Poll: How do you manage passwords?

6 points by maguay ↗ HN
Out of curiosity, what do you use to manage passwords? Let us know why you use what you do in the comments if you can. Thanks for the input!

And, sorry for the typo the first time - http://news.ycombinator.com/item?id=2174865!

19 comments

[ 3.5 ms ] story [ 47.6 ms ] thread
I personally have become reliant on Lastpass, though 1Password's style is luring me. Any pros/cons of each you know?
In head using mnemonics.
Neat. Do you ever have trouble remembering them, and do you write them down somewhere to make sure you don't lose them?
I do the same - buy I use visual patterns on the keyboard.

Think swipe, but to make a shape or pattern with shift pressed at specific intersections.

Lastpass has freed me from generating complicated passwords and remembering them. It also syncs between all my browsers and even works in the iPhone.

I couldn't ask for more.

I use a traditional fat client application, keepassx: http://www.keepassx.org/

Runs equally well on OSX, Windows, Linux/X11. It supports "autotype" so that you don't have to fool with copy/paste.

Piece of paper in my wallet. I got the idea from Bruce Schneier, he says we're pretty good about keeping track of other pieces of paper there, and it's more secure than many other alternatives for frequently changing passwords.
I tried LastPass but the use of password offline and for non-web based applications was not working for me. The tools were awkward and difficult to use.

Went back to using KeePassX (http://www.keepassx.org) with Dropbox sync.

The biggest thing I learned: Putting passwords into LastPass was super easy and well thought out. Getting passwords out of LastPass was 'sub-optimal'.

1Password with DropBox sync works flawlessly for me. I love it.
(comment deleted)
(comment deleted)
I used to go with the 1 secure password for all sites. But then, it became painfully obvious that most sites don't treat your password with the respect it deserves (i.e. hash that shit and never store it in plain text). So, what I do now, is keep one secure password and then modify it based on the url of the site that I'm joining. This way, I just have to remember one password plus my algorithm for modifying it so that it's site specific. It works well until I come across a site (like my broker) that won't let me use "special" characters. It really makes me want to change brokers because if they were handling my passwords correctly - hashing them - they would never know what characters I use.
We are experimenting with Clipperz Community Edition (the private version of the online Clipper) (http://www.clipperz.com/). We prefer the community edition because tt - somehow - feels better to have our (encrypted) data on one of our servers.
I use a crude script to make a custom hash of a password

http://dpaste.com/hold/382522/

I use the two arguments: a master password, and a common name. I only know one of my passwords off the top of my head.