Too many websites, too many application forms, too many passwords to keep track of.
I've been told it'd be a good idea to get hold of some sort of Password Vault / Management software. I've always been a bit sceptical about this since in essence it's always seemed like putting all my eggs in one basket. The thing is, I can't realistically remember all
off them, so I'm interested in suggestions.
So are there any recommendations? Preferably something which encrypts the stuff properly, I don't mind paying a small fee if the software is good, but freeware is always a bonus.
Also, if you've got any good reasons as to why I'd be better off without
one, I'd like to hear them. To be honest, I'm still not certain it's a good idea to use one.
Edit: It's freeware.
One additional feature I'd like: If it can keep small strings of text and stuff as well, probably associated with password entries. Things like the answers to questions like "What's your pets name?" and crap that they always ask and I'm never quite sure half the time how to format my answer.
Yes, each entry has a notes section where you can type stuff like that.
I use RoboForm, which is not free (around $20), mostly because that's what work agreed to set me up with. It's good, uses AES encryption, you can store notes, and I synchronize it between work and home via a PDA. After reading KeePass's features, I'd say they're feature-equivalent, so if you're looking for something free, go with that.
KeePass has an OSX equivalent called Keepass X. The databases between the Windows and OSX versions are compatible, so you can maintain a constant directory of passwords between the two OSes.
It works well if you have other data you want to keep encrypted, but it's probably overkill otherwise.
This is the most secure method.
I've got a spare copy of Portal, if anyone wants it message me.
But with all of this stuff, what is the point? Cant a hacker just hack into your password keeping program and get everything like he would normally? I am more afraid of keeping them stored in a program than I am keeping them in my head. If he manages to crack the software he gets everything, yeah? If they can guess your master password then everything is theirs for the taking.
I KISS YOU!
Make sure your master password isn't "dog" and this isn't a danger.
But if its something crazy wouldn't you need another password management tool just to remember the crazy master password?
But then again, what are you supposed to do when you need to log onto a site from a remote location and dont have your password management tool? You'll be locked out until you get home/office/where ever, right?
I KISS YOU!
Don't make it "crazy", just make it strong. You don't need an 80-character upper/lower/number/symbol/elvish password, use something you can remember. Just in case, write down the master password and keep it in a safe deposit box.
Keep a copy of your password database on your laptop. If it's not a computer you control, don't log into sensitive sites with it because 100% there will be a keylogger or two installed.
Actually, one of the things I like about CmdPrompt's solution is that you could ssh into your box at home, decrypt the file and grab the info you need. Or just carry it around on a USB thumb drive or something.
Eh? What's the difference if TrueCrypt encrypts it or if someone else does? The other stuff has the added bonus of browser and program tie-ins.
TrueCrypt has a variety of advanced encryption tech in it, from the useful to the silly. I've never had a reason to keep my password file in a secret hidden partition hidden in unformatted data in a secondary encrypted OS, but I suppose somebody would want to.
KeePass uses AES-256 encryption. It's as good as TrueCrypt unless you're doing all that whacky stuff in the first place. In which case you've kind of defeated the point.