

Password Manager - Any suggestions? - adamo

A friend has reached the limit of his memory capacity on passwords that he can remember and asked me for advice. Since I have not reached my limit, I turn to HN and ask for advice too. Operating Systems of Interest are Linux and Windows (in this order of preference).
======
RevRal
KeePass is what I use.

The password database that KeePass uses can be accessed from linux and
windows. For Linux you'll need KeePassX.

Other pluses:

+The software is portable.

+Generates super strong passwords.

+Along with the password to access your password database, there is an option
to have a "key file" required. You put this file onto something like a jump
drive, making it necessary to have your password and the jump drive if you
want to access the database. I have a spare keyfile on a CD in my deposit box
at the bank.

\----

Addendum/Protip: If you know an alternative keyboard layout like colemak or
dvorak, you can easily make pretty secure passwords for, say, a login screen
at work: type your password on the Qwerty layout as if it were the alternate
keyboard layout.

For instance. WeakPassword on Colemak is WkanRaddw;sg on Qwerty. Then, when
the desktop loads, so will your alternate layout and everything will be
normal.

~~~
stcredzero
KeePassX is also available on OS X.

~~~
RevRal
Hey! That's really cool.

------
icodemyownshit
I've been using KeePass for several months and love it. The only thing lacking
at this point is a suitable version for iPhone. While there is an app, it has
a long way to go. I heard that the Blackberry version is great. I use the same
database across OS X and Windows machines.

<http://keepass.info/download.html>

~~~
stcredzero
You can also export your Database from the Windows version of KeePass in a
form that's easily massaged to upload to your iPhone with the Keeper app. I
use this to keep my password database with me at all times, as well as on all
of the machines I work on. No subscription or payment necessary!

------
imurray
He could put the passwords on a piece of paper in his wallet.

If paranoid, or worried about “shoulder-surfing”, the passwords could be
obfuscated in some simple way. Examples: swap the first pair of digits, or
swap case, or add a constant to all numbers. This would buy time if the wallet
were stolen.

There are those that say passwords should never be written down, but I'm not
alone on keeping them in a wallet:

[http://software.silicon.com/security/0,39024655,39130618,00....](http://software.silicon.com/security/0,39024655,39130618,00.htm)
[http://www.schneier.com/blog/archives/2004/12/safe_personal_...](http://www.schneier.com/blog/archives/2004/12/safe_personal_c.html)

------
mr_pants
I use the method that joelonsoftware suggested with Password Safe and Dropbox.
It's allowed me to use much more secure passwords and have all of my passwords
available no matter which of my computers I use.

I haven't tried installing it on a phone.

------
hong
I've tried several password managers but didn't like them too much. I
currently use a word document that is password protected (ironically) and
named something inconspicuous. "Report on endangered dolphins in China"

------
stsimb
+1 for keepass(x)

