Helping people with computers... one answer at a time.

Today - with the need to register online for everything, the personal overhead in creating and managing user-id's, account names, and passwords is getting out of control. I use a separate MS-Word document to track all this stuff. I use different level passwords (level 1-3) where Level 1 is for stuff I do not care about and is open through Level 3 which I rarely use on things like online-banking, etc. In the MS-Word document I do not actually record the password - I trust myself to remember this, but I do annotate the account with the specific level password I use (level 1, level 2a, etc)

This actually works OK for me, but still - I need this MS-Word document to remember all my references and if I am not on my own computer, I am a bit lost... I was a thinking of maybe putting this on an FTP site, but I am concerned for the obvious security issues.

I cannot be alone with this problem. Is there a better system out there? A personal password management system that enables me to access all my accounts and level passwords in a secure manner? I see there are things like PasswordLocker, but I am not sure I trust the security piece.

Do you have any suggestions?

My approach has changed since this article was written. I now recommend and use Lastpass. See Managing Lots of Passwords for a video demonstration (with transcript).

First off, I have to say that your approach is already pretty good. The fact that you're not actually storing the passwords themselves, but just a mnemonic device for yourself, is an excellent technique that most people don't think of.

My approach is similar, I use different "levels" of passwords, for example, but I use Excel instead of Word.

I have a spreadsheet in which I keep all the sensitive information, and that, then, is kept in an encrypted virtual drive using free open source software called TrueCrypt. I've written about it before, discussing how to keep the data on my laptop secure.

Unfortunately I don't really have a good solution for access anywhere without having your own computer in front of you. Your approach using numbers to represent passwords seems reasonably secure, and I'd probably be ok with putting that on a password-protected website or ftp site. Even if someone did get that list, they would only get your mnemonics, and not your actual passwords. It would take a little work, but depending on how server-savvy you are, you could encrypt that on the server and only decrypt on demand when the correct passphrase is supplied. You could further put it on a secure (https) page so as to prevent network sniffing.

The more common approach is to use a USB thumb drive with the data thereon encrypted. Even a small inexpensive one is large enough to carry both the data you care about, and the decryption software needed. The downside, of course, is that to access the information you'll need access to a computer with a USB port, and an operating system compatible with the decryption software. TrueCrypt, for example, is Windows only. In a case like this, I would keep the data in a plain text file, so as not to require an additional program, like Word or Excel, to view the data once it's decrypted. And I'd certainly keep an UNencrypted version in a secure location as backup.

Most password management programs that I've seen all boil down to something very similar: an encrypted database with a secure UI to view and alter the contents. I've come to avoid those programs simply because their encryption is often unproven, the database formats non-standard, and like you, I'm just not sure I always trust them.

And they don't solve the access-anywhere problem that you're asking about.

So I know that didn't answer your question about alternatives, but given your approach, I'd be ok with the information on a password protected ftp site. Hopefully I've given you some additional approaches to think about as well.

Article C2361 - May 29, 2005 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

14 Comments
auctionhugh
June 1, 2005 9:48 AM

I use AI Roboform http://www.roboform.com/ . It has the weaknesses you mentioned, but I have it loaded on my work and home computer. When I add a new password or login, it has a function to email it. So I email it to myself and save it both places.

This does not resolve the "on the road" problem but it works great for at work and at home.

__________________________
Let Kathleen build your small business web site OR help you maintain your site when the workload gets too heavy!
http://www.kallenweb.com

Walter
June 4, 2005 6:10 AM

I keep all of my passwords encrypted in an electronic organizer that is always with me.

Betty Law-Morgan
June 6, 2005 8:11 AM

I'm a huge fan of AI Roboform. They even have a USB drive version which I carry on my USB drive and use anywhere without putting any of my information on that computer. They even have a version for Palm OS.

Glen
January 26, 2006 9:01 AM

I use a free program called PasswordCorral. You can access it at: http://www.cygnusproductions.com/

Has some very nice features, such as, encrypted export, will backup your data each time you exit the program, etc.

ian
February 2, 2006 10:09 AM

how can i put a password on my Documents

Leo
February 2, 2006 2:15 PM

That depends entirly on the program used to create them. Some have password support, though it is often easy to crack.

Alternatively, use a compression program like WinZip that supports password protection. Again, a little harder to crack, but still crack-able with enough resources.

Finally - use the techniques outlined in this article and the article it points to. THose are the most secure approached I'm aware of.

qufkr@blog
March 12, 2006 11:06 AM

I use my personal password hashing algorithms that takes domain name as input and gives password as output. you will have different passwords for different websites and all you have to memorise is your algorithm and nothing need to be written down except usernames. I have two algorithms: one for most websites, the other for security-required websites. the former takes 5 seconds to compute in my mind. the latter takes 30 seconds because it is more complicated. If there is a security-required website I visit frequently, I just memorise the output password rather than takes 30 seconds to compute the output each time i visit the website. All hashing computations don't have to take place in mind, you can use online numeric calculators or online md5 caculators as assistant.

Free Form Filling Software
May 8, 2008 6:43 PM

I have been using Roboform for a year now. I love the program, and don't know what I would do without it. I would recommend it. I made a quick video about the program and posted it on squidoo

Douggie
August 24, 2008 12:22 PM

I travel a lot and refuse to carry a computer with me because I am older (66) and will not be a packmule .... So I carry the least amount of stuff possible, I travel light and fast.

I also found that I need to have access to passwords for Alamo, etc so I can keep moving forward, efficiently and with the least amount of baggage possible. In these days of airlines charging for extra bags, fuel charges, etc, there's many reasons for packing light All I do is load my passwords in an ascii text, password protected file on my cell phone. (remember that back in the old days of dos and cpm operating systems?)

I use a free program called "mj book" downloaded from Russia ..... it is a real simple program that will convert ascii files to game file format so books or other simple text files can be read ... Works like a champ when traveling or sitting at the local resturant .... All you need is your cellie and your main password to get into the protected file, keyword search for the password or just page down the list. It suits my needs, simple, fast, lightweight and FREE!

M
November 27, 2008 5:42 PM

You can also store them on a secure web-email account you keep just for that purpose.

So, then they're accessible, whether you're on a home computer or not. And of course, you probably won't need them for non-internet conencted devices, so you'll be able to access an email account at the same time as surf the web.

The idea of using mnemonics can work this way too. Just store them in an email you've sent to yourself, or put in a draft folder. etc.

I don't know about encrupting them for online, but perhaps if you added them as an attachment to your email/draft, you could add extra security measures?

Jeff
August 6, 2009 8:18 AM

At work at http://www.bluefiremediagroup.com/ I like to use a word doc and back it up in a spread sheet.

Don Kirkland
August 10, 2010 1:03 PM

I use AnyPassword and I love it. It keeps all the info together in a directory structure including the URL, username and password plus misc info like security questions, etc. It automatically encrypts everything when you save so you only have to remember one password (the one that opens AnyPassword). I keep it on a thumb drive in my pocket so I always have it with me. I back it up to my home computer whenever I change anything. It is free from http://www.anypassword.com/download.html in its basic version and that is all I have ever needed.

make money from home
January 30, 2011 2:38 PM

I have been using Roboform for years best bit of software.

Michael Pipkins
March 21, 2012 9:32 AM

Why not use a password book like, "The 5th Dimension Password Keeper".

This password book is not like any other. With this book, you use a seperate complex password for each account, but you never have to worry about remembering it because the password is hidden within a matrix grid of random characters.

It is really safe and secure. You have easy access to the password but it doesn't matter if anyone else gets ahold of the book - because without knowing where it is within the matrix, they will never be able to crack it.

It's a simple idea - but really effective.

You can find it on Amazon. Give it a look.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.