If you use a different username on every site, how do you keep track of it?

This is how I do it:

I save all account information on a Word doc in the following format:

Site's name: Wilderssecurity
Site's url: https://www.wilderssecurity.com/
Username: ComputersRock
Password: ad654&%$&^&^
Sign up email: ad654&%$&^&^@gmail.com

 

I use Lastpass.

 

All data is encrypted in KeePass database.

 

lastpass!

 

Lastpass for misc firefox browser profile, and keepass for personal firefox profile like important logins

Edit, I use Profile switcher addon to easily switch between profiles

 

Another LastPass user passing by.

 

KeePass. I add custom fields for "Email Address" (obviously, the email address associated with the account) and "Lifetime" (how long between password changes).

 

In my head.

 

Head for truly important passwords, LastPass for headache relief and forgetfulness.

 

Hi,

I use notepad .txt that I fill with data, and keep it encrypted using 7zip (AES) .

For some of the forums I use secure login add-on (with pass). I know this might not very secure but there is no other way for me cos It would be to difficult/time consuming to open/type every time.

also I use cookie manager backup/restore function when I open FF, for a few sites I use, cos everything is flushed after I close FF, and this option is very useful to me.
cheers.

 

There's a portable utility called MemPad that is most useful for note-taking, shopping lists and what not. It offers password-protected encryption:

http://www.horstmuc.de/wmem.htm

 

I use KeePass portable and it works great

 

To take encrypted notes, you might also consider Keynote NF.
http://sourceforge.net/projects/keynote-newfeat/

However, for passwords better to use Keepass/Lastpass/etc.

 

Another vote for MemPad!

 

Keepass/KeepassX does all of this, has portable + cross platform versions (including Linux + Mac OS), is open source, is password protected, has a password generator, and doesn't call out to the internet so no tracking or cloud worries. Only downside i can think of is that it doesn't auto-fill forms.

http://portableapps.com/apps/utilities/keepass_portable

http://www.keepassx.org/

 

I use keepass. And I use it right. Using global autotype keybaord shortcut is painless. Lastpass seems to have some security issues

 

Give me an example outside of that securely salted database theft.

 

I think Lastpass can be dangerous for non security oriented person.
Lastpass stores database on their server and because of that everyone who know your login details to LP db can easily theft ALL your passwords stored there.
Case study: Your friend (Jim) is not computer person, one day he asked/or just search by self how securely store and manage password he use to log in to: private and company mail, several forums, 3 banks accounts in different banks, mobile phone provider website, services like yt, flickr, etc, etc.
Summary he has over 40 different passwords to remember.
He read that Lastapass offers security of his passwords and he will have to remember only one to access to all database.
Everything worked fine for several months but one day keylogger has been installed on his computer - he didn't know about it, he uses AV but this time no alert was given.
Next day he logged in to Lastpass as usual few hours later he received mails from administrators of forums where he had accounts with infromation that your account had been blocked because he was sending spam.
He noticed also all his mails had been deleted and he stored there important information about new financial project for his company.

What happened?
Attacker via keylogger intercepted only one login and one password which gave him access to ALL database with Jims' passwords and access to all of his 40 accounts.
Thats because database wasn't stored localy but on server where everyone can access if have proper login/pass.

With KeePass in this case scenario situation is simple - even if (secure desktop feature) attacker intercept password - it will be one password because he don't have physical access to password database which is stored on your computer or usb drive or other external drive.

 

Yet the user is secure enough not to get data theft malware, RAT, or a zombie PC. Plus the keylogger has to be installed during manual log in of LastPass. Then there's two-factor authentication, one-time passwords, on-screen keyboard, etc.

Really, no password manager is secure in the hands of an insecure person. Heck, they could put the database and password in plain text within a flash drive left out there somewhere.

 

scary stuff... but predictable? what's the point of keeping all passwords with a online service that God knows who can access (a hacker using a intercepted user and pwd, anyone from the company that have access to the DB, anyone that one day successfully hacks the DB, anyone that the company wants to share the info with...)? that's just crazy imo

 

You are right and this is why I use KP instead of LP or other alternatives which offers storing my password db in the cloud.
Remember one thing - with increasing level of comfort, safety decreases.
And it apply not only to computer security terms.

 

Same here

 

Before thinking about absurdity, it's important to not forget about the user. Government snooping aside, LastPass can be made very secure and the company is accountable for their actions (not to mention trustworthy so far).

Also, nobody is forcing you to put everything online, that applies for passwords as well. I simply put the vast majority non-private passwords where it's most convenient, but sufficiently secure.

 

+1 for Keepass.

It will auto-type the correct user name and password for you for the active window at the press of a hotkey (assuming you filled in the site/window title correctly when you made the original password entry). I also use Keefox plugin with it which auto-completes the login fields of sites you visit (although you still need to click the actual login button). It's available on Windows, Mac, Linux, and Android so I can use my passwords on any system or device.

I keep my password database in dropbox so I can access it anywhere, but it requires a keyfile (+ password), and the keyfile I of course only keep on local hard drives of my computers and mobile devices.

 

Guess I am old school. I keep most important passwords in my head. Others which need to be maintained on a system I keep in a hashed file inside a serpent-256 TC container.