

Ask HN: Personal password storage and usage - laurencei

With the recent issues with leaked passwords, poor encryption, gmail hacking etc - I was curious; how do you store and protect your passwords?<p>I currently have a 'throwaway' password I use on low end sites, and some specific ones for email, banking etc - but I'm thinking of making really big tough unique passwords for all my sites now, and use something like FireFox to store them - and that way I only need to remember one generic (yet tough) password. Thoughts?
======
michiel3
If you're going to use a password manager, I would recommend 1Password or
LastPass.

Other tricks you can apply:

\- Use a different password on every website. To help you remember it, you can
choose one main password and make variations on it for every website (the
variation is based on that website, but don't make it too obvious!)

\- I can't tell my password for a specific website if someone points a gun at
my head, since I don't know it. I need a QWERTY keyboard to enter my password,
because I only remember the flow of the characters I type. I don't remember
all the characters.

~~~
horv
I add my vote for 1Password. Just started using it a few days ago but I think
it's very well done.

~~~
laurencei
Thanks - I've given 1PAssword a go - looks promising

------
pwg
Don't use the built in password storage of any browser. Doing so leaves you
vulernable to bugs such as this one:
<http://forum.avast.com/index.php?topic=25044.0;wap2>. I.e., if a hole that
leaks passwords exists, your browser could be leaking all your "high quality"
passwords without your knowledge.

Instead, do as michiel3 suggests. Use a separate, independent, password
manager. There are plenty out there. I recommend (and use) Password Gorilla
myself (<https://github.com/zdia/gorilla/wiki>).

This way, your passwords are protected from browser bugs (should they appear).
Further you can easily make completely independent, strong, passwords for
every site, because you are not remembering each, you only need remember the
unlock password(phrase) (hopefully also strong) for your password manager app.

------
lukebaker
I'm a fan of PasswordMaker. Based on the domain name of the site, a master
password (you could still use a tier system where sites of different value
have a different master password), and other settings a password gets
generated. Each site gets its own password and your passwords are only stored
on the target site (i.e., there's no central password manager that stores all
your passwords). There are browser extensions that make it easier to use and
if you're not on your own browser there's an online JS version available for
generating your passwords.

------
josephkern
PasswordCard; brilliant, simple, and works when the power goes out (or you
loose your phone). <http://www.passwordcard.org/en>

------
ashaikh
A good way to store them is a physical copy in an old address book. Use the
alphabetical directory for the site name and then you won't have to worry
about forgetting them.

------
toomuchcoffee
A little pad of paper you keep in some drawer somewhere that no one is likely
to stumble upon. Satisfies all 3 corners of the CAP theorem and is infinitely
scalable!

------
yogsototh
I created and use YPassword[^1]

[^1]: <http://ypassword.espozito.com/Scratch/en/getit/>

------
yashchandra
I keep about 3 passwords at one time. 1 password for email, one for bank
accuonts, one for everything else like HN, reddit,linkedin etc. I treat email
as most critical since emails contains pretty much everything about you
including critical documents that you email (passport copy etc). Then comes
financial accounts such as bank,credit cards etc. The last one is everything
else.

