

Ask HN: How do you manage your passwords? - Pfhreak

Perhaps I'm just more aware of it, or perhaps it's happening more frequently, but it seems like every couple of weeks a major service demonstrates that they have exposed some user data or passwords.<p>Intellectually, I know I <i>should</i> be using a different password for every service, game, and application I use. Practically, I reuse a handful of long, strong passwords.<p>I'd like to change that practice. I'd like to use a different password on every service, but that's probably a few dozen passwords. Too many to remember practically, in any case. There's a lot of misinformation out there about how to do this correctly, and I'm looking for examples on how to do it right.
======
sjtgraham
After shitting the proverbial brick last week re the Apple ID/iCloud debacle,
I downloaded 1Password and methodically changed the password to everything I
cared about with a randomly generated string that included non-alphanumeric
chars. Sometimes I find this inconvenient as the integration on the iOS app is
not great (unless I'm missing something), and will never improve unless Apple
exposes APIs allowing deeper integration; but my current thinking is the extra
security is worth it. Previously all my passwords were the same thing modulo a
changing non-alphanumeric char, which I understand is dumb, but I was too lazy
to change them. The aforementioned Apple incident provided the final impetus
for change. Obviously, it later transpired that the breach was down to social
engineering and weaknesses in human security rather than compromised
passwords, so all this is moot as the best security precautions are only as
strong as the weakest link in the chain.

Something else I found interesting is Apple allows a max of 32 chars in their
passwords. I discovered this as the password I was trying to set was
significantly longer than this. Does this not suggest that the passwords are
not hashed? If they were the length of password would not matter as the hash
outputs are identical lengths and Apple could set the db column size
accordingly.

~~~
dbecker
I also switched to 1password after that debacle (though I should have done it
before). 1password is great on a mac, but accessing passwords (via dropbox)
from a linux machine is a pain in the ass.

Password management still seems like an unsolved problem.

------
bblough
All of my passwords are randomly generated and kept in a password database.
The database is then auto-sync'd to a cloud storage service. This keeps my
passwords secure, but easily accessible.

Specifically, I use Password Gorilla (since it's psafe compatible and cross-
platform) and SpiderOak (since it's encrypted and cross-platform).

------
k_s
I wrote a bit about this awhile back here ([http://software-and-
algorithms.blogspot.com/2012/06/password...](http://software-and-
algorithms.blogspot.com/2012/06/password-management.html)). Basically, I use
HMAC to generate passwords based upon a single strong password and an account-
specific phrase.

------
bdfh42
PasswordSafe is good <http://pwsafe.org/> and helps me keep a different
password for every site. You can also save some ancillary information as well
- useful for developers with data keys for api access.

Simple and quick to use which helps maintain the discipline.

------
runjake
LastPass Premium -- it runs on everything. I am happy with it, but I'll
probably take a look at 1Password soonish.

~~~
pavel_lishin
The price of 1Password turned me off. (There was also some UI glitch I didn't
like, but I don't remember what it was, and Lastpass is no beauty itself.)

------
brudgers
One of the ways I manage my passwords is by not sharing meaningful information
about how I manage them in public.

------
koopajah
There was a discussion right about this 4 days ago :
<http://news.ycombinator.com/item?id=4343097>

------
israelyc
I've been using RoboForm, not well designed (it seems like they are improving
though) but works great on both Mac and PC (sucks on iOS).

------
lexbryan
We are using LastPass. There are risk still though.

------
aayala
keepasx

------
hboon
1password.

------
eswangren
KeyPass has always treated me well, is free, and runs on multiple platforms.

