

Ask HN: How do you deal with all these passwords? - gsivil

Nowadays everyone of us has so many electronic accounts(Facebook, emails, websites, forums, work, finance, e.t.c.).<p>What is the most convenient and secure way to deal with that issue? It has been a long time since my memory was sharp enough to remember all of them.<p>P.S: Sometimes I even forget my username :)<p>EDIT: my initial post was focused on passwords from the user's perspective. But, how do you deal with passwords in your websites as developers?
======
nl
I recently signed up with Rackspace, and was shocked when the guy who did
phone verification commented on my password.

That scared me enough to look at password managers, and after some research I
settled on Keepass, and syncing the database via Dropbox. It keeps the
username, password & URL, so that solves most of the problems I have.

It's cross platform (I care about Windows, Linux & Android) and seems reliable
enough (I've noticed no bugs in about 6 months).

"Autotype" means I never need to see my server passwords, so they can be
really random strings.

~~~
dpritchett
Keepass + Dropbox works for me, too! I think I got the idea from Lifehacker:
[http://lifehacker.com/5063176/how-to-use-dropbox-as-the-
ulti...](http://lifehacker.com/5063176/how-to-use-dropbox-as-the-ultimate-
password-syncer)

~~~
willheim
+1 on the Keepass/Dropbox combo. You can also get an iphone app that syncs up
with your dropbox keepass database called iKeepass.

------
tygorius
I can't help you with the forgotten user name, but in contrast to all these
kids with their cloud-this and server-that, I'll pass along what Stan Isaacs
(a true gray beard) taught me -- and he got it from his wife:

break your password into two hands' worth of typing, the first part on one
hand is the same string of gibberish at all locations, the second hand adds a
location-specific suffix of shorter gibberish.

If you pick a simple algorithm for going from location to suffix, you only
have one hard-to-divine string to memorize -- and that's the hand you practice
all the time.

Now if you'll excuse me, I have to go shoo some kids off the lawn...

------
arn
<http://agilewebsolutions.com/onepassword>

I use it on the Mac and sync over dropbox across my various Macs. Looks like
there's a Windows version, never tried it.

------
barrydahlberg
I'm using <http://agilewebsolutions.com/products/1Password> primarily on my
Windows machine and synced to my Mac via Dropbox. It still in beta for Windows
but is working great for anything browser related.

There are a few things it doesn't do and possibly aren't reasonably practical,
e.g. remote desktop passwords, SSH passwords, Minecraft login etc. I do use it
for storing misc things like SSH keys though.

As for passwords in my site, salt them, SHA2 hash them and throw them away.

------
finemann
I follow a very simple way to do this. My bookmarks bar contains all the sites
that I have an account on (around 15). Now I remember a base password, which
is something like Dxx#fd. Now if gmail comes 2nd in the bar, the password for
it will be D02#fd. Of course, you'll have to keep the bookmarks in one order
for this to work.

------
corin_
I have no problem remembering passwords, just usernames. I've a pretty good
memory for stuff like passwords, IP addresses, telephone numbers... whereas my
usernames are usually pretty similar, so I get them confused. Did I use
'corin', 'corin_', 'corincole', or one of my many email addresses?

------
johnny22
yes, anything that's cross platform? Too many solutions seem to only work on a
couple, not all.

The closest i've seen is keepass. I've seen implementations that read/write
the keepass db for linux,windows, mac. The only android one i've found so far
is read only :(

------
thinkalone
<http://lastpass.com/> is indispensable for generating, managing, and auto-
filling super-secure passwords that you never even have to _know_ , let alone
remember.

~~~
ryanto
I'll get behind this. I do not know a single one of my passwords, but I can
access them from anywhere. Desktop, laptop, cellphone. Lastpass is easily one
of the best pieces of software I have ever used.

~~~
BCM43
How is it that you can access it from anywhere, but it is stored on your
computer? Do you put the password file on dropbox?

~~~
zimro
<http://lastpass.com> is storing the information on their servers, thus the
availability.

And I've to agree here, it's a must use product.

------
solost
It might sound odd, but I just create an entry in my contacts in outlook for
each service. I've never lost a password and I have access to them whever I
go.

------
PonyGumbo
I use KeePass (<http://keepass.info>).

