

Ask HN: How do you manage your passwords? - 0mbre

With all this heartbleed noise, it now seems like the right time to finally get my passwords in order. So I was wondering what solution do you guys use manage your passwords, SSH keys and misc credentials ?
======
caleb23
I previously used KeePass and the password database corrupted one day. I would
only use KeePass if you are comfortably keeping several backups using
TrueCrypt and your system is compatible with it.

I prefer LastPass because it has more features that are valuable (I can use
one tool/service instead of several), I can use it on all of my devices, it is
very secure.

------
arijitraja
I have followed the same process as mentioned by @2810. Worth mentioning
something I wrote last year -
[http://pivotedreality.wordpress.com/2013/08/02/i-dont-
like-c...](http://pivotedreality.wordpress.com/2013/08/02/i-dont-like-
changing-passwords/)

------
2810
For credentials like facebook, emails, coinbase and etc, my password will be
[identifier]_mypassword. So for example, my fb password will be
facebook_yyu9023, email password will be gmail_yyu9023 and the patterns
continue. Now days I just write it down and then encrypt it with a passphrase.

~~~
ereckers
I tried the identifier route before, but there's always a few smart aleks who
detect and refuse dictionary words, maybe even the domain name (can't remember
exactly). These types of "systems" that live in your head, would be the best
way to go if it weren't for banking, financial institutions, and government
run websites.

With that being said I use LastPass for the high priority stuff and 1 basic
password for sites I could care less about. Never lost one of those basic
accounts yet.

~~~
jjp
I use a variation of the identifier route which is to take the identifier and
drop all the vowels from it. So not only do I get something that is easy to
recreate it's also not in the dictionary.

------
yen223
KeePassX because I'm a cheapskate. Works pretty well, as long as you're ok
with syncing the password database on a public syncing service that shall not
be named.

------
hashtag
1Password

~~~
uxjw
...which is 50% off at the moment
[https://agilebits.com/store](https://agilebits.com/store)

------
vqc
keepass/keepassx with the database syncd through the non-controversial syncing
service du jour.

------
jackgolding
LastPass is sufficient for myself

~~~
hackerboos
I love their password vault security audits, I've been de-duping and
increasing my password security with the help of this.

Lastpass Mobile now also has autofill on Chrome if you are using Android,
which is great because the inbuilt browser on the Lastpass App was awful.

------
0mbre
thanks all for the suggestions, just switched all my passwords with Keepass +
sync

------
snowwrestler
Keepass and DropBox. The encrypted password database lives in Dropbox, and the
key file lives on each of my client devices. The master password lives in my
head.

