Fog Creek Software
g
Discussion Board

Keeping track of passwords

The thread in Ask Joel about forgotten passwords got me thinking... how do folks here keep track of all the passwords they use on various systems, Web sites, whatever?

- Do you have Mega Memory (TM)?
- Do you just slap post-its on the monitor? (Shudder.)
- Do you use one of those little password-minder utilities?

Of course I don't have any problems remembering the dozen or so obscure passwords I use regularly for my systems, servers and router, e-mail, primary financial accounts, and a few Web sites I visit frequently. But when I go to some site that I only visit once a year, I can barely remember what e-mail address I used to register, let alone the password to go with it.

My solution of late has been to keep a little Excel spreadsheet with site/resource names, the e-mail address or username I registered with, and a somewhat cryptic indirect reference to the password I used for that site. I can check it into my personal CVS repository and keep it in sync on multiple machines. But I'd love to know if anyone here has come up with a more elegant solution...

John C.
Tuesday, April 13, 2004

The passwords I use everyday I keep in my head. For everything else I use Password Agent from Moon Software. See http://www.moonsoftware.com/pwagent.asp

John Topley (Www.johntopley.com)
Tuesday, April 13, 2004

Computer harddisks are way too unreliable, and I am too lazy to back up gigs of info every week/month. Not that my passwords are gigs of info, but you know what I mean.

So I use a pen to write them down on a piece of paper which does not crash, or lose information over time. I could still lose the paper, but I don't.

Simplest things are the best!

grunt
Tuesday, April 13, 2004

I have a default password for all those annoying sites that require you to register just to read / post something.  The security risk is so minimal it isn't worth worrying about.

This covers about 90% of all the passwords I ever need.

The important, frequent, ones I remember.  Very little falls into the important and infrequent category, and those end up on a piece of paper or I rely on the 'I forgot my password' link.

Rob Walker
Tuesday, April 13, 2004

I use the copy of eWallet that came with my Pocket PC.  I can store all of my passwords in one place, and that place is then protected by a master password.  Plus, I can get to all of my passwords from my desktop or wherever I happen to be at the time.

Emperor Norton
Tuesday, April 13, 2004


I use an app called STRIP on the Palm, as discussed at

http://discuss.fogcreek.com/joelonsoftware/default.asp?cmd=show&ixPost=123860

- former car owner in Queens
Tuesday, April 13, 2004

http://www.schneier.com/passsafe.html

a
Tuesday, April 13, 2004

I was a fan of Password Safe (used it for 4 years), until I found Password Minder. A better implementation, in my opinion, because passwords need never be placed on the clipboard.

http://www.develop.com/kbrown/security/samples.htm

From Windows security god Keith Brown.

Brad Wilson (dotnetguy.techieswithcats.com)
Tuesday, April 13, 2004

Since I'm a Mac user, I just use Keychain - stores all my passwords, security certificates, etc.

Life is beautiful with that application.

(I keep thinking I should write them down from time to time, though - we all know that you *always* lose data whenever you get a new computer. It's a law of nature....)

Robert 'Groby' Blum
Tuesday, April 13, 2004

Re: Password Minder - looks really cool!  The easy integration (CTRL+SHIFT+P, and password minder pastes in password) is quite compelling.  I'll give it a try.

a
Tuesday, April 13, 2004

Robert,

Yeah, I know.... So now I just copy them to my iDisk on .mac. My assumption is that the risk of someone stealing the keychain _and_ cracking it's password is less than of me forgetting one and/ or trashing the hard drive and loosing the lot!

Now, of course, someone will prove that the keychain security is useless and could be cracked by a one armed monkey with an abacus...

David Roper
Tuesday, April 13, 2004

Currently use:
http://www.chapura.com/cloak.php
It works well, but the desktop client is a bit clunky and I need some office people to be able to share the passwords with me.

Looking into using:
http://splashdata.com/splashid/index.htm
I like it because it seems to be easier to use and it has a password generator.

Jeff
Tuesday, April 13, 2004

I use Treepad Safe ( http://www.treepad.com/ ). It's not free, but I'm used to Treepad, so it's useful to me I also store LOTS of other stuff in the same file - 1 file to backup for all my notes, tons of bookmarks, names, addresses, phone numbers, the text of articles I'm interested in, with full text search. The Safe part means encrypted.

It's kinda cool keeping the registration email in the same place as the URL, username & password.

The 1 file gets backed up every few minutes or so to a 2nd drive on the computer, and that gets backed up once a day or so to another computer... If I was really anal I could upload it somewhere too, like my host in Chicago.

www.MarkTAW.com
Tuesday, April 13, 2004

It is a huge pain when you have to keep track of so many different passwords.  As some have stated, they use the same combo over and over as the sites they register at are not very important.  Of course, the downside here is that one of these 'unimportant' sites now has your combo that they could reuse! Yikes!!

OTOH, having a myriad of usernames / passwords of differing complexity and unreadability seems to be about as useful as a chocolate fire guard - you'll never remember them.

Password applications on a PC seem, frankly, a bit silly. Because you can be certain that when you REALLY need that password, you're at the wrong PC!

My preference is a USB drive - one of those small ones you can tote around with you. Complete with a simple app that allows you to login (argh - another combo required :-) and search for the combo you need (usually based on the site name or app name that you need the combo for).

--
Derek Davidson
www.enterpriseblue.co.uk
Got ED?

Fred Dibnah
Wednesday, April 14, 2004

The important 2 (to my bank, to my computer) is stored in my head. The rest in a txt file named "important" (well, something like that).

Stupid me.

mrBlonde
Wednesday, April 14, 2004

Windows login password is written on a yellow sticky and put under my keyboard. My logic is that if you have physical access to my office, you own my laptop anyway.

For the bank, etc. I keep these in my head. For the silly sites that require a password, I use a weak common password.

pdq
Wednesday, April 14, 2004

http://www.winguides.com/security/password.php

I generate my passwords. I've had issues with typing the password being different from copying the password, but as long as you're consistent, everything should be good.

www.MarkTAW.com
Wednesday, April 14, 2004

##when this came up a few months ago somebody recommended an application for the Palm that kept all passwords and other details safe.

Stephen Jones
Thursday, April 15, 2004

I use AnyPassword.  Free for individual use.
http://www.romanlab.com/apw/?anypassword

anon
Friday, April 16, 2004

*  Recent Topics

*  Fog Creek Home