Password are a pain...

[ahhaa]

Everything wants to remember my passwords for me; the browsers, Norton, web mail apps, the sites themselves... Norton even has a whole new 'Identity Safe' gizmo which can be a real pain if ignored.

One site wouldn't let me sign in with the password I was sure was right, which goaded me into entering several other passwords I rotate around, before I caught on.

Do you let programs remember passwords?

ps don't post any personal password info ...duh...

[gadgetguy]

No. I don't believe any software is secure enough to keep a list of my passwords safe. I have several passwords that I use regularly and I keep a list of the infrequently used ones a separate, off-line computer.

[Krispy Kritter]

I don't use apps to remember either. I keep a doc file with all of the site names and the corresponding l/p. I also tend to use a few different combos on all of my sites (combo 1 for forums, combo 2 for retailers, etc.), so remembering only a couple combos is fairly easy. I also change them every 3-4 months.

[dphirschler]

I hate being forced to change my passwords. I don't mind changing every now and then, but I hate being forced to do it.


Darryl

[ahhaa]

I downloaded something from cnet called My Lockbox which creates an encrypted folder, thought I could put it on a small old flash drive as a password keeper... but I keep wondering- if I'd designed this, could I resist putting in a backdoor?

What bothers me most is sites like Windblows Live, where they put you through all this password rigamarole...
but if you use Firefox it'll warn you that while the signin page is encrypted, your password will be sent in clear

"and could easily be read by a third party".

[rallynavvie]

I use a biometric scanner on my lapper to store password data. There is not "backup password" in case my hands get chopped off but then I don't think I'll have much use for my passwords anyway

The biometric registrations and passwords are in a salted file. I believe it's using 256-bit AES for the hashes so I'm guessing it's pretty safe from attack. However stealing passwords between my system and the destination is still possible you just have to be careful about that. However if someone were to access this file on my system they'd probably just give up.

[thecoalman]

For forums and other general sites I'm just a memebr of I use one username and one easy to remember password. Nothing to steal so what the hell do I care.

For forums I admin , server passwords, bank accounts...anything that can cause mayhem... well I won't tell you what I do. :P

You're only as safe as the weakest link, you can have your password stored in encrypted file on a computer that has no internet connection but you only need a simple keylogger program installed on the computer your using to login with and you are fubarred the second you type it in.

[handiman876]

I personally use RoboForm. It makes keylogger programs useless. They even now have a USB drive version of the program. If you're ultra paranoid, simply unplug your passwords every night and put them in a safe. It also makes filling out order forms priceless since it can also hold/enter your personal info.

[redwudz]

For forums and other general sites I'm just a memebr of I use one username and one easy to remember password. Nothing to steal so what the hell do I care.

That's usually my method also. But some sites require a custom password they assign. I have a box of 3" X 5" cards where I write down all my passwords, along with the dates, etc and other site information. I have to dig through them on occasion for little used sites.

[j1d10t]

I have a box of 3" X 5" cards where I write down all my passwords, along with the dates, etc and other site information. I have to dig through them on occasion for little used sites.

Boy, are we old school or what? I have an address book that I use It's by web site, then I list the user name, password, and security question, if there is one.

Most places I use one of about 5 standard passwords, but then you get these places that insist that your user name and/or password be x number of characters long (longer than most other places), and it must have x number of letters and x number of numbers in it. Pain in the.... And it's not just places like banking sites that will have the extra requirments for username/password - that I can understand.

[redwudz]

Maybe 'old school' but I can just toss an old password record card and put in a new one. And they are color coded cards to separate the different types of sites. A whole lot easier than an address book, IMO.

[lordsmurf]

I use paper.
But I tend to remember most all of mine off-hand. One of the few things I seem to have a good memory for.

[rallynavvie]

Too bad keyloggers don't work with the biometric scanners, technically there are no keystrokes to log. However you're still susceptible to intercepts on your internet connection when not on secured channels. Even when on secure channels you still have to watch out for XSS spoofs or scams.

I'm rather impressed with some of the spoofs that are used to fish MySpace accounts. Even with NoScript and ABP running on Firefox I have to double-check things sometimes. And what are they after anyway? Why all the phishing on a social networking site? To get women's numbers? Have they heard of a pub?

[ahhaa]

Apparently the latest variant on the Liberian scam is to hook somebody on a dating or friendship site, then 'need' a few bucks to come visit from their homeland in Chechnya or Bechyawannaland... that social site profile is gold to them. Also now the photosites are being tapped, according to NPR today.