Ask HN: How do you deal with all these passwords?

3 points by gsivil ↗ HN
Nowadays everyone of us has so many electronic accounts(Facebook, emails, websites, forums, work, finance, e.t.c.).

What is the most convenient and secure way to deal with that issue? It has been a long time since my memory was sharp enough to remember all of them.

P.S: Sometimes I even forget my username :)

EDIT: my initial post was focused on passwords from the user's perspective. But, how do you deal with passwords in your websites as developers?

15 comments

[ 4.1 ms ] story [ 49.2 ms ] thread
yes, anything that's cross platform? Too many solutions seem to only work on a couple, not all.

The closest i've seen is keepass. I've seen implementations that read/write the keepass db for linux,windows, mac. The only android one i've found so far is read only :(

http://lastpass.com/ is indispensable for generating, managing, and auto-filling super-secure passwords that you never even have to know, let alone remember.
I'll get behind this. I do not know a single one of my passwords, but I can access them from anywhere. Desktop, laptop, cellphone. Lastpass is easily one of the best pieces of software I have ever used.
How is it that you can access it from anywhere, but it is stored on your computer? Do you put the password file on dropbox?
http://lastpass.com is storing the information on their servers, thus the availability.

And I've to agree here, it's a must use product.

It might sound odd, but I just create an entry in my contacts in outlook for each service. I've never lost a password and I have access to them whever I go.
I can't help you with the forgotten user name, but in contrast to all these kids with their cloud-this and server-that, I'll pass along what Stan Isaacs (a true gray beard) taught me -- and he got it from his wife:

break your password into two hands' worth of typing, the first part on one hand is the same string of gibberish at all locations, the second hand adds a location-specific suffix of shorter gibberish.

If you pick a simple algorithm for going from location to suffix, you only have one hard-to-divine string to memorize -- and that's the hand you practice all the time.

Now if you'll excuse me, I have to go shoo some kids off the lawn...

I have no problem remembering passwords, just usernames. I've a pretty good memory for stuff like passwords, IP addresses, telephone numbers... whereas my usernames are usually pretty similar, so I get them confused. Did I use 'corin', 'corin_', 'corincole', or one of my many email addresses?
I recently signed up with Rackspace, and was shocked when the guy who did phone verification commented on my password.

That scared me enough to look at password managers, and after some research I settled on Keepass, and syncing the database via Dropbox. It keeps the username, password & URL, so that solves most of the problems I have.

It's cross platform (I care about Windows, Linux & Android) and seems reliable enough (I've noticed no bugs in about 6 months).

"Autotype" means I never need to see my server passwords, so they can be really random strings.

I follow a very simple way to do this. My bookmarks bar contains all the sites that I have an account on (around 15). Now I remember a base password, which is something like Dxx#fd. Now if gmail comes 2nd in the bar, the password for it will be D02#fd. Of course, you'll have to keep the bookmarks in one order for this to work.
I'm using http://agilewebsolutions.com/products/1Password primarily on my Windows machine and synced to my Mac via Dropbox. It still in beta for Windows but is working great for anything browser related.

There are a few things it doesn't do and possibly aren't reasonably practical, e.g. remote desktop passwords, SSH passwords, Minecraft login etc. I do use it for storing misc things like SSH keys though.

As for passwords in my site, salt them, SHA2 hash them and throw them away.