GvillaThrilla
While its not the method I use, I used to teach kids and taught them to draw a design on the keyboard (zse4rfv for example), and if they wanted to get really fancy I taught them to hold the shift key for a couple of the letters to get a really unique password since nearly all passwords are case sensitive. Then, when you need to change your password you can either use another design, or just move where your design is on the keyboard. With a class of 30 kids the biggest challenge was trying to keep them from watching each other\'s hands to try and guess each other\'s passwords.
Chris Maresca
I\'ve used SplashID for years - it\'s available for OSX, Windows, iOS, Android, BlackBerry, etc and they now have a \'cloud\' version. $20 for the desktop, $10 for mobile (pick your flavor). It uses 256-bit Blowfish for encryption and has a built in password generator. Syncs wirelessly device-to-device and will sync between several desktops/mobiles.
As an aside, research has shown that adding random incomprehensible characters to your password does virtually nothing to make it more secure. What matters is length.... So if you want a secure password, just_use_a_really_long_phrase
Wayne Taylor
WOW, what a hassle. Use Keypass (free) or Pasdsword Safe (free).
VirtualGathis
Personally I prefer Keepass. It\'s free open source and you can apply multiple levels of encryption. My password file is triple encrypted with layered AES, Cobra and Twofish. The weakest link there is probably the files password rather than the encryption. I\'m working to add a biometric based key in addition to the password. I won\'t go so far as to say it would be impossible but it would be quite challenging and generally not worth the effort to break it at that point.
Keepass also has a random password generator you can seed to create a truly unique log in credential for every site. Since you have them recorded in keepass and it can supply them to sites the fact that it\'s a random unrememberable password is not so important. The only issues I\'ve had are that it requires a locally installed app and a database file so using passwords across multiple or work machines is not simple.
Francois Retief
I\'m surprised that there\'s no mention of lastpass, especially for online usage.
LessTolerant
Ok, the article falls short of addressing the real that all password keychains have: creating a single point of failure for your security.
Further, the recommended app is little more than what some people I know already do: keep passwords organized in an .XLS file with a strange name that I just type into a search box, and the password list pops up. I used to have a 128-bit cryptographic password to open the file. There really is little difference, and you still have the same single-point weakness.
An iPad app I started using provides a place to put my passwords, pics, numbers, etc., but instead of using an alphanumeric password of frustrating complexity, I interact with a picture of my dog on a slider in a certain pattern. Now how do I get rid of the other 180 passwords in the file........? -LT
Jerome Thomas
Just use a very long nonesensical phrase that is easy to remember. (that\'s all I do) e.g.\" www.mycall.mobi - best mobile directory! \" - who\'s going to crack that!
Mike Hill
To LT:
The iPhone app you are referring to is called Avimir Lite. It eliminates passwords by enabling you authenticate yourself through a personalised authentication method that you specify. Additional features include GPS position locking, authentication by device orientation, authentication by interaction with augmented reality objections. While you could store passwords in it, this is simply a \"Lite\" version that we have developed to demonstrate how Avimir will eventually replace all passwords with safe, very secure and simple 2- and 3-factor authentication methods. We have patents assigned and pending and hopefully we can help get rid of your other 180 passwords in the near future. ;c) -Avimir Management
yrag
A easy and built in way I came up with (I'm sure many others have too, at least on a Mac) is to create a text file with all your passwords the way you want within the built in TextEdit app and export the file as a pdf.
Then open that file with the built in Preview app (an general purpose app to view graphics and pdfs) and within Preview hit 'Save' or 'Save As' in the dialogue box that comes up, keep the format to be saved in a pdf, but 'check' the 'Encrypt' button under that selection, a dialog box pops up to allow you to create a password and to verify - voila!
The essence here on any platform, is that if you can get your password list into a pdf format, you should be able to then encrypt it.
Stan Sieler
I\'ll echo Chris Maresca\'s comments...been a SplashID user for years (in my case: Palm, iPhone, Mac). It (finally) has a decent method of synchronizing accounts/passwords across multiple platforms, much like contact managers have done for years. That means I can update a password via SplashID on the Mac, and get the changes propagated to my iPhone. Of course, it has copy/paste functionality. The one thing I\'d like to see is \"smart\" integration with copy/paste, so I could tell it (or any password manager) \"here\'s the first thing to paste, and here\'s the second thing\" ... then, I\'d paste into the account name field, and then the password field. That matters because there are some sites where my login name isn\'t my \"standard\" one, for various reasons. So, a multi-paste capability would seem like an obvious thing to want :)