Ask HN: How do you manage your passwords?

5 points by 0mbre ↗ HN
With all this heartbleed noise, it now seems like the right time to finally get my passwords in order. So I was wondering what solution do you guys use manage your passwords, SSH keys and misc credentials ?

15 comments

[ 2.7 ms ] story [ 43.2 ms ] thread
keepass/keepassx with the database syncd through the non-controversial syncing service du jour.
For credentials like facebook, emails, coinbase and etc, my password will be [identifier]_mypassword. So for example, my fb password will be facebook_yyu9023, email password will be gmail_yyu9023 and the patterns continue. Now days I just write it down and then encrypt it with a passphrase.
What if someone gets hold of one of your passwords and then sees that pattern and tries it out on all the other websites?
In that case you are doomed. You'll have to change all passwords to all sites after one has been compromised.
I tried the identifier route before, but there's always a few smart aleks who detect and refuse dictionary words, maybe even the domain name (can't remember exactly). These types of "systems" that live in your head, would be the best way to go if it weren't for banking, financial institutions, and government run websites.

With that being said I use LastPass for the high priority stuff and 1 basic password for sites I could care less about. Never lost one of those basic accounts yet.

I use a variation of the identifier route which is to take the identifier and drop all the vowels from it. So not only do I get something that is easy to recreate it's also not in the dictionary.
LastPass is sufficient for myself
I love their password vault security audits, I've been de-duping and increasing my password security with the help of this.

Lastpass Mobile now also has autofill on Chrome if you are using Android, which is great because the inbuilt browser on the Lastpass App was awful.

KeePassX because I'm a cheapskate. Works pretty well, as long as you're ok with syncing the password database on a public syncing service that shall not be named.
Keepass and DropBox. The encrypted password database lives in Dropbox, and the key file lives on each of my client devices. The master password lives in my head.
thanks all for the suggestions, just switched all my passwords with Keepass + sync
I previously used KeePass and the password database corrupted one day. I would only use KeePass if you are comfortably keeping several backups using TrueCrypt and your system is compatible with it.

I prefer LastPass because it has more features that are valuable (I can use one tool/service instead of several), I can use it on all of my devices, it is very secure.