10 Free Ways to Track All Your Passwords

June 1 by | 100 comments | Featured, Technology | Tags: , , ,
KeePass

With the proliferation of web services — there’s a new one out each day, it seems — it feels like we’re always creating new accounts, each with a different username and password.

The easy options — using the same password each time or writing them down on paper or in a spreadsheet — aren’t exactly the most secure. In fact, security experts strongly warn against these options as they leave you vulnerable to online theft.

So what’s a web surfer to do? If you’ve got more than a dozen services, you’re not going to remember all of them. It’s time to look into a password manager — and if you’re a cheapskate like me, you want a free one.

Let’s agree, from here on in, to stop using our dog’s name and birth date for our single password. Here are 10 free options for doing that:

  • Firefox or IE: Both popular browsers offer fairly secure ways of storing your username or passwords for different sites, once you enter them the first time. This is very handy, and can save a ton of time. Unfortunately, under certain conditions, the password could be lost, requiring you to enter the password again. And if you’ve been relying on the browser to remember the password, you’re out of luck. Also, this solution is only for online passwords, not for network or desktop passwords.
  • KeePass: One of the most popular password managers out there, KeePass is great because it’s open-source, free and cross-platform — available for Windows, Linux, OS X, and even mobile devices. It keeps all your passwords, online and off, in a secure database, so you only have to remember one master password. Be sure that master password is safe!
  • Clipperz: Unlike most password managers, this solution is online — so you can access it anywhere. And it stores more than passwords — credit card numbers, account numbers, anything really. Storing passwords and other confidential information online can make someplace nervous, but Clipperz uses an encryption method that means not even Clipperz knows what it’s storing. This is a good solution if you need access to your passwords from multiple computers, rather than just one or two.
  • OSX Keychain: If you use a Mac, you’re most likely familiar with Keychain, which comes with OSX. Basically, it’s a password manager that uses your OSX admin password as the master password.
  • KeyWallet: Windows only, this little utility sits in your system tray, and you just pull it up when you need to enter a password. As a utility, it is browswer-independent, which is ideal for some.
  • Password Manager Plus: The Billeo Free Password Manager Plus toolbar works with both Firefox and Internet Explorer, and allows you to store not only passwords but credit card numbers and online account information, and can autofill your information as you shop online or paying bills, for example.
  • Password Hasher: This Firefox extension generates strong passwords for you by scrambling your master password with the site’s name. The passwords generated by this extension are better than any you could come up with yourself.
  • PasswordSafe: This free online service works on any modern web browser, for any OS, and a desktop version is available for Windows or Mac. Basically, it uses an encrypted safe to store your passwords, along with other information including software keys, website logins, pin numbers, email logins and more.
  • Password generator: This is a little bookmarklet that combines your master password with the site’s name to create a stronger password, and one that is different for each site. Very handy and simple.
  • Algorithm: The best solution may not even be a technology solution — remembering strong passwords could be as simple as coming up with a way to change a base password using the name of the online service you’re logging into. For example, if you come up with a base password of “xlg519″ (based on your partner’s initials and your cat’s birthday), you can add the first two and last two letters of a service’s name (“amon” for Amazon) and you’ve got your password!

Some notes on passwords:

  • Never give out your master password if you use a password manager. Be sure you never forget it.
  • Don’t write passwords on a little piece of paper and stick it in your drawer. If it gets stolen, you only have yourself to blame.
  • Password managers may not be safe on a shared computer — it is probably best to only install them on a computer that only you use.
  • Using common information for your password is not secure — such as your birthday, initials, kids’ birthdays, names, etc. And no, “password” is not a safe password.
  • Using the same password for everything is a bad idea, because once that password is discovered, a thief has access to all your accounts.

Leo is a professional writer and blogs about goals, habits, productivity, GTD, simplifying and more at http://zenhabits.net

  • http://www.diggthis.net digger

    Great post! I’ve tired several password managers and couldn’t find a real good one, that will do all I ask of it.

    Thanks!

  • http://www.shokk.com/blog/ Ernie Oporto

    Roboform (not free) is still THE way to work with passwords, and it syncs nicely to a USB keyfob. They even provide a free program for it – GoodSync – if you can’t find another.

  • Pingback: Daily Cup of Tech Tumblog » Free Password Managers

  • bigmusic

    Opera also has a password manager built in. It can be encrypted or not, depending on the users choice.

    Oubliette is also free and open source, it is completely encrypted, but is no longer actively developed. But I don’t really think it needs anything else.

  • http://www.csixty4.com CSIXTY4

    I keep a copy of PasswordSafe on a USB key around my neck. I then back it up every week.

    It’s so much better than my old method of carrying post-it notes around in my wallet.

  • Pingback: Eliminate Distractions; Google Gears; Productive Virtual Workspace; Email Bankruptcy | zen habits

  • Pingback: Keeping Up with Passwords : Joberu

  • http://www.cathday.com.au BillyK

    Hi
    Why not just keep it simple (in accordance with lifehack principles) and use the google spreadsheet available with your gmail account?
    Your passwords are then available from any computer anywhere in the world.
    As a web designer, I have seven zillion passwords to remember – all on my google spreadsheet in alphabetical order
    Cheers
    Bill

  • http://www.forumsblogswikis.com Ryan

    I’ve been using Keyring on my Palm for the past few years and don’t have any complaints. It’s free (almost always a plus), keeps everything under a master password, and if you want it’ll generate passwords for you.

  • http://www.ablewise.com Ablewise Free Classifieds

    Keepass gets my vote from the list. To push it to the next level, place Keepass on a Portableapps enabled thumbdrive. Then you can bring your password around.

    Truly handy if you are a road warrior.

  • http://domestikgoddess.blogspot.com Jen / domestika

    I’m a Clipperz fan. I like having the option of web access or offline, with the ability to load a compact version of either one in Firefox sidebar. Excellent support from the developers, too.

  • Belial

    Just as a matter of interest, has anyone looked at the security implications of any of the packages or solutions that have been recommended here?

  • Rajul

    I have been using Password safe for many years and never have any issues with it. It also types in the user name and password on a web page using a shortcut and suggests a strong password.

  • Pingback: Secure & Track Your Password - ZePy

  • Frying Dutchman

    I’ve been using Ked Password Manager for quite a while now. It offers both a GUI and CLI, which is all I care about ;-)

  • Eric

    I like the gnome Revelation application, and it’s companion panel applet. You can easily navigate to the site and then paste in the userid / password. All stored in one encrypted file for easy backup.

  • brothajohn

    well I don’t know about webdesigners, but I must use about thirty or fourty online services and for me the algorithm method has never failed. No software, no books, no memos, just memory, the in-my-head kind so it works both online and off.

  • http://www.foronceandforall.com Azhar

    Something called SuperGenPass leaves all of them in the dust (google it). Probably the best password system invented, check it out.

    It generates unique secure password for each domain from your master password. Now with 14 characters, THATS security.

  • https://www.passpack.com Tara (PassPack)

    Hello.
    I’m a founding Partner at PassPack – a free online password manager. Alas, we’re missing from your list…

    http://www.passpack.com

    :)

    @BillyK
    Google spreadsheets are not safe as they are not encrypted. If you are storing your client’s passwords (I assume domains and FTPs etc) then you are putting them at risk. Please choose a password manager – it doesn’t have to be PassPack – any password manager will do.

    Cheers,
    Tara Kelly
    PassPack Founding Partner

  • http://webiest.com psytek

    Great article. We’re actually looking to upgrade our password system at work. We use password safe and so far It has been good. The only thing we are missing is the ability to add roles / multi-user capabilities. So instead anyone with the master password has access to all of the passwords, instead of a group of passwords assigned specifically to them. Does anyone know of a program that is multi-user? Please leave a comment here if you do.

  • Kyle

    Pastor is a good OS X option. It’s cocoa native.

    http://www.mehlau.net/pastor/

  • http://www.gamepicking.com leo

    thanks for the list. i used open office spreadsheet (Calc) and save the file with password.

    the algorithm approach is interesting, i used it sometimes also, but what is the chance that someone (with access to forum login and password) had a glimpse of yours, and figure out your algorithm? and then, they’ll have all your passwords…

  • Pingback: Things that matter » Blog Archive » 10 sposobów na zapomniane hasła

  • David J

    I have been using keepass for the past 3 or 4 years. I think it is one of the best password mangers out there.

  • http://infomaniaworld.com/modules/wordpress Ellen

    Another online solution is Passpack which I have been using for a couple of months now and enjoy having easy access to my passwords.

  • http://www.actioneer.com/ Tom

    Actioneer is a new free “invisible” password manager that enables very easy keyword access to about 100 popular sites including many password-protected sites and also provides secure storage for other passwords and data. It has both desktop and portable versions for use with USB drives.

  • http://www.allroundnews.co.uk/ shamess

    Actually, I’m one of those people that does have all the same password for every website. However, I’m also one of those people who use capital letters, numbers and badly spelled passwords, so I think that annuls the insecurities of using the same password.

    I just remember all of my passwords. I really don’t feel safe storing them somewhere.

  • http://www.fazalkhan.co.uk Fazal

    I’m surprised to see that sxipper is not listed here. I find it’s the best most versatile cross platform password manager in Firefox.

  • Jan

    I keep my password on my Treo, in a little program called Secret. At least I always have access to my passwords, they’re securely encrypted and I have a backup on my PC!

  • Pingback: blog.gkaindl.com » Mac Tip: Encrypted Storage

  • Andrew

    On my Macintosh, I’ve been using 1Passwd http://1passwd.com/ for a year or so and I love it. It has all the right features for me: strong security, easy back-up, easy transferance from one computer to another, and a “secure notes” feature where you can store arbitrary text inside your password-protected, encrypted keychain. The developers are responsive and professional, and the program has been flawless for me (using OSX 10.4 and Firefox) for over a year.

  • Pingback: Il Liceo » Blog Archive » Security: Track your passwords ten different ways

  • http://www.roundtripsolutions.com John A Thomson

    KeePass for me, although I’ll maybe check out some of those on the list above.

  • Richard

    This is a program I have been using for a few months. It allows you to store text in a text file that is password protected.

    https://www.steganos.com/us/products/home-office/locknote/overview/

  • http://markmathson.com Mark Mathson

    I got some great responses via Answers on LinkedIn regarding PasswordSafe. Here is a link http://www.linkedin.com/answers/technology/information-technology/information-security/TCH_ITS_ISC/48996-8677007 if you are interested.

  • http://chrischris-crockett.com Chris

    Great Ceasar’s ghost. Anyone who would use an online password manager, or any kind of password manager that stores their passwords outside of their own control needs a serious tinfoil-hat adjustment. I’ve been using PasswordSafe since the time it was still Bruce Schneier’s baby and have never looked back.

  • http://www.gaeso.org/ admin

    This is a great collection of list for storing your password.

    but for me the best is my brain… really!

  • http://www.edwinek.com Edwinek

    I second Ellen on PassPack. Very nice solution with client side encryption. And anonymous. They don’t even know your e-mail address.

  • http://www.subcorpus.net/blog/ subcorpus

    i use a mac at home and i never used keychain …
    if it saves so much time …
    i guess its about time i check it out …
    but as most … i have some reservations about stpring all my passwords at the same location …
    *shudder* …

  • Chris

    Please don’t confuse PasswordSafe.com with the awesome and totally secure Password Safe written by originally by Counter Pane (Bruce Schneier) and now maintained at SourceForge. If you want one tip, use this product.

    http://sourceforge.net/projects/passwordsafe/

    PS. I can’t believe the author would condone putting your private passwords in any online system. Madness!

  • Pingback: Monday Morning Links Serving: The June 4th Edition | [Geeks Are Sexy] Technology News

  • Pingback: oriolrius lifestream » 10 Free Ways to Track All Your Passwords - lifehack.org

  • http://digg.com ff1959

    1passwd works for me. Ditch those IE and FF weak encryption schemes.

  • Pingback: Mujeres TIC » Blog Archive » 10 programas gestores de claves y algunos consejos

  • Rob S

    Have any of these programs mentioned been checked for spyware or malware, or is that just being overly paranoid?

  • Pingback: Sotto l’ombra degli olmi » Blog Archive » Dove ho scritto la password?

  • Pingback: Dieci modi per ricordarsi le password

  • http://incumbent.org/ emory

    Of course, you could just ask Service X to support OpenID.

  • http://endoflist.blogspot.com Ananth

    Another way – Gmail.

    1. Have a label like ‘Registration’. All mails having login/registration/password info will have this label.

    2. Most of the web services send a mail with registration info and verification link. Label it registration.

    3. If the password is not in the previous mail, reply to yourself, with a hint about the password.

    I keep 2 or 3 standard passwords. An easy one for trying out new sites, one very strong one for important, sensitive sites like gmail etc.

    So the hint goes like “the easy one”, “the easy one+amazon”

    3. Next time, just search in gmail. ex: “amazon label:registration”

  • http://www.librosbudistas.com vajra

    I use a small inexpensive address book (made of cardboard & paper). It cannot be hacked, cannot be broken or corrupted. Just to make sure it is safe from ordinary theft too I break my passwords into standard elements which are represented by abreviations.

  • Pingback: Keep your passwords safe... for free

  • http://www.niftysoftware.com Daniel McPherson

    Hey Folks,

    You forgot about us!

    Small, open source application for storing your passwords, and all those other “little bits” of information:
    http://www.niftysoftware.com/Products/Latito/default.aspx

    Anyway, it has clipboard integration, custom item types, fast and simple search, install and run from memory sticks, stores in XML with option to encrypt.

    Anyway, we would love you to take a look.
    Daniel

  • Pingback: lo-fi librarian» Blog Archive » This Week’s Useful Tools

  • Pingback: Cool Websites and Tips (makeuseof extra #62) » MakeUseOf.com

  • http://www.sheepfrenzy.com Frank

    Better than using yet ANOTHER program just to track your passwords, use a single strong password and intersperse the first few letters of the site you’re using the password for.

    For instance, let’s say your pet’s name is Clover and you like to use the name as your password. Add a couple of letters and a couple of uppercase letters to make it ‘cLo31Ver’. This is already a strong password but now apply it to your eBay and Amazon accounts, using just the first four characters of the websites:

    eBay:
    cLo31Ver becomes ecBLaoy31Ver (type password, hit Home key and enter the letters of eBay, pressing right arrow after each letter)

    Amazon:
    cLo31Ver becomes AmazcLo31Ver (easier to type, and just as strong – just type the first four letters of the site you’re on and then your base password)

    This is easier to remember and implement, and you won’t have to change passwords all the time, or remember the password for your password program!

  • Pingback: MattsCuppa Link Roundup for 6-11-2007 « Matt’s Cuppa

  • Pingback: Administrar nuestros passwords para no olvidarlos « el50

  • EdM

    My dream list of password functionality (all accomplished by KeePass):

    1. Never have to think up another password (have them randomly generated for me)
    2. *Never* have to remember *any* password (in fact, make them all so outrageously long and complex (read secure) that they are absolutely impossible to remember)
    3. Never have to copy/paste or drag/drop any login data to any login form (do this with a universal hotkey that “senses” which login you’re at and automatically enters all data in all required fields)
    4. Have the option of a master keyfile so that I don’t even need to have or remember a password for the password manager itself
    5. Fine tune macros that can defeat keylogging threats.

    It’s KeePass hands-down for me.

  • Ian

    Frank has a great idea there though I wouldn’t use a pets name, use a random word out the dictionary. The downside is that it takes time to remember and more time to learn to type in an unnatural password like that fast.

    Th responses here do seem to show very paranoid who perhaps believe too much of what they read, but I understand that fear because always somewhere along the ‘line’ is a human (perhaps a programmer), and one way or another there is the potential for human error. Still I would use an online password manager if it’s efficient and easy to use.

    I have been using Roboform and have hundreds of passwords in there, but now I have a Mac and there is no Mac version.

    I am glad to find banks stop password managers from being used or just can’t be used, but I just wish my bank would use a system I can actually remember the password for!

  • Pingback: RickRey.com Blog » Entries » links for 2007-06-16

  • Pedro

    Storing password with Firefox can be dangerous if you lend your computer even for a few minutes : showing all the passwords does not require the main password!

    I consider this as a major security flaw.

  • Pingback: Business Hacks » Free Ways to Organize and Protect Your Passwords on BNET

  • Pingback: Die Passwörter im Handgepäck immer dabei « WIRtschaft-AMateur-THEATER

  • Nathan

    Leo,

    I’m with Chris above. PasswordSafe.com != Password Safe, the excellent (now open-source) program created by Bruce Schneier, a noted cryptography and security expert (http://www.schneier.com/passsafe.html). You should update this post, at the very least to correct the error of associating the web site with the app, and better, to link to the home of the app (http://sourceforge.net/projects/passwordsafe/) rather than the web site, which doesn’t look all that secure, IMHO.

  • http://carol1969hoffmanyahoo.com carol

    i need help on my password i for got it and im not on it now useing a friends right now to find a way to fix it can you help me fix my logon windows xp password

  • Scott

    PassPack gets my vote. Check it out a https://www.passpack.com/

  • http://www.SwitchEmail.com Raj Vats
  • http://www.bleachanime.org Bleach

    I’m a happy user of Firefox and Mac’s Keychain. :D

  • http://www.articlessearchengine.com Jay

    Really great tips!! Let’s have Single Login Window to our all sites!!

    Jay
    Articles Search Engine
    http://www.articlessearchengine.com

  • http://mainstream-guides.com eisenworks

    In my most recent review of password managers, I found myself focused on physical portability, which is an issue for me. I want access to the same data at home, at work, and on the road, with a minimum of hassle. A desktop application that I have to install on my computer’s hard drive is a non-starter.

    There are two basic solutions, as some of you have commented: You can carry program and data with you, say, on a USB flash drive. Or, you can use an online service, accessible from any computer that has a browser and a live connection to the internet.

    KeePass works admirably for the first approach. I wrote a screencast on it here:

    http://mainstream-guides.com/keepass

    PassPack is one of the new breed of Web 2.0 services, which means it behaves more like a desktop application, having an attractive and responsive user interface. I wrote a screencast on PassPack here:

    http://mainstream-guides.com/passpack

  • Pingback: Protect Your Passwords! « Secreatine - Security On Creatine

  • Pingback: Comment on 10 Free Ways to Track All Your Passwords by Protect Your | Creatine Monohydrate

  • Pingback: Comment on 10 Free Ways to Track All Your Passwords by Comment on 10… | Creatine Monohydrate

  • Pingback: Comment on 10 Free Ways to Track All Your Passwords by Comment on 10 | Creatine Monohydrate

  • Pingback: 10 Free Ways to Track All Your Passwords — Clocks and Watches Blog

  • Pingback: Year in Review: The 70 Best Lifehacks of 2007 - Lifehack.org

  • Pingback: Säkerhet och Lösenordshantering - Ohsohightech.se

  • Pingback: My Get Things Done List » Blog Archive » Eliminate Distractions; Google Gears; Productive Virtual Workspace; Email Bankruptcy [zen habits]

  • http://www.xn--rusatercman-o9a2z.com Rusça tercüman

    Your comment contains very useful information about all thank you rusça tercüman

  • Pingback: I Have Too Many Online Passwords | Prime Time Money

  • Pingback: rosweed » 10 Free Ways To Track All Your Passwords.

  • Sish

    For all the people relying on their heads for security; whether running algorithms or recalling data they’ve the greatest risk of losing all their computer-life instantaneously. it only takes one real-world, physical accident to obliterate all the contents of your head with no way of recovery. Even meat heads need back-up

  • Kay Tachibana

    I’ve been looking for a good password manager and I still haven’t found a good one which supports what I need.

    I was using KeePass in a Japanese Windows Vista, writing the descriptions in Japanese. Then I took the database with my thumb drive, trying to open it with another computer which is using US locale. All the descriptions I’ve entered became “?????”. Horrible. I know that it can be fixed by downloading AppLocale and use it, or just change the computer’s locale to Japanese, but then what if the computer I am currently using doesn’t let me install AppLocale or change the locale? Or even if I can do it, it will be such a pain everytime I want to login on another computer.

    I’ve been looking for a password manager which is a unicode application, but from what I’ve found, none has KeePass features. But to use online password manager seems a bit desperate, and the security is worrying. What if someone stole all the passwords and able to decrypt those?

    *sighs* Managing passwords can sure be difficult.

  • http://www.animeopenings.com Anime Guru

    That is a nice comment it contains lots of important info, thanks!

  • Pingback: Why Haven’t You Organized Your Passwords? - Stepcase Lifehack

  • Ben

    woah, when did you guys redesign?? Your archives say it was April 28th? I didn’t even notice… thanks to google reader.

    Anyways, I think this password algorithm sounds like a great idea, but why do you need a password manager? I use an OpenOffice database on an encrypted partition on my hardisk. I just fill out a form whenever I sign up for something new, easy as pie. Of course a spreadsheet would work too.

  • Niko

    Cute Password Manager is a free one. Keep your passwords more secure and do auto login websites

    http://www.cutepasswordmanager.com

    • Mshahid

      can u help me i want to trace my cousin skype id reply me

      • Nikhil Khandekar

        Get lost you pervert.

  • Mike

    These solutions as far as I can tell include various combinations of strong passwords, and various levels of strong encryption. But they all seem to be missing intruder detection. What happens if someone gets a copy of your password safe? They can hack against it until they have your master password, then they have all of your passwords in a nice organized tool.
    Any complete password safe will include intruder detection that will lock or even destroy the password safe if too many bad password attempts within a set timeframe are attempted. Is anyone aware of a product that offers these features?

  • http://googlewepinyahoo.com raed ahmad

    hlo iam is raed ahmad

  • Pingback: OpenID « Judicious Web

  • Pingback: #25: &!#@% Passwords « Work Smarter Not Harder

  • lanry

    i have a problem with my PC can you pl help ?
    my kids lock it with unknown password and since i can’t unlock and don’t know what to do ,,,,,,,,,can you help please

    • Nikhil Khandekar

      Hey lanry, that’s ever so simple…give the kids a very special treat and a resounding kiss each. They’ll tell you the password and what to do and everything. No point in asking strangers when the most accessible folks hold the key. Best.

  • Pingback: Why Haven’t You Organized Your Passwords?

  • spuravi
  • Shani_besmart

    ap sub ki ma ko lun mujhe b batao kasy hack hota ha passward yahoo ka

  • Nikhil Khandekar

    Sure, that sounds nice…a free service. I’d ask, “Why is it free?” and “What’s the guarantee that my passwords won’t be accessible to another soul on the planet if I kept them here?” I’ll definitely not imagine the security. Need solid proof.

  • Elided Zhuzhingo

    i use optimum online how do i keep my user ID and password on