available on all your computers! - Stevo3000
(1) @Sam Saffron, I solve that by storing my password database on a network-shared drive. My OSX and Linux systems sync it automatically to a USB Flash drive when plugged in. - jtimberman
(3) For me, the most important feature of KeePass is Global Auto-Type - Marek Grzenkowicz
(2) +1 for Keypass. Like Stevo, I also use dropbox to host the data file online. - Simon P Stevens
I also use KeePass on DropBox. Before that, I used KeePass on a USB keychain flash drive. - Christian Davén
There's also an Android version called KeePassDroid: - Jonas
I use Live Mesh to keep my Keepass file in sync between all my computers. Folder Share (aka Windows Live Sync) also works great. - silent__thought
(1) I solved the problem by using keepass on my pen drive. It works very well even on ubuntu with wine. - Decio Lira
(3) I use KeePass on my pendrive as well, using KeePassX on OSX and Linux to access it. I still don't trust the cloud with my passwords. - jamuraa
(1) I would only recommend storing the password database in shared folders if the database is protected by a key file along with a strong password. The key file should be stored on each computer outside of the "synced" folders. This provides an extra layer of protection for your password database. - Page Brooks
(1) +1 for keypass. I check mine in to github when I make a change, then just remember to pull it down when I use a different computer - Matt Rogish
iKeePass will get keepass on your iPhone. And since you can use dropbox on the iPhone, you should be able to keep it all synced up. - Kells
The only downside of KeePass is that there are three versions of it, none of which work completely fine on Linux. (KeePass 1 works nice on Wine though - but KeePass 2 looks ugly on Mono, and the cross-platform KeePassX still lacks some features, and crashes now and then. (Hm, I probably should update mine.)) - grawity
I use KeePassX on Linux and have for a couple years without issue. I don't need a whizbang fancy gui for my passwords. Prior to KeePass, I used a PGP encrypted text file. The UI is much nicer on KeePass than that :) - jtimberman
Does a firefox plugin for KeePass? - Kjensen
I use KeePass on Windows, KeepassX on Ubuntu and Mac OS X, even on my Nokia E51. It's only missing a version for the iPod Touch. I stick to version 2 since the latest version .kdbx file cannot be read by KeepassX - nagul
arg, my damn work blockes Drop Box, any other way of storing this "in the cloud"? - Petey B
+1 for KeePass, I use it all the time - Ram
(1) -1 for lack of easy online syncing. Sure you can use online file sharing, home servers, or network shares, but it still is a pain for keeping it synced. And if you forget your flash drive, no online interface. I used it for 2 years before switching to LastPass. - TheLQ
I use - thegeek
[+55] [2009-07-15 08:16:22] VonC

LastPass [1] is a very nice solution.

It is an online password manager and form filler that makes web browsing easier and more secure.
That way, I always have all my passwords at hand.

Its security has been discussed at length [2]: it seems pretty solid on that front.


(4) I just started using LastPass and found it a great replacement for RoboForm. It was able to import my RoboForm data easily. RoboForm is great but doesn't work well when you want to share passwords with others or use it across multiple computers. - Herb Caudill
(2) +1 For LastPass, I love it - Sam Mackrill
(1) I also recently switched from Roboform to Lastpass. Awesome! - Kjensen
(1) +1. Lastpass rocks da house. - Epaga
(2) Doesn't an online password manager imply having unencrypted content in the browser cache? How does lastpass deal with this security aspect? - geek
(1) Big +1. I moved to Lastpass from Keepass due to its cloud storage over local storage (IE Keepass). - TheLQ
lastpass is the best solution i've ever tried... paid for the yearly just to support them it's so good. only minus is it doesn't support opera, but opera pretty much blows anyway :P - Robert S Ciaccio
(1) Best feature is that is is cross-platform, at least Mac, Windows, Linux, Android and iOS, that I know of. Works on all my gadgets. - Jamie Cox
[+49] [2009-07-15 08:28:20] Leonardo

Joel has a good post on password management [1]. You should check it out. Basically it's a combination of Password Safe [2] and DropBox [3].


(4) I use Password Safe and Live Mesh - - but it's essentially the same solution. It works really well. The trick is to select the "Save Database Immediately after Edit or Add" option so Drop Box or Live Mesh can keep your Databases in sync easily. - Dave Webb
I use Joel's recommendation .. works great! - tomjedrz
+1 Works for me. - Terry Lorber
I use Joel's technique on my Windows and Mac, and to share server passwords with a coworker. It's working great, although Password Gorilla on the Mac could use some polish. - Matt Miller
(4) One thing to be aware of if you do this... PasswordSafe doesn't currently notice if, while it is open, the file changes on disk. So if you make a change on one computer and DropBox syncs it to another computer where the file is open, and then you make another change on that computer and save it, the second computer overwrites the first change. This is easily overcome by getting in the habit of exiting PasswordSafe when you're not using it. - Joel Spolsky
I've picked up Joel's technique, but I've switched to KeePass. It fixes the problem with having to exit it by synchronizing the database if the file is open. Just need to make sure you hit save after you make changes and you can leave it open on multiple computers. - Chris Bartow
[+32] [2009-07-15 08:27:05] Simone Carletti

They all come with a free (limited) version and a full commercial version. I suggest you to try the full version for the trial period and check if they fit your need.

I have at least one full license of each. They are really worth the money you pay and the license is quite cheap.

I heard good words about KeePass [4] as well, but I never used it.


I have roboform on my travel drive and take it everywhere, very helpful. - Paige Watson
I have RoboForm for my work desktop, and a USB Portable version for home and travel. - Lance Roberts
+1 1Password on the Mac and iPhone. Good stuff. - robsoft
+1 Also for 1Password on the Mac and iPhone. It's changed my life. - Nate
1Password now has a Windows beta version - Shevek
[+26] [2009-07-15 08:26:06] Mark

My password manager is my memory. I have a set of maybe half a dozen passwords I use for accounts on various websites. However, I won't use my online banking password on any other website.

(4) Ditto. Well, my memory and Firefox's password manager. I also use OpenID wherever I can. - DisgruntledGoat
(1) password managers are useful for more than that though. I use 1Password to also store things like license keys, and it supports secure notes and other stuff. It's also useful for storing what login name I have for some sites when the one I normally use isn't available. - Herms
I hate it when a site forces me to use only 6 characters for my pass and it must have a capital letter and 3 chickens hatching from an egg and a dirty umbrella - Joe Philllips
I use really complicated passwords, and store a mnemonic. That keeps you from forgetting what password you used for what site (especially when you retire a password but forget to update some site you don't go to often), and still has the benefit that the password only exists in your head. - Satanicpuppy
[+20] [2009-07-15 10:01:31] Lakshman Prasad

I remember them. Wherever possible, I use OpenID.

If I forget, I use the "Forgot Password" option.

I can't believe I'm upvoting this :P - antony.trupe
antony: The question is what do U do; and this is what i do :P - Lakshman Prasad
+1 - All my passwords are derivations of my standards. 3 low-sec 6-char passwords and two high-sec 13- and 16-character passwords with high ASCII. - tsilb
It's what I do as well. As I get more passwords I end up using the "Forgot Password" link or just calling the sysadmin more and more frequently... Not ideal, but everything else seems even worse. - Brian Knoblauch
[+16] [2010-04-20 02:38:13] darenw

I follow a memorized formula. Since inventing this, I have never needed to use the "forgot your password?" links, and rarely write down a password.

My password for any site/machine/whatever is



(who) = who am i? 'd' for me (Daren) or 'r' for 'Root'. For a web CMS that I manage, I may have an account as a regular nonpriveleged user, for which (who) would be 'u' for User.

(1+) = is the letter alphabetically following the first letter in the name of the site, company, machine or whatever. Always capital.

(2) = is the second letter of the name.

(3-) = is the letter alphabetically preceding the third letter in the name.

8xy!R2 is a fixed part. Many sites require a punctuation mark, digits, and a mix of capital and lowercase. I just memorize this.

(what) is 'm' for money-related sites like banks, 'f' for forums, 'b' for email (mailBox) accounts, etc.

Example: To log in the usual way at the Intergalactic Bozo Research Council (IBRC) user forum, the password is


Password strength indicators are routinely impressed with the passwords created by this formula.

Once every year or so, I change the fixed part, and maybe switch from using (1+)(2)(3-) to (2)(3-)(4-), or put the (what) in front instead of the end. It's a lot of fun to go to every website I have an account with and change the password, for certain definitions of "fun".

A few oddball sites require peculiar passwords. Some from way back don't have a "change password" feature. Some don't allow punctuation marks, or make demands on the length. When I must write down a password, I obfuscate it: The first character is bogus, the first 'N' that appears isn't really there, every digit is one more than what is should be, and so on.

Of course, everything I say here is a lie. I'm not telling anyone the real rules. Make up your own!

(3) This is my best for over a year now! I don't use a fixed part, but the domain name, with fixed rules that insert punctuation and numerals at certain points within the name - Everyone should discover this kind of enlightenment! - Wesley Werner
(1) Wow, that is great fun! Thanks for share it. - Jogusa
[+14] [2009-07-15 15:39:23] Nathan Long

Password Safe / Password Gorilla

I use Password Safe [1] in Windows and Password Gorilla [2] in Mac OSX and Ubuntu Linux. I like this solution because:

  • All logins are stored in an encrypted file with a master password
  • I can organize them in whatever categories I create - Shopping, Forums, whatever.
  • I can copy and paste passwords without actually displaying them on screen, in case someone is watching
  • I can store URLs and other notes in the file
  • The file format is the same for Password Safe and Password Gorilla. I keep it on my Windows hard drive partition, which Ubuntu can access, so bingo! - my passwords are available under both operating systems.
  • The file is encrypted and safe - I can email it to myself or back it up as necessary
  • I could use multiple files if I wanted; i.e. passwords for work and personal ones, and share the master password for the work file with my boss

Note: I did get this suggestion from Joel Spolsky [3], although I'm not using the DropBox part.


Similar for me, but I use mypasswordsafe as a GUI app and pwsafe as a command line app - both on Ubuntu. - Hamish Downer
+1 for this combo. I use Password Safe on Windows, and Password Gorilla on my Mac. - Chris W. Rea
[+9] [2009-07-15 09:32:18] Ehtyar

KeePassX [1] is a cross-platform clone of KeePass. Nothing beats having your passwords everywhere you go.



Except passwords.txt :) KeePass v1 also runs nicely on Wine, and KeePass v2 - on Mono (though it looks ugly as hell). - grawity
[+9] [2009-07-15 08:46:24] Daan

On my macbook, I use Apple's default Keychain application mostly. Other than that, my memory memory usually serves me just fine :)

"Other than that, my memory memory usually serves me just fine :)" - yes, that will help everyone around... - ra170
[+8] [2009-07-15 08:43:01] Hafthor

Doesn't keep track, but supergenpass [1] algorithmically generates passwords based on the site domain you need a password for and a single master password.


(1) I saw one of those in the past, it used a hash on the site name and master password, they usually are quite high risk, since you can brute force the master password out of the hash. - Sam Saffron
I don't think SuperGenPass can be brute forced unless you store your master password in the bookmarklet (not recommended). I love SGP - been using it since it first came out. - BrianH
I think the point is that you can do an offline brute force attack against it. If I run and I see a password of kl23Hf93jA, I might perform a offline dictionary attack using and masterpassword=dictionaryword to see if I get kl23Hf93jA as an output. I could check all my user's passwords at the same time too, to see if I can discover any user's supergenpass master password. It is a potential weakness. SGP concats the site+mpwd and hashes at least 10 times, making a brute force attack a little more computationally expensive and resistant to rainbow table attacks. - Hafthor
I still believe that SGP is great for low to medium value site passwords. For high value sites, SGP might still be fine with a different longer complex master password that is used sparingly. - Hafthor
(3) The real answer is for sites to use OpenID. - Hafthor
[+8] [2009-07-15 17:54:21] wes

The Forgot your password? link.

I have a bad memory.

[+7] [2009-07-15 18:45:27] Nathan Long


If you're mainly looking to store web passwords, Firefox [1] does fine by itself.

  • Click Tools, then Options, then the Security tab
  • Check "Remember passwords for sites"
  • Check "Use a master password"

Now Firefox will remember and fill in site passwords for you, but only when you provide your master password.


(1) And so you'll want to backup that precious password data. There are utilities out there, but at least backup the signons3.txt file on a regular basis. (And if you have set the master password, key3.db as well.) - Chris Noe
[+6] [2009-07-15 16:53:54] Michael Pryor

Original question here [1].

Password Storage Tools


+1 for PasswordMaker - Jared Updike
[+5] [2009-07-16 16:50:05] Jason Diller

I use PasswordMaker [1] It's not really a management system but rather a generator based on a hash of a master password and a domain name or some other identifying value. I like it because it's deterministic and doesn't rely on a store of passwords that could be lost, corrupted, or inaccessible. I have the browser plugin for FF and the php version running on a secure server so I can pretty much generate a password at any time and from any computer.


(1) Password Maker is great. It means I only need to remember one password, and don't need to worry about some crappy site saving my password in plain text. - Wilka
Yeah, I love PasswordMaker. The only hitch is with badly written websites that only allow alphanumeric passwords (I'm looking at you, Ticketmaster). - therefromhere
[+5] [2009-07-15 09:04:59] Denis Hennessy

I use 1Password for the mac. It has two really nice features:

  • Good random password generator
  • Plugins for all browsers to fill in login screens

Combined, these make it a breeze to ensure I've different, strong, passwords for every service.

The iPhone version integrates well with the wifi sync. - Jason Weathered
[+5] [2009-07-15 08:31:48] cobbal

I use command-line OpenSSL, e.g.

openssl bf -a > somepass
openssl bf -d -a < somepass

No fancy features, but I'm fairly confident that it's secure and it has the bonus of being cross-platform and simple.

[+5] [2009-07-15 16:10:21] Factor Mystic


(1) Now, if somebody breaks into your home and boots up your computer, what is the FIRST thing that person will look for? It has credit card information, bank passwords, etc. Why not name it diet.txt or Letter To Mom? - Daniel
(2) Oh good, I'm glad I'm not the only one who does that. :) - Bobby
[+4] [2009-07-15 16:18:06] community_owned

A USB stick, TrueCrypt and an Excel spreadsheet ... simple and safe.

EDIT: For machines without Excel, I use OpenOffice & PortableApps [1].


Even better, TrueCrypt and plain text files named after the domains/programs they contain passwords for. Easier to access on any system where TrueCrypt works (commandline Linux for example). - TomA
@TomA Ah, good point! - community_owned
[+4] [2009-07-15 12:55:50] esabine

I'd love to proudly say "I use OpenID everywhere" but it's not really up to me, is it? What I don't do is log in with Facebook, Twitter, Gmail, etc. I treat OpenID as my separate identity management. Those are apps that don't need to be involved with my identity.

For web apps I like to use a password generator. Here's one [1] that creates a SHA-1 hash based on your master password and the domain name. There's even a link [2] to access it from the iPhone. His older version uses MD5. Great thing is it's all javascript.

As mentioned by another poster SuperGenPass [3] is a similar "password generator" tool. I believe SGP creates a MD5 hash which would not be preferable to SHA-1.

What this has done for me is greatly reduce the unique passwords I need to know, e.g.

  • email
  • work pwd
  • banking pwd
  • openID
  • DNA
  • master password for generator
  • secret offshore gold bullion storage facility pass code

[+4] [2009-07-15 09:01:37] Sam152

I use a system whereby I make a pattern with the last letter of the domain name I'm entering my password into. This allows all my passwords to be unique and essentially the same thing repeated. For example on I would start from the letter "r" and then go 3 letters left two down, ect.

[+4] [2009-08-13 17:25:54] Paul Nathan

The amazing power of The Mind.

[+4] [2009-07-17 14:05:01] Adam Matan

Don't crucify me for this, but I keep all my passwords in a file stored in a remote Linux computer.


  • Access is easy - I have a shortcut which sshs the remote machine. All I have to do is enter my password, and cat pass | grep site (e.g. for gmail, cat pass | grep gmail).
  • The passwords are never kept in a local file
  • Adding a password is easy - adding a line to the file


  • Internet connection is needed for password retrieval
  • Works for Linux fans only
  • Remote, trusted server needed

[+4] [2009-07-16 13:44:01] extropy

KWallet on KDE.

Windows - scattered between various build-in password managers in Firefox, Thunderbird and other apps.

I like this too, it would however be nice to be able to easier share it among several computers. - Zitrax
[+3] [2009-07-17 12:29:48] Ronnie Overby

I wrote my own web app to store my passwords.

To protect myself, I...

  1. Host the site from my home computer.
  2. SSL only connections.
  3. All data is encrypted in the database.
  4. Master password is generated by several random, dynamic factors that change hourly, plus a salt.
  5. Only I know the factors that build the password and how it's done.
  6. Master password generation code is obfuscated.

It works really well for me.

I was thinking about the same way, while I didn't found Keepass. - Pawka
[+3] [2009-07-15 18:54:21] Javier Badia

I remember them. To avoid using the same one everywhere, I mix certain parts of the name of the place where I use the password with a small and secure password that I remember very well. For example:

I want to remember the password for Super User. Suppose that my "mini-password" is "Irock123". I could take the first and last letters of the name of the site and put them before the password, resulting in the password "srIrock123" for Super User. Personally, I use a much more secure password (this was just an example), but I think this is a good way to remember passwords. A password is supposed to be something that will tell the computer that it's indeed me who wants access somewhere. Storing them in the computer, even if they're encrypted, kind of defeats the purpose.

Of course, this is an opinion. Maybe password managers are excellent tools and very secure. But I think that nothing's more secure than my head.

Nicely put - specially the computer/defeats the purpose part. - ldigas
But sometimes I still tend to use password manager for sites, for which I don't feel are important enough for to be password protected in the first place. Lots of those occuring the last few months. - ldigas
[+3] [2009-07-15 10:25:39] Nick Pierpoint

I use Revelation on Fedora. For Linux it works very well - integrated with the bottom bar so you can search for a password without starting up the application.

[+3] [2009-07-15 10:47:20] John Smithers

I try to remember them. As backup I use a piece of paper for the passwords and a safe for that piece of paper.

[+2] [2009-07-15 12:26:11] peiklk

Memory. For bill paying accounts, I leave myself little clues in my tracking spreadsheet. I never allow passwords for anything financial to be stored or memorized by anything -- including third party tools.

[+2] [2009-08-22 22:16:33] Elzo Valugi

Use an algorithm based on the website you are trying to access. You will only have to remember the algorithm.

Simple example

// algoritm:
sitename.lenght + last3digits + birth day + sitename.firstChar.upperCase => 5hoo15Y => 7ailH

Of course I recommend something more complex. I think this is simple and pretty complex to break as the hacker will need several passwords ( a lot of them ) to find the algorithm. This approach cannot be hacked by dictionary attacks. You can apply it to a multitude of websites

And is pretty simple to remember.

[+1] [2009-08-27 16:59:33] M1CH43L P4VL

Lifehacker just put this up today and I immediately thought of this post and laughed. I had to add this after reading the post-it comment, lol!

[+1] [2009-08-28 19:08:33] Jeremy Cantrell

I use a GPG encrypted text file with Vim. It encrypt/decrypts on the fly.

[+1] [2009-07-19 11:44:38] Andreas Bonini

I just write them in OneNote [1]. It wasn't really made for this but I find it very convenient.


Me too. I PW protect that one sheet. - Jody
[+1] [2009-07-20 03:08:16] Bratch

In the past I used a text file in an encrypted folder. Now I use SplashID, which I can access from my desktop or my WM phone. I'm surprised that no one else already posted this, or maybe I missed it. Secure Password Manager - SplashID for iPhone, Palm, BlackBerry, Windows Mobile, Android, Symbian, Windows and Mac OS [1]


[+1] [2009-07-15 09:58:38] Christian Davén

I used Strip [1] on my PalmOS PDA for several years, but nowadays I use KeePass. It seems Strip is available for the iPhone as well.


[+1] [2009-07-15 10:04:47] hyperslug

Post-it notes. Under my keyboard.

(2) At a remote office I was getting my badge made and noticed the security officer had a Post-it of the password directly on the monitor. - esabine
(1) When I was a network admin I enjoyed collecting those post-it notes from desks. Best part is they normally had a word that described one of the photos on the desk. - Matthew Whited
You are kidding - Ahmad
(2) I use a (physical) note book rather than post-it notes, but the same here. I'm more worried about people over the internet stealing passwords than someone I know doing the same. - Andrew Grimm
I always leave off the last few characters from each password that I write down so finding the notepad doesn't give you the password, just most of the password. You don't usually have to worry about people in person brute forcing the last few characters. - Dan
[+1] [2009-07-15 14:14:14] Roalt

You mention it in your question, but I did not see it as answer here, so here it is:

clipperz [1]


  • Both hosted and you can install your own copy on your server
  • Free, but donations are welcome!
  • You can import and export your passwords and confidential information to different formats.
  • javascript-based encryption, so client-side, which makes it that the server only stores encrypted informantion.

[+1] [2009-07-15 09:19:57] Artur Carvalho

My passwords are: something + base + something. I memorize the base. The something I put in a list for each site. For example: base: "aabc" something for gmail: "gg"

So the password for the gmail account is "ggaabcgg"

[+1] [2009-07-15 08:52:48] Nelson Reis

I use myVidoop [1] for all my Internet passwords. It supports OpenID and integrates nicely with Firefox.

It has a innovative image-based login, that adds some security - something that you want when storing all of your passwords. You can read more here [2].


[+1] [2009-07-15 08:55:45] community_owned

I use sxipper [1] (and here [2]). It integrates perfectly into firefox, provides OpenID support. The owner, Dick Hardt, has a long standing in identity management, see here [3]. Watch the video [4] too, its kind of fun.


[+1] [2009-07-15 08:34:02] amorfis

Gringotts [1] on Linux.


[+1] [2009-07-15 08:29:29] Pieter Breed

I bought a copy of Jungle Disk [1] which I installed on all my machines. I run KeePass on Windows machines and the Linux clients on Ubuntu. Since Jungle Disk is cross-platform too, all the databases are kept in sync.


[0] [2009-07-15 08:47:57] Stefan Thyberg

This is not very tech savvy, but for most places on the Internet I have several tiers of passwords that I have already memorized and use a different tier depending on how important that service is for me.

Anything that involves money is tier 1 password, for example.

For work there are a lot of constraints on passwords so I let pwgen in Linux make one for me, write it on a post-it, put it in my wallet, on the same note with all the previous passwords, it's safe enough.

[0] [2009-07-15 14:37:19] Alistair Knock

I just use atwood for everything.

(1) Not anymore you don't. :D - RCIX
[0] [2009-07-15 15:25:30] Simon Gillbee

I like Passpack [1] because it keeps my stuff in the cloud, but gives me the option of having a desktop client which synchronizes with the same cloud-based repository.


[0] [2009-07-15 12:58:52] Keng

KeePass! With the auto-lock feature enabled.

[0] [2009-07-15 16:06:02] Brad Gilbert

Password Maker [1]


[0] [2009-07-15 11:02:41] dyve

I use Evernote as my external brain. The great thing is that it syncs to web, iPhone and other computers as well.

For passwords, I always make sure to encrypt the data, and tag the item as a password. This saves me from yet another program (Password manager).

Of course, you should resort to OpenID if the site supports it (like the StackOverflow family).

[0] [2009-07-15 11:34:05] Lasse V. Karlsen

I use eWallet [1] on my desktop and iPhone, with the sync feature to keep them both up-to-date.


[0] [2009-07-23 15:57:50] Dennis

For website password, I use the Firefox internal one.

For Mac, I use 1Password.

For Windows, I use KeePass.

[0] [2009-08-07 20:42:15] Matthew Winder

I use GenPass [1] (not switched to the newer SupergenPass). I like the simplicity of it - especially that you don't need to install any software, just a bookmarklet. It even works on my iPhone.


[0] [2009-07-17 13:34:39] community_owned

I use password corral [1]. It works extremely well, and is portable. Unfortunately it's not cross-platform, but at the moment, that's not a huge requirement for me.


[0] [2009-07-17 12:10:05] cadrian
  • Custom Bash script (based on OpenSSL + xclip [1])
  • Password file encrypted and safely uploaded in the cloud with a USB-key backup.

[0] [2009-07-15 18:05:34] Jarett

I use PasswordMaker [1]. It basically lets you create a password that's a hash of your master password, a username, and parts of the URL. There's a Firefox plugin, a mobile version, and a few others too.


[0] [2009-07-15 22:22:23] Lennart Regebro

I have a system, with different passwords for different level of needed security. I also modify the passwords according to a system for different places, so even if one place is cracked they can't use it to access other places (they need to crack at least two sites of similar security level to figure out the system). I change the passwords and systems periodically.

[0] [2009-07-16 06:08:41] weiyin

I use a system that combines a random string with something involving the name of the site. That way, I just remember the system and still get a unique password per site.

For example (I don't actually use this), one system could be take "abcd", the number of letters in the site name, and the 5th, 3rd, and 1st letter of the site. So a password for superuser would be "abcd9rps"

[0] [2009-07-16 11:10:17] Ahmad

I use Roboform and synchronize it to roboform online..It is very easy and convince.

[0] [2009-07-16 11:24:35] Stefano Borini

I developed an algorithm (using a hash function) to create an visually random-like but reproducible string of letters symbols and numbers. I store them in the browser, but if I happen to forget, applying the algorithm to the known data allows me to reobtain the password.

[0] [2009-08-28 19:14:26] Matt Cofer

I quite simply use a Google Docs' spreadsheet to hold that type of reference information. I remember the passwords most of the time, but if memory fails I know that I can access my Google Doc's password list anytime, anywhere.. cell phone, computer, it doesn't matter. Let Google handle the security and backing up of this type of information. Why re-invent the wheel? Using Google means you'd just have to remember the one Google password.

Also in this doc I can store, IPs, secondary logins, etc. with ease..

[0] [2009-08-28 19:58:55] Domchi

I use Ouiblette [1] - simple, free and encrypts password file so you don't need to worry where you're keeping it (you can combine it with Dropbox or Jungledisk to have it accessible from multiple computers). Although it's discontinued, works well with all Windows versions including Windows 7. I can't exactly figure out why, but I like its interface much more than that of other popular solutions like KeePass.


[0] [2009-08-28 20:10:44] community_owned

I use an Excel spreadsheet, containing all my accounts with usernames and passwords. The file itself is password protected - but I'm fairly sure if someone found it, they'd easily be able to crack it.

[0] [2009-10-20 03:14:06] community_owned

Have you checked out Passwordstate [1] from Click Studios? Has plenty of features, can be used at home or at work, and starts at $0 for 10 user accounts.


[0] [2009-10-20 05:08:54] Carlos Muñoz

If you are concerned about security the easiest way is to write down into physical paper and store it on a safe location. Security software can fail, software can be hacked, but with a physical media (aka paper) you will prevent from getting your passwords stolen at least on th e internet.

Before you star laughing about my lo-tech solution consider this:

An average person has a lot of identities from many different web sites and the average person choose either very poor passwords, wich are a high risk from a security point of view or uses the same password for many sites, which is worst even when the password is very secure, since if one of the website gets compromised, every site also gets compromised.

So a very good solution, although not exactly the best convinent, is to always choose a very complicated (best if randomly generated), secure password for evey site, and a different one for every site also. Then how can you remember all of these???

Well I can't so they all have to be stored into some media. But if you choose some software to do it you are returning to the same problem here: Relying on only one password for all the sites wich it's very insecure. If it is some stand alone application it's at least a little bit more secure but it is no portable. If it is some web service you are exposing all of your passwords!!!

So the only good solution I can think of it is to... Store all these passwords in a piece of paper that nobody knows about. And to store it on a safe location that also nobody knows.

Now the problem goes to somewhere else... What if somebody ohysically follows you to physically steal your passwords??? But I guess this is far more improbable than somebody getting your your passwords by simply running a key logger.

[0] [2009-11-11 15:40:59] Shail

This was my Personal Secret since 5 years but WTF

A secure and a memorable password is supposed to be simple for you to remember, and hard for others to guess.

Everywhere you have to use your password to login or register at a site. Whether it’s the dozens of web sites that crave you log in to use them, or your ATM card PIN, how do you decide on a new password? More importantly, how do you remember that?

Don’t use the same password for every site.

The problem with using the same password for everything you do is that if it’s compromised and someone finds it, the rest of your identity is at risk. for example if your email account has a security breach or you may have been tricked into lossing your password , potentially thieves will not only compromise your email account but also your Online bank account or Paypal acc or maybe your Facebook account because you are using the same password for all of them.

Use 1 Rule Set for all your Passwords

You do not need to remember all your passwords if you have 1 rule set for generating them. One Trick to get unique and easy-to-remember passwords is to choose a base pass word and then apply a rule that includes the name of the service in it. For example, let’s say your base password is “PARY.” Then your password for Gmail would be “PARYGAMIL”, and your password for Paypal would be .PARYPYPL

You can use many other great combinations along this same rule (say, your initials and a favorite number) plus the first three letters of your service. so my password for Yahoo would be SK14YAHO. Including Special Chars will be better.

Choosing your Rule Set (Base Password)

You can use anything in it , maybe your favourite song like take Beyonce’s “All the single ladies” so my rule set can be ATSL and you can add the services name , your fav number , maybe a special charachter too. so it can be like ATSL56YAHO&.

Before you decide your Password rule set, keep in mind that every service has different password requirements in terms of length and charachters allowed, you should go for a 8 letter password which has both upper and lower class alphabets & numbers or maybe a special charachter “!@#$%^&*()”.

You can generate 100’s of unique passes. ENJOY and Share

[0] [2009-12-27 20:59:13] Kevin Y

I keep my passwords all in my head. I have about 10 different passwords; I use certain passwords for small, unimportant accounts and certain passwords for other accounts.

[0] [2010-03-19 16:03:44] Beaner

I use Any Password [1]. I expect the other programs do this also, but I like that I can keep my personal and professional passwords in separate files and I can synchronize the files between my home and work computers. Free for personal use version, and Pro version for $24.95.


[0] [2009-08-22 22:22:06] mezgani

I use KeePass [1], and OpenID.
Last time I stock passwords in a GPG [2] encrypted file.


[0] [2009-07-19 04:43:43] Tim Lara

I like Password Depot [1] (Windows only, commercial), mainly because:

  • The user interface features a "top bar" option where you can configure a floating toolbar to shrink down to a one pixel line at the top of the screen which will pop up on top of the current window whenever you mouse over it. Very convenient.
  • It supports keeping track of a list of one-time use passwords (aka TANs - Transaction Authentication Numbers) if you need to use them for banking or secure remote access, etc.
  • Can be installed on / synchronized to a USB stick.
  • Can use a hosted internet password server, or also works fine using cloud based file storage services such as Jungle Disk [2].

[0] [2009-07-19 10:17:06] Carson Myers

I know it's bad, but I only have a couple of passwords. A short numerical one for random sites that require logins, a much longer numerical one for more important sites that I use often, and a really long one with letters (capital, lowercase), digits, and symbols for things like banking.

[0] [2009-08-14 02:32:34] retracile

"OI Safe" on Android Dev Phone 1.

Works for me.

[0] [2009-08-19 02:13:22] community_owned

I have a large number of different passwords on different sites. There are some I re-use regularly on sites that I consider low-risk; unfortunately, sometimes I leet them differently at various times. Important sites, such as banking, email have unique passwords. I also allow my browser to remember my password on sites I consider safe, or for which the consequence of a password attack would be minimal.

I don't trust keeping important passwords on my computer, no matter how well encrypted, since reading an article at Microsoft that 128-bit PK encryption can be broken in a few hours by a powerful computer.

I keep my passwords in a spiral book -- that seems the only safe place to me, so long as access to the book is protected. In an office, I would keep the book in a locked file-cabinet, &/or off-site. When I am travelling away from home, book goes with me, in a separate piece of luggage from my laptop.

I am convinced that the best security is physical security.

I agree on physical security stand, but wouldn't it be easier for someone to break into your office than to employ a supercomputer to break that 128-bit encr.? (the 5$ wrench dilemma?) - Rook
[0] [2009-08-21 20:58:12] Tom

I use three different methods:

  1. a low level easy to remember password for stuff I don't care about like sweepstakes signups.
  2. My BlackBerry for not-often needed passwords. I don't have a data plan, so you have to have the BlackBerry itself, plus a master password to get in.
  3. my memory for the passwords I use frequently.

[0] [2009-08-21 23:17:49] community_owned

I use TiddlyFolio. It's an html file with Javascript inlined for handling micro-content, with encryption to obscure the text. I had to spend some time figuring out how to use the encryption part, because the instructions that come with it are pretty lame and also I wanted to be sure that it actually works.

I like it for the following reasons:

  • no third party software to install (since it's just an html file)
  • small - at half a meg it fits easily on a USB stick which I like to carry with me, and this also makes it easy to back up
  • encrypted - passwords are safe, although I need to remember a master password in order to unlock it

  • 73
    [-1] [2009-08-28 19:15:10] Peteris Krumins

    Sorry to repeat, but as I don't have enough karma to upvote or add a comment, I wish to say that KeePass is my way of keeping track of passwords.

    [-1] [2009-07-15 14:12:43] Chris Ballance

    I just use the same password everywhere ;-)