4 Ways to Manage Your Passwords Better

April Gilford asked me an interesting question recently:

“…I need a high-security password management program, preferably free. What can you suggest? My log-ins and passwords are getting out of hand as my online presence increases. I need something to keep them organized but secure…”

If you’re in the same boat – here are 4 different ways you can go about it:

1. Use master passwords

Instead of using different passwords for different sites, try simplifying the process. Try using…

One password only for sites which need maximum security (e.g. email). Keep the number of sites on this password to a bare minimum so you can change passwords easily.
One password for sites I think can trust (e.g. Digg.com)
One password for sites I don’t really know much about

…When in doubt – use the less secure one. This layered system helps ensure that if any password leaks occur – it should be properly contained.

2. Lock up your passwords with KeePass

KeePass is a free/open-source password manager or safe which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key-disk. So you only have to remember one single master password or insert the key-disk to unlock the whole database.

What I like about it is that it’s lightweight, portable (can be put on a thumbdrive), and extensible (look for the plugins on the KeePass homepage to get more features).

3. Generate and store hashed passwords with Firefox Password Hasher

Password Hasher is a Firefox security extension for generating site-specific strong passwords from a master key and a site specific keyword.

Here’s the concept:

Let’s say for example your master password is “readfriedbeef”, and the site in hand is digg.com

With those two parameters – Password Hasher will generate a complex hashed password e.g. “dmZ3)nkU” , which you can use (and store on your PC). Given the same master password and site, Hashapass will always give you the same result. That’s so you don’t have to store your generated passwords anywhere.

The advantage is that it’s incredibly secure, but the drawback is that it works best only if you use a machine with the Password Hasher extension installed or you will probably never be able to remember your complex hashed password.

You can however attempt a workaround by carrying a portable version of Firefox with you with the Password Hasher extension installed or use the online version.

Firefox browsers only of course – Internet Explorer users, please feel free to upgrade :)

4. Export your Saved Firefox Passwords for Easy Reference

Password Exporter is a Firefox extension allows you to export and import your saved passwords and rejected sites between computers. Your passwords will be exported to an XML or CSV file and can be encrypted if you want.

You can then use this as a reference guide stored on your computer.

Bonus tip: These passwords were listed by PC Magazine in May 2007 as the most commonly used passwords around:

password
123456
qwerty
abc123
letmein
monkey
myspace1
password1
blink182
(your first name)

Don’t use them :)

What password tips do you have? Tell us in the comments!

[tags] security, tips [/tags]

web development company

wow, this post is extremely helpful for my online business because the password security is much necessary, hackers always try to crack it for doing their fraud work . .

share flag

spam
offensive
disagree
off topic

Eric

Encrypted Google Spreadsheet accessed via SSL (https). Available from any computer, free, and secure.

Baz L

I used to stay away from those password managers, both online and offline. The reason is that they were just glorified excel lists and most had a password generator.

I've never heard of Clipperz though. The automatic login part is intriguing.

One tip I've found interesting is having a root password and appending different things to it based on the account.

Eg. root = root3 (through in a number cuz some require)
gmail password: root3gmail/root3gmail.com

This way you have a relatively short password to remember, but you solve the password length problem with with concatenation.

Kannan Durai

I know few languages . so mix the words from two different language to make a password.

encik wan

As a proponent of KISS principle, I use 3 master passwords for 3 classes of sites. If a site requires change of password every month, e.g. online trading account, I will append the month of change into the password.

Linda

I use an Excel spread sheet, alphebetized listing the name of the site, the URL, my user name and password.

James Yeang

@April - my pleasure@Syahid
Ali & Ellen - thanks those are brilliant tips

Ellen

I use Clipperz, an online password manager with auto login to sites which eliminates keystrokes of entering in user name and password. I like it a lot because I change up my passwords more than I did before. For bank and credit card I use their password generator to create totally random passwords and I do that frequently.

Another site is PassPack which is very similar though you are limited to 100 passwords for free and then there is a fee whereas Clipperz so far is free.

Some people take issue with using online solutions such as Clipperz and PassPack but I find their terms of security reassuring and took the leap with Clipperz.

Syahid Ali

RoboForm is quite a good alternative to store web based passwords. The downside is that the free version only supports up to 10 passwords if I was not mistaken.

April

Thanks for the answer! I am definitely going to give KeePass a try.