Ask HN: Best way to protect my passwords as a user?
It seems to me that with all these websites losing their data and seemingly(to the untrained eye) being completely incompetent I need a better system to manage my passwords.
Can anyone suggest a good system to protect my passwords? For example - If the best way is to save and use complex 20-30 digit long random passwords, then how do you save those passwords?Surely you're not memorizing passwords for all your services, so you're using some sort of password manager so any ideas on which password manager is good? Or perhaps is it good to have a "passwords file", use some random password generator (or perhaps generate MD5 hash of some text and use that as a password) and then keep all of them under some protected file on your system? Or is Mac OS X's Keychain Access any good for storing passwords?
I am asking this question here because there are people in this community who are known to be knowledgable about the security of systems, and that makes them more eligible than I to answer these questions. I have done a little reading on the subject and find discovering a good way to protect myself very difficult. I hope I can get some help in this community.
Thanks in advance.
(As always, any articles/information that educate me on this topic will be helpful)
8 comments
[ 3.9 ms ] story [ 28.5 ms ] threadhttp://agilebits.com/products/1Password
This allows you to randomly generate strong unique passwords for each website, and have them accessible from anywhere.
You are obviously putting trust in the service, but you have to weigh up what is more of a risk; the service going AWOL and stealing your passwords, or someone breaking into your accounts due to bad/repeated passwords.
LastPass is another major online password manager.
KeePass is a great offline solution. There's also 1Password.
It's multiplatform and works pretty much everywhere. After the initial setup even my non-geeky GF can use it.