10 Free Ways to Track All Your Passwords
With the proliferation of web services — there’s a new one out each day, it seems — it feels like we’re always creating new accounts, each with a different username and password.
The easy options — using the same password each time or writing them down on paper or in a spreadsheet — aren’t exactly the most secure. In fact, security experts strongly warn against these options as they leave you vulnerable to online theft.
So what’s a web surfer to do? If you’ve got more than a dozen services, you’re not going to remember all of them. It’s time to look into a password manager — and if you’re a cheapskate like me, you want a free one.
Let’s agree, from here on in, to stop using our dog’s name and birth date for our single password. Here are 10 free options for doing that:
- Firefox or IE: Both popular browsers offer fairly secure ways of storing your username or passwords for different sites, once you enter them the first time. This is very handy, and can save a ton of time. Unfortunately, under certain conditions, the password could be lost, requiring you to enter the password again. And if you’ve been relying on the browser to remember the password, you’re out of luck. Also, this solution is only for online passwords, not for network or desktop passwords.
- KeePass: One of the most popular password managers out there, KeePass is great because it’s open-source, free and cross-platform — available for Windows, Linux, OS X, and even mobile devices. It keeps all your passwords, online and off, in a secure database, so you only have to remember one master password. Be sure that master password is safe!
- Clipperz: Unlike most password managers, this solution is online — so you can access it anywhere. And it stores more than passwords — credit card numbers, account numbers, anything really. Storing passwords and other confidential information online can make someplace nervous, but Clipperz uses an encryption method that means not even Clipperz knows what it’s storing. This is a good solution if you need access to your passwords from multiple computers, rather than just one or two.
- OSX Keychain: If you use a Mac, you’re most likely familiar with Keychain, which comes with OSX. Basically, it’s a password manager that uses your OSX admin password as the master password.
- KeyWallet: Windows only, this little utility sits in your system tray, and you just pull it up when you need to enter a password. As a utility, it is browswer-independent, which is ideal for some.
- Password Manager Plus: The Billeo Free Password Manager Plus toolbar works with both Firefox and Internet Explorer, and allows you to store not only passwords but credit card numbers and online account information, and can autofill your information as you shop online or paying bills, for example.
- Password Hasher: This Firefox extension generates strong passwords for you by scrambling your master password with the site’s name. The passwords generated by this extension are better than any you could come up with yourself.
- PasswordSafe: This free online service works on any modern web browser, for any OS, and a desktop version is available for Windows or Mac. Basically, it uses an encrypted safe to store your passwords, along with other information including software keys, website logins, pin numbers, email logins and more.
- Password generator: This is a little bookmarklet that combines your master password with the site’s name to create a stronger password, and one that is different for each site. Very handy and simple.
- Algorithm: The best solution may not even be a technology solution — remembering strong passwords could be as simple as coming up with a way to change a base password using the name of the online service you’re logging into. For example, if you come up with a base password of “xlg519″ (based on your partner’s initials and your cat’s birthday), you can add the first two and last two letters of a service’s name (”amon” for Amazon) and you’ve got your password!
Some notes on passwords:
- Never give out your master password if you use a password manager. Be sure you never forget it.
- Don’t write passwords on a little piece of paper and stick it in your drawer. If it gets stolen, you only have yourself to blame.
- Password managers may not be safe on a shared computer — it is probably best to only install them on a computer that only you use.
- Using common information for your password is not secure — such as your birthday, initials, kids’ birthdays, names, etc. And no, “password” is not a safe password.
- Using the same password for everything is a bad idea, because once that password is discovered, a thief has access to all your accounts.
Tags: 
Loading ...
Comments
digger says on June 1st, 2007 at 11:55 am
Great post! I’ve tired several password managers and couldn’t find a real good one, that will do all I ask of it.
Thanks!
Ernie Oporto says on June 1st, 2007 at 12:32 pm
Roboform (not free) is still THE way to work with passwords, and it syncs nicely to a USB keyfob. They even provide a free program for it - GoodSync - if you can’t find another.
bigmusic says on June 1st, 2007 at 1:48 pm
Opera also has a password manager built in. It can be encrypted or not, depending on the users choice.
Oubliette is also free and open source, it is completely encrypted, but is no longer actively developed. But I don’t really think it needs anything else.
CSIXTY4 says on June 1st, 2007 at 5:19 pm
I keep a copy of PasswordSafe on a USB key around my neck. I then back it up every week.
It’s so much better than my old method of carrying post-it notes around in my wallet.
BillyK says on June 1st, 2007 at 7:14 pm
Hi
Why not just keep it simple (in accordance with lifehack principles) and use the google spreadsheet available with your gmail account?
Your passwords are then available from any computer anywhere in the world.
As a web designer, I have seven zillion passwords to remember - all on my google spreadsheet in alphabetical order
Cheers
Bill
Ryan says on June 1st, 2007 at 7:18 pm
I’ve been using Keyring on my Palm for the past few years and don’t have any complaints. It’s free (almost always a plus), keeps everything under a master password, and if you want it’ll generate passwords for you.
Ablewise Free Classifieds says on June 1st, 2007 at 7:58 pm
Keepass gets my vote from the list. To push it to the next level, place Keepass on a Portableapps enabled thumbdrive. Then you can bring your password around.
Truly handy if you are a road warrior.
Jen / domestika says on June 1st, 2007 at 9:52 pm
I’m a Clipperz fan. I like having the option of web access or offline, with the ability to load a compact version of either one in Firefox sidebar. Excellent support from the developers, too.
Belial says on June 2nd, 2007 at 2:09 am
Just as a matter of interest, has anyone looked at the security implications of any of the packages or solutions that have been recommended here?
Rajul says on June 2nd, 2007 at 5:17 am
I have been using Password safe for many years and never have any issues with it. It also types in the user name and password on a web page using a shortcut and suggests a strong password.
Frying Dutchman says on June 2nd, 2007 at 8:22 am
I’ve been using Ked Password Manager for quite a while now. It offers both a GUI and CLI, which is all I care about ;-)
Eric says on June 2nd, 2007 at 10:33 am
I like the gnome Revelation application, and it’s companion panel applet. You can easily navigate to the site and then paste in the userid / password. All stored in one encrypted file for easy backup.
brothajohn says on June 2nd, 2007 at 10:38 am
well I don’t know about webdesigners, but I must use about thirty or fourty online services and for me the algorithm method has never failed. No software, no books, no memos, just memory, the in-my-head kind so it works both online and off.
Azhar says on June 2nd, 2007 at 12:24 pm
Something called SuperGenPass leaves all of them in the dust (google it). Probably the best password system invented, check it out.
It generates unique secure password for each domain from your master password. Now with 14 characters, THATS security.
Tara (PassPack) says on June 2nd, 2007 at 12:34 pm
Hello.
I’m a founding Partner at PassPack - a free online password manager. Alas, we’re missing from your list…
http://www.passpack.com
:)
@BillyK
Google spreadsheets are not safe as they are not encrypted. If you are storing your client’s passwords (I assume domains and FTPs etc) then you are putting them at risk. Please choose a password manager - it doesn’t have to be PassPack - any password manager will do.
Cheers,
Tara Kelly
PassPack Founding Partner
psytek says on June 2nd, 2007 at 12:35 pm
Great article. We’re actually looking to upgrade our password system at work. We use password safe and so far It has been good. The only thing we are missing is the ability to add roles / multi-user capabilities. So instead anyone with the master password has access to all of the passwords, instead of a group of passwords assigned specifically to them. Does anyone know of a program that is multi-user? Please leave a comment here if you do.
Kyle says on June 2nd, 2007 at 12:44 pm
Pastor is a good OS X option. It’s cocoa native.
http://www.mehlau.net/pastor/
leo says on June 2nd, 2007 at 2:13 pm
thanks for the list. i used open office spreadsheet (Calc) and save the file with password.
the algorithm approach is interesting, i used it sometimes also, but what is the chance that someone (with access to forum login and password) had a glimpse of yours, and figure out your algorithm? and then, they’ll have all your passwords…
David J says on June 2nd, 2007 at 4:35 pm
I have been using keepass for the past 3 or 4 years. I think it is one of the best password mangers out there.
Ellen says on June 2nd, 2007 at 9:21 pm
Another online solution is Passpack which I have been using for a couple of months now and enjoy having easy access to my passwords.
Tom says on June 3rd, 2007 at 2:20 pm
Actioneer is a new free “invisible” password manager that enables very easy keyword access to about 100 popular sites including many password-protected sites and also provides secure storage for other passwords and data. It has both desktop and portable versions for use with USB drives.
shamess says on June 3rd, 2007 at 4:57 pm
Actually, I’m one of those people that does have all the same password for every website. However, I’m also one of those people who use capital letters, numbers and badly spelled passwords, so I think that annuls the insecurities of using the same password.
I just remember all of my passwords. I really don’t feel safe storing them somewhere.
Fazal says on June 3rd, 2007 at 5:05 pm
I’m surprised to see that sxipper is not listed here. I find it’s the best most versatile cross platform password manager in Firefox.
Jan says on June 3rd, 2007 at 6:09 pm
I keep my password on my Treo, in a little program called Secret. At least I always have access to my passwords, they’re securely encrypted and I have a backup on my PC!
Andrew says on June 3rd, 2007 at 6:53 pm
On my Macintosh, I’ve been using 1Passwd http://1passwd.com/ for a year or so and I love it. It has all the right features for me: strong security, easy back-up, easy transferance from one computer to another, and a “secure notes” feature where you can store arbitrary text inside your password-protected, encrypted keychain. The developers are responsive and professional, and the program has been flawless for me (using OSX 10.4 and Firefox) for over a year.
John A Thomson says on June 3rd, 2007 at 10:24 pm
KeePass for me, although I’ll maybe check out some of those on the list above.
Richard says on June 3rd, 2007 at 11:20 pm
This is a program I have been using for a few months. It allows you to store text in a text file that is password protected.
https://www.steganos.com/us/products/home-office/locknote/overview/
Mark Mathson says on June 4th, 2007 at 12:31 am
I got some great responses via Answers on LinkedIn regarding PasswordSafe. Here is a link http://www.linkedin.com/answer.....96-8677007 if you are interested.
Chris says on June 4th, 2007 at 12:55 am
Great Ceasar’s ghost. Anyone who would use an online password manager, or any kind of password manager that stores their passwords outside of their own control needs a serious tinfoil-hat adjustment. I’ve been using PasswordSafe since the time it was still Bruce Schneier’s baby and have never looked back.
admin says on June 4th, 2007 at 2:09 am
This is a great collection of list for storing your password.
but for me the best is my brain… really!
Edwinek says on June 4th, 2007 at 2:24 am
I second Ellen on PassPack. Very nice solution with client side encryption. And anonymous. They don’t even know your e-mail address.
subcorpus says on June 4th, 2007 at 4:58 am
i use a mac at home and i never used keychain …
if it saves so much time …
i guess its about time i check it out …
but as most … i have some reservations about stpring all my passwords at the same location …
*shudder* …
Chris says on June 4th, 2007 at 5:35 am
Please don’t confuse PasswordSafe.com with the awesome and totally secure Password Safe written by originally by Counter Pane (Bruce Schneier) and now maintained at SourceForge. If you want one tip, use this product.
http://sourceforge.net/projects/passwordsafe/
PS. I can’t believe the author would condone putting your private passwords in any online system. Madness!
ff1959 says on June 4th, 2007 at 7:18 am
1passwd works for me. Ditch those IE and FF weak encryption schemes.
Rob S says on June 4th, 2007 at 8:29 am
Have any of these programs mentioned been checked for spyware or malware, or is that just being overly paranoid?
emory says on June 4th, 2007 at 11:40 am
Of course, you could just ask Service X to support OpenID.
Ananth says on June 4th, 2007 at 11:51 am
Another way - Gmail.
1. Have a label like ‘Registration’. All mails having login/registration/password info will have this label.
2. Most of the web services send a mail with registration info and verification link. Label it registration.
3. If the password is not in the previous mail, reply to yourself, with a hint about the password.
I keep 2 or 3 standard passwords. An easy one for trying out new sites, one very strong one for important, sensitive sites like gmail etc.
So the hint goes like “the easy one”, “the easy one+amazon”
3. Next time, just search in gmail. ex: “amazon label:registration”
vajra says on June 6th, 2007 at 1:26 pm
I use a small inexpensive address book (made of cardboard & paper). It cannot be hacked, cannot be broken or corrupted. Just to make sure it is safe from ordinary theft too I break my passwords into standard elements which are represented by abreviations.
Daniel McPherson says on June 10th, 2007 at 6:14 am
Hey Folks,
You forgot about us!
Small, open source application for storing your passwords, and all those other “little bits” of information:
http://www.niftysoftware.com/P.....fault.aspx
Anyway, it has clipboard integration, custom item types, fast and simple search, install and run from memory sticks, stores in XML with option to encrypt.
Anyway, we would love you to take a look.
Daniel
Frank says on June 11th, 2007 at 8:30 pm
Better than using yet ANOTHER program just to track your passwords, use a single strong password and intersperse the first few letters of the site you’re using the password for.
For instance, let’s say your pet’s name is Clover and you like to use the name as your password. Add a couple of letters and a couple of uppercase letters to make it ‘cLo31Ver’. This is already a strong password but now apply it to your eBay and Amazon accounts, using just the first four characters of the websites:
eBay:
cLo31Ver becomes ecBLaoy31Ver (type password, hit Home key and enter the letters of eBay, pressing right arrow after each letter)
Amazon:
cLo31Ver becomes AmazcLo31Ver (easier to type, and just as strong - just type the first four letters of the site you’re on and then your base password)
This is easier to remember and implement, and you won’t have to change passwords all the time, or remember the password for your password program!
EdM says on June 16th, 2007 at 7:13 pm
My dream list of password functionality (all accomplished by KeePass):
1. Never have to think up another password (have them randomly generated for me)
2. *Never* have to remember *any* password (in fact, make them all so outrageously long and complex (read secure) that they are absolutely impossible to remember)
3. Never have to copy/paste or drag/drop any login data to any login form (do this with a universal hotkey that “senses” which login you’re at and automatically enters all data in all required fields)
4. Have the option of a master keyfile so that I don’t even need to have or remember a password for the password manager itself
5. Fine tune macros that can defeat keylogging threats.
It’s KeePass hands-down for me.
Ian says on June 16th, 2007 at 8:58 pm
Frank has a great idea there though I wouldn’t use a pets name, use a random word out the dictionary. The downside is that it takes time to remember and more time to learn to type in an unnatural password like that fast.
Th responses here do seem to show very paranoid who perhaps believe too much of what they read, but I understand that fear because always somewhere along the ‘line’ is a human (perhaps a programmer), and one way or another there is the potential for human error. Still I would use an online password manager if it’s efficient and easy to use.
I have been using Roboform and have hundreds of passwords in there, but now I have a Mac and there is no Mac version.
I am glad to find banks stop password managers from being used or just can’t be used, but I just wish my bank would use a system I can actually remember the password for!
Pedro says on June 18th, 2007 at 6:31 am
Storing password with Firefox can be dangerous if you lend your computer even for a few minutes : showing all the passwords does not require the main password!
I consider this as a major security flaw.
Nathan says on June 28th, 2007 at 5:24 pm
Leo,
I’m with Chris above. PasswordSafe.com != Password Safe, the excellent (now open-source) program created by Bruce Schneier, a noted cryptography and security expert (http://www.schneier.com/passsafe.html). You should update this post, at the very least to correct the error of associating the web site with the app, and better, to link to the home of the app (http://sourceforge.net/projects/passwordsafe/) rather than the web site, which doesn’t look all that secure, IMHO.
carol says on July 14th, 2007 at 1:59 am
i need help on my password i for got it and im not on it now useing a friends right now to find a way to fix it can you help me fix my logon windows xp password
Scott says on September 24th, 2007 at 2:41 pm
PassPack gets my vote. Check it out a https://www.passpack.com/
Raj Vats says on September 27th, 2007 at 1:40 pm
Anytime you have a bounced email simply FORWARD to Find@Switchemail.com.
They will find the person’s new email address.
First register & then start sending bounced email: http://www.switchemail.com
Sincerely,
Raj Vats
Bleach says on October 4th, 2007 at 1:59 pm
I’m a happy user of Firefox and Mac’s Keychain. :D
Jay says on October 17th, 2007 at 4:49 pm
Really great tips!! Let’s have Single Login Window to our all sites!!
Jay
Articles Search Engine
http://www.articlessearchengine.com
eisenworks says on October 18th, 2007 at 9:55 am
In my most recent review of password managers, I found myself focused on physical portability, which is an issue for me. I want access to the same data at home, at work, and on the road, with a minimum of hassle. A desktop application that I have to install on my computer’s hard drive is a non-starter.
There are two basic solutions, as some of you have commented: You can carry program and data with you, say, on a USB flash drive. Or, you can use an online service, accessible from any computer that has a browser and a live connection to the internet.
KeePass works admirably for the first approach. I wrote a screencast on it here:
http://mainstream-guides.com/keepass
PassPack is one of the new breed of Web 2.0 services, which means it behaves more like a desktop application, having an attractive and responsive user interface. I wrote a screencast on PassPack here:
http://mainstream-guides.com/passpack
Rusça tercüman says on February 25th, 2008 at 12:15 pm
Your comment contains very useful information about all thank you rusça tercüman
Sish says on April 16th, 2008 at 5:20 pm
For all the people relying on their heads for security; whether running algorithms or recalling data they’ve the greatest risk of losing all their computer-life instantaneously. it only takes one real-world, physical accident to obliterate all the contents of your head with no way of recovery. Even meat heads need back-up
Kay Tachibana says on May 7th, 2008 at 3:55 am
I’ve been looking for a good password manager and I still haven’t found a good one which supports what I need.
I was using KeePass in a Japanese Windows Vista, writing the descriptions in Japanese. Then I took the database with my thumb drive, trying to open it with another computer which is using US locale. All the descriptions I’ve entered became “?????”. Horrible. I know that it can be fixed by downloading AppLocale and use it, or just change the computer’s locale to Japanese, but then what if the computer I am currently using doesn’t let me install AppLocale or change the locale? Or even if I can do it, it will be such a pain everytime I want to login on another computer.
I’ve been looking for a password manager which is a unicode application, but from what I’ve found, none has KeePass features. But to use online password manager seems a bit desperate, and the security is worrying. What if someone stole all the passwords and able to decrypt those?
*sighs* Managing passwords can sure be difficult.
Anime Guru says on May 9th, 2008 at 3:19 pm
That is a nice comment it contains lots of important info, thanks!
Ben says on July 1st, 2008 at 6:32 pm
woah, when did you guys redesign?? Your archives say it was April 28th? I didn’t even notice… thanks to google reader.
Anyways, I think this password algorithm sounds like a great idea, but why do you need a password manager? I use an OpenOffice database on an encrypted partition on my hardisk. I just fill out a form whenever I sign up for something new, easy as pie. Of course a spreadsheet would work too.
Niko says on August 9th, 2008 at 10:27 am
Cute Password Manager is a free one. Keep your passwords more secure and do auto login websites
http://www.cutepasswordmanager.com
Mike says on September 1st, 2008 at 10:07 am
These solutions as far as I can tell include various combinations of strong passwords, and various levels of strong encryption. But they all seem to be missing intruder detection. What happens if someone gets a copy of your password safe? They can hack against it until they have your master password, then they have all of your passwords in a nice organized tool.
Any complete password safe will include intruder detection that will lock or even destroy the password safe if too many bad password attempts within a set timeframe are attempted. Is anyone aware of a product that offers these features?
raed ahmad says on September 12th, 2008 at 12:36 pm
hlo iam is raed ahmad