How do you manage your passwords?

[notta]

Well, I got a call from my bank today. Someone charged $99 dollars on my charge card from iTunes. This is the first time this has happened to me. My bank and my iTunes accounts have been addressed, but now I feel I should go around and change all my passwords. How do you guys manage your passwords? Most of my passwords are exactly the same for all my sites, I know, I know, so now I feel I should go around a change all my passwords just in case. I would love to have a different password for every site, but there is no way I'll remember them. I'm also not a big fan of using password managers because I hate the fact that all of my passwords are sitting in one spot. LastPass looks like a good idea, but again a central point of failure for all your passwords. How do you guys manage your passwords?

[Travelar]

I use LastPass with Yubikey for two-factor authentication. All of my passwords are randomly generated and I don't use similar passwords for any sites.

[Hum]

Very badly.

I just juggle them in my head. :wacko:

[OTAU]

All in my head. Some of them are very complex but regardless I try to avoid saving them anywhere. I let Google Chrome save some passwords that I don't really worry about however. But passwords for things such as email, all in my head.

[Eddo89]

I remember the important passwords in my head (Facebook, email, bank, work/uni etc, Trade Me(basically NZ's Ebay) anything identity/money involved) and I make it a point to access them often so it is ingrained in my memory.

As for lower risk, I have the same segment of a password in every one of them and then a satirical play of the name. Or simply the name of the website even if I really don't care about that account/website.

[Nashy]

I remember them. Not much point if I have to write them down somewhere.

[+Frank B. Subscriber²]

I memorise them. Different applications have different password strengths - my online banking password is stronger than the one used for Neowin for instance.

[medium_pimpin]

Keepass. I store the encrypted DB file on dropbox, so I can access it from home/phone/etc. Also keep all my game and app keys there.

[martinsc]

Keepass. I store the encrypted DB file on dropbox, so I can access it from home/phone/etc. Also keep all my game and app keys there.

This is exactly the same I do it :) (Y)

[~Johnny]

I have a random little pattern for my passwords, something like:

[first two letters of site name] + [main password] + [length of site name as a number] + [punctuation mark depending on TLD]

They all mostly the same main password in the middle but with some extra strength around it, which means I likely won't ever forget them but still being different enough that even if someone steals one they probably won't work out the rest...

It's obviously not that pattern though :p

[Muhammad Farrukh]

How do you manage your passwords?

I don't.

My brain does

[UndergroundWire]

I use the same password for everything ($1One0Zero$) I use. I even use the same user name Gmail, bustybabes dot com, Citibank, etc...

[PNWDweller]

I use LastPass with Yubikey for two-factor authentication. All of my passwords are randomly generated and I don't use similar passwords for any sites.

Same here :)

As far as password length, I use anywhere from 14 (for non-essential sites), to 25 characters long (Most recently my root password for my VPS).

[qdave]

passwords.txt :D

Seriously though i try to remember the few i have.

[FiB3R]

Another vote for KeePass/Dropbox + the mobile app. There is no way in hell I'm going to remember 700+ passwords. It's also good for storing other info to go along with those accounts/services/passwords.

I also use LastPass to store less important passwords (which is most of them), so that I can have faster access to them. (user/password fields get auto filled when logged in to LastPass)

[Lingwo]

Depends how often they will be used.

Ones i might use now and then usually end up on paper, not labelled in anyway, it is mainly there to jog my memory if i forget it.

Ones i use often then i just remember, i like to think i have a pretty decent system for my passwords, which usually make them easy to remember.

If it is a site, i don't want to register on but they force me to, then i just use a simple password, as i don't care if the account gets hacked.

[Krome]

lol no poll? :)

I use my memory to store all of my passwords from many accounts. All accounts on the net and off the net have different passwords. Everything that allow password to lock, I use passwords, including Windows login.

Windows login

Router/Network (different pass)

Yahoo Mail / MSN / Google (different pass)

Many other web accounts (all different pass)

The only thing I don't recall well enough is the site I register an account with. Once I establish the website location, the password came to me immediately. I got about 20-30 different accounts on the web. All with different passwords and they are not short.

[Max Norris]

The few important ones I keep in my head, banking and such. Random web sites, forums and all that though, generated and stored via LastPass.

[c3ntury]

LastPass mainly. I just remember one 24 character password. Problem is I haven't paid for it on mobile, so trying to login to Facebook on a new ROM can be a reaaaal pain.

[notta]

I have a random little pattern for my passwords, something like:

[first two letters of site name] + [main password] + [length of site name as a number] + [punctuation mark depending on TLD]

They all mostly the same main password in the middle but with some extra strength around it, which means I likely won't ever forget them but still being different enough that even if someone steals one they probably won't work out the rest...

It's obviously not that pattern though :p

I like this idea. I remember listening to a Security Now episode where Gibson referred to something like this as Password Haystacks. I might go with this one.

I use LastPass with Yubikey for two-factor authentication. All of my passwords are randomly generated and I don't use similar passwords for any sites.

This looks really interesting. Can you explain a little more how it works? The video is very short.

[_neutrino Veteran]

every account has a different password and they are all in my head.

[Neo003]

Roboform I used the trial version before and really like it.

[+Warwagon MVC]

I use Roboform Everywhere. I have it on on all my machines. I also went through all the sites I had passwords for and generated random passwords. For backup of my passwords in roboform I

1) print out a list of all my passwords all 231 of them and put the paper copy in my safety deposit box at the bank.

2) Burn a copy of the Roboform Data folder to a DVD and put that in the box as well.

3) Backed them up to carbonite

4) Sync them to Roboform online

5) A nightly backup to a drive inside my computer

6) 2 external 1tb hard drives. 1 I keep here and 1 I keep in my safety deposit box (they get rotated monthly)

That is technically my over all backup strategy, just happens the roboform password folder is included.

[DPyro]

Lastpass. Bank and email accounts I keep in my head.

[Vambo]

Keepass + minipass app