KeePass ^[1]. There are both desktop and flash drive applications. There are both Windows, Linux, and OSX versions, but I believe the flash drive app is Windows only. I could be wrong on that, though.

Password Storage Tools

• KeePass ^[1] - Windows/Linux/OSX - flash drive version
• Clipperz ^[2] - Online (Source available for download ^[3])
• PasswordMaker ^[4] - Windows/Linux/OSX - built in to browser or desktop widget
• PasswordSafe ^[5]
• Keychain Access - built into OSX
• Steganos Locknote ^[6]
• Passpack ^[7] - online vault
• CryptoCard Explorer ^[8] - Windows/Windows Mobile
• Your brain - the only truly secure place to store passwords (unless you're gullible or easily tortured)

Password Safe ^[1] works for me. Recommended Written by Bruce Schneier ^[2]

Edit: Also recommended by Joel Spolsky ^[3]

Does my brain count?

1Password, but it's OSX-only.

I've used the online service Clipperz ^[1]. The advantage of Clipperz is that it is open source so you can download the code (PHP + MySQL) and host it yourself ^[2].

I use PasswordMaker ^[1], I heard of it from one of the StackOverflow podcasts a while back and I've been using it ever since. It means I only need to keep one password in my head, and it will generate all my other passwords using a hash of the one in my head with the domain of the site I'm logging on to.

I'm using roboforom ^[1] and loving it. It's possible to use this for team password storing by syncing the password directory.

Honestly, I just memorize all my passwords. But what I suggest for people less apt to memorize more than one password or people who are less tech savvy is to remember one single password that is strong(at least 8 characters, mixture of letters,numbers,symbols,caps), and then every time they go to a new site/application, choose a password, write it down, then use their memorized password concatenated with the new password. That way even though they have their passwords written down in plain text, maybe even on a post it stuck to their monitor, it is still useless to someone else looking at it.

index card in my wallet. Also endorsed by Bruce Schneier.

LastPass ^[1] is free and along the same lines as Passpack. Here are some points from their site:

• Create strong passwords, knowing you only have to remember one.
• Log into your favorite sites with a single click
• Fill forms in a second; stop pulling out your wallet to get your credit card number
• Access and manage your data from multiple computers seamlessly
• Securely share logins and notes with friends and let others share with you

OS X's default Keychain ("Keychain Access", and it's what most applications use to store their password)

Passpack ^[1], they're really secure (they use Host-Proof hosting, and they actually released a MIT/LGL library ^[2] that implements it. Here are some of the security features:

• US Government Approved, AES-256 encryption
• Host-Proof Hosting over HTTPS
• Two step login
• Non-Permanent Account Info - All login information can be changed, always.
• Strong Pass-phrases
• Anti-phishing Welcome Message
• Disposable Logins

They also offer two offline versions of the app, one built with AIR ^[3], the other one with Gears ^[4]

Brain cells.

I'm a big fan of Keepass. As far as I know, it's Windows only. It runs on the desktop, so it's not as widely accessible as a Web-based one. OTOH, that means it's less vulnerable.

It also has a built in secure password generator, with rules for length and valid characters, which makes life super easy when you need a new one.

I recently started using SuperGenPass ^[1] it's a javascript hasher bookmarklet that takes your "master password" and hashes a site password. SuperGenPass has a leg up over the other few in it's class because it has a wonderful interface where you can easily double click the field you want to put the password, and a nice little box in the corner that tells you what's going on.

It's not password storage but it works for me, and for more then webforms.

Commit the damn things to memory. The way you do that is to purposely not ask your software to autofill the password for you. If you have to type the password 5 times per day, you're going to remember it.

That's good for primary passwords.

For all the other passwords, put them online (yahoo notes, google notebook, that sort of thing)

For team passwords: a text file in a restricted directory. make the text file parseable. I personally use this format:

# Format: password number, colon, username, colon, password, colon, date password must be changed by
1:username:password:9/1/2008

This allows the writing of utilities that can parse the file yet make the password list human-editable and legible.

Remember that once a password is stored somewhere beside your brain, it is only a matter of time before unauthorized people gain access to it.

Update: In view of the breach of Sarah Palin's Yahoo Mail account. I think the Yahoo Notes idea is bad.

Keepass is great. Get it from link text ^[1] then it installs just nicely on a USB key for transportation!

I use Passpack ^[1], an online password vault. A big concern with a central place that store all your passwords is security. They handle that with AES encryption. All of your passwords are stored encrypted and decrypted on the fly with a packing key that only know.

Password safe ^[1]

I have an instance on my home machine and my work machine. I basically just flash-drive to keep them "synched", and just expend the minimum amount of mental energy to ensure that I don't get them out of sync. I'd like something more automated, but how often are you really adding new passwords/usernames?

PW Safe is a Bruce Schneier project.

KeePass. I have it at work, at home, on a USB drive, and it even works on my Blackberry.

I use "Password Keeper" that came on my BlackBerry. I just have to remember that one password, and can backup the database to my PC. I always have my phone with me, so if travelling my passwords are with me for use on a public PC that has USB locked (or has no accessible USB ports)

Keepass is far and away the best I've used.

The greatest thing about it is how many platforms it's available for. Windows, Linux, mobile devices (Blackberry, etc.). What is even more amazing is combining it with Dropbox ^[1]. You keep your database in your public folder and then the Blackberry app can access the URL of your Keepass dictionary. Your passwords are wherever you go :)

I used Password Safe from Bruce Schneier, but I rewrote it in Java so I could use it under Linux and OSX as well. I called it "Password Tracker" it is completely compatible with the original Password Safe and you can find it in Sourceforge ^[1]. 8

I've used CryptoCard Explorer ^[1] which has a Windows and a Windows Mobile client so I can sync the encrypted cards with my phone.

I use Steganos Locknote ^[1] to store all my logins, passwords, and associated email/security question data. Locknote is essentially Notepad with a password attached. Of course, you have to remember the password to your password file.

Overall, I go out of my way to remember the passwords for sites I use all the time, and don't worry about obscure ones (thats what the text file)

Xecrets ^[1], from the developer of AxCrypt. I can't live without that website now. There's two reasons I use this web-based service:

• I trust the developer (I know him, and I've seen the source code)
• I'm going to type those passwords into an input box on another website. Thus, Xecrets is no less secure than the websites receiving my passwords.

Foxmarks which is great for synching your bookmarks in Firefox now does passwords as well. It defaults to off so don't panic if you already use Foxmarks and don't want it touching your passwords.

They do include a wiki ^[1] entry on how to host your own server.

Here's one of their posts about security of this feature:

We know how sensitive passwords are, so we built this feature with security in mind from the very beginning. In order to synchronize your passwords, Foxmarks will ask you choose a secret PIN that is different from your password. This PIN will be used to encrypt your passwords before synchronization so that your passwords are secured even before they leave your computer. Only you and your computer will have knowledge of this PIN, so nobody but you will be able to decrypt and access your passwords - not even Foxmarks!

If you want to host your own server, there are three settings you should be concerned with in about:config

• foxmarks.url-bookmarks (string)
• foxmarks.url-passwords (string, needs to be a different file)
• foxmarks.useOwnServer (boolean, set to True)

I use Roboform and sync the encrypted files amoungst my machines using Goodsync. This works great although I don't have an Macs - yet!

I use KeePass. You can also use it to encrypt file by adding it as attachment to an entry, but this will increase your database size and make it less portable. Nonetheless, it's a nifty feature to have.

I have tried most of them and KeePass is my favorite. I store my password database on a JungleDisk encrypted volume and I can share it between all of my computers including my Mac and PC ones.

There is also a developer working on a iPhone version ^[1], hopefully coming soon.

We use PasswordSafe http://pwsafe.org/ . Open Source & easy to use.

Revelation ^[1] - password manager for Linux

Pastor on OSX. I'd to create some sort of public-private key (GPG?) Django app for storing / sharing passwords though.

For 6 or 7 years I've been using STRIP ^[1] (Secure Tool for Recalling Important Passwords) for the Palm. (Yeah, I know, the Palm's not cool anymore, but it does what I need.) I see there's an iPhone version ^[2] now.

1Password for the Mac (sync passwords across Macs with DropBox) and iPhone, KeePass for everywhere else.

Passwordstate ^[1] - plenty of features, and great for IT departments who need to shared passwords.

Vim has an option to encrypt a file and vim is available for most platforms:

vim -x secretfile

If you're in vim editing a file and you decide you want to file to be encrypted, you can type ":X" (upper case X) from command mode and you will be prompted for a password. Very convenient and simple if you are already a vi user.

Password Corral: http://www.cygnusproductions.com/freeware/pc.asp. No autofill, which I prefer. I don't want passwords to be entered automatically, I just need an encrypted place to store them because there's no way I can remember them all. Passwords are stored in a plaintext file.