Ask HN: Where are you storing your passwords?

I use KeePass (http://keepass.info/) to manage all of my passwords.

From their website:

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

I'm always keen to manage my passwords in the best possible way, so I'll be following this discussion closely to see if I should be modifying my tools and practices.

In my head =D

At first I used one password for everything. Then two, but that was a accident (ie: I forgot to change one default auto-password but got so used to it that I started to use in other places).

Then the first one was cracked. I changed passwords in lots of places, and started to use 3 passwords total.

As this kept balooning, I decided to instead create rules for my passwords (rules that only make sense to me, of course, they are totally arbitrary and almost random).

The result is that I have now about 20 different passwords, but I can remember them all with enough effort. Sometimes there are a random site that I don't used in a while that I cannot login at first, but as I try several of the possible variations of my rules, eventually it work (erm... or not :P this had happened a couple times already, and I needed a password reset).

My associate use lastpass.

I'm surprised LastPass hasn't been mentioned yet. I've had nothing but good experiences with the company and the product itself. It is primarily a browser plugin for storing web passwords and sensitive information but you can also use the secure notes feature to store passwords for other applications. There are several multi-factor authentication options available as well.

This topic comes up all the time. You might want to do a search and sift through some of the other popular threads.

Me, I am having them all stored in my mind. But I made it a little bit easier for me. I do have 3 standard-passwords, that I change twice to thrice a year. Each one of them is used on multiple accounts - but, everyone is appended by something specific for every usecase.

For example: d453ER#T p0NY_jondoe@MoogleGail could be a password for one GMail-Account with the alias jondoe, while for Facebook, the passwd might be d453ER#T p0NY_jondoe@Fratzenbuch (Fratzenbuch is German denigration for facebook) for the FB-Account with the GMail-Adress from above.

I hope this did help you...

I store the first and last characters of my passwords in plain text on my local machine. It's enough to remind me what my password is, while still remaining unknown for anyone else.

Well, actually my browser homepage is a simple HTML file carrying all my bookmarks, residing locally on my machine. This is much better than having a largely blank Google home page and having bookmarks additional clicks away. This HTML file has website links together with the first/last password letters next to them.

I use Keychain on Mac OS X to store passwords automatically and I make password protected notes for sites or apps where passwords are not recommended correctly.

I make general rules for passwords and follow those. I also use poor, easy memorisable passwords for various sites that I don't deem important but require a login and password.

I have a random 8-letter password memorized (includes uppercase and numbers), but I prepend the first 2 characters of the md5-hash of the service's/website's name. That way I just have to quickly open a terminal whenever I forget a password.

I recently learned about YPassword and I think it's a similar idea.

LastPass with a premium subscription so I can use the mobile app.

I chose LastPass as I use Linux, Mac and iOS daily. I used to use KeepPassX, but eventually found that LastPass fit my usage patterns better.

1Password on OSX is one of the only blockers from using Linux as my primary desktop right now- I've tried LastPass, KeepPass, and others, but haven't found anything that works as well ;(

After reading Moonwalking with Einstein I started to exercise my memory skills and now I just use my brain.