How to best store hundreds of passwords *securely*
I have a 2 part Q:
Part I: Other than an excel spreadsheet - how should I store my several hundred unique passwords securely for retrieval when I need them.
Part II: And, is using the "Remember" password feature in Firefox smart or no?
Clarification added 3 months ago:
===== Bear in mind - these are not super high security accounts. They're things like email accounts, services like Dropbox, Linkedin, etc etc. I just want to prevent these accounts from getting hacked - and I use a unique password for each. =====
Good Answers (2)
Shawn D.
Telecommunications Professional
Best Answers in: Computers and Software (4), Wireless (3), Software Development (2), Business Development (1), E-Commerce (1), Information Security (1), Telecommunications (1)
I recommend Lastpass since it is available on nearly all platforms. I've included a link to a great article on making a nearly hackproof setup with Lastpass and a USB flash drive.
Links:
Christopher B.
Enterprise Security Architect- Emerging Technologies at undisclosed
Best Answers in: Information Security (22), Computer Networking (9), Computers and Software (4), Certification and Licenses (2), Enterprise Software (2), Telecommunications (2), Personnel Policies (1), E-Commerce (1), Databases (1)
I would 2nd LastPass - online service that uses browser extensions/add-ons to access passwords and fill forms.
Links:
More Answers (10)
Bernard G.
Programme, Project & Change expert
Best Answers in: Using LinkedIn (150), Government Policy (18), Career Management (17), Staffing and Recruiting (14), Organizational Development (12), Ethics (11), Education and Schools (10), Advertising (10), Software Development (10), Job Search (8), Personnel Policies (8), Internationalization and Localization (8), Energy and Development (8), Computers and Software (8), International Law (7), Project Management (7), Work-life Balance (6), Employment and Labor Law (6), Small Business (6), Web Development (6), Treaties, Agreements and Organizations (5), Criminal Law (5), Internet Marketing (5), Business Development (5), Corporate Governance (5), Change Management (5), Planning (5), E-Commerce (5), Customer Service (4), Regulation and Compliance (4), Certification and Licenses (4), Occupational Training (4), Health Care (4), Environmental Health (4), Intellectual Property (4), Public Relations (4), Sales Techniques (4), Business Analytics (4), Communication and Public Speaking (4), Facilities Management (3), Travel Tools (3), Mentoring (3), Financial Regulation (3), Government Services (3), Compensation and Benefits (3), Corporate Law (3), Property Law (3), Viral Marketing (3), Wealth Management (3), Market Research and Definition (3), Professional Books and Resources (3), Professional Networking (3), Business Plans (3), Blogging (3), Economics (2), Public Health and Safety (2), Offshoring and Outsourcing (2), Tax Law (2), Direct Marketing (2), Customer Relationship Management (2), Search Marketing (2), Writing and Editing (2), Commodity Markets (2), Currency Markets (2), Personal Investing (2), Positioning (2), Computer Networking (2), Information Security (2), Business Insurance (1), Commercial Real Estate (1), Purchasing (1), Air Travel (1), Car and Train Travel (1), Hotels (1), Freelancing and Contracting (1), Resume Writing (1), Conference Venues (1), Accounting (1), Budgeting (1), Corporate Taxes (1), Mergers and Acquisitions (1), Risk Management (1), Exporting/Importing (1), Customs, Tariffs and Taxes (1), Contracts (1), Events Marketing (1), Guerrilla Marketing (1), Graphic Design (1), Mobile Marketing (1), Lead Generation (1), Labor Relations (1), Bond Markets (1), Nonprofit Management (1), Inventory Management (1), Quality Management and Standards (1), Supply Chain Management (1), Personal Taxes (1), Personal Real Estate (1), Branding (1), Engineering (1), Product Design (1), Professional Organizations (1), Franchising (1), Starting Up (1), Green Business (1), Biotech (1), Enterprise Software (1), Wireless (1)
Absolutely not in an excel spreadsheet. There are widely available tools for cracking security on these.
The "remember" password features in all web browsers are highly suspect and open to hacking and misuse - I wouldn't use for anything other than trivial passwords (e.g. those to get access to free services such as some newsletters etc).
There are dedicated apps for this purpose, so try these, and check their credentials and references. The best answer of course is don't store these anywhere, although I appreciate that for hundreds this is not practical - but why would you have that many?
Jonathan B.
Business Relationship Manager at Shearwater Solutions
Best Answers in: Information Security (9), E-Commerce (1), Computers and Software (1), Computer Networking (1)
Well the risks of storing all your passwords in one insecure place is obvoius but for subcription services etc then LastPass KeePass etc might work well for you. For higher risk accounts I would use a USB smartcard like HSM with an SSO application from someone like SafeNet perhaps
I use USB.
With in USB I also use a password.
I had also been using WinZip encription. (Not sure how secure it is,)
Encription is also available with OpenOffice Suite. I like this one because it is free.
Rob S.
Cyber Security Lead, Cyber Security Practice at Black & Veatch
Best Answers in: Information Security (38), Staffing and Recruiting (2), Enterprise Software (2), Computer Networking (2), Business Insurance (1), Software Development (1), Using LinkedIn (1)
Storing them securely has nothing to do with keeping them from getting hacked. If you have a keylogger on your system, it matters not where you store them. If X website gets hacked, it matters not that you stored the password for your account on that website in a secure fashion. The one use case where it matters how you store your accounts is if your own computer gets hacked. In that case, you want to use an application like KeePass or Password Safe (my personal favorite) which encrypts the information it stores. But recognize the threats that this approach does protect you against, and the threats which it does not protect against.
Nick C.
A jack of many trades and a master of some...
Best Answers in: Web Development (9), Software Development (6), Blogging (5), Using LinkedIn (5), Education and Schools (3), Accounting (3), Corporate Law (3), Business Development (3), Starting Up (3), Computers and Software (3), Venture Capital and Private Equity (2), Risk Management (2), Government Policy (2), Staffing and Recruiting (2), Work-life Balance (2), Internationalization and Localization (2), Change Management (2), Personal Investing (2), Small Business (2), E-Commerce (2), Information Security (2), Wireless (2), Commercial Real Estate (1), Facilities Management (1), Car and Train Travel (1), Certification and Licenses (1), IPO (1), Corporate Taxes (1), Economics (1), Exporting/Importing (1), International Law (1), Offshoring and Outsourcing (1), Tax Law (1), Advertising (1), Internet Marketing (1), Public Relations (1), Lead Generation (1), Business Analytics (1), Corporate Governance (1), Organizational Development (1), Equity Markets (1), Hedge Funds (1), Nonprofit Management (1), Inventory Management (1), Supply Chain Management (1), Personal Real Estate (1), Engineering (1), Industrial Design (1), Energy and Development (1), Enterprise Software (1)
There's no such thing as security; there are only varying degrees of insecurity. Even if the software you're using to store passwords is hack-proof (and is there any such software?), you're still at risk of losing your passwords by spilling the proverbial coffee into your laptop.
One (imperfect, as security itself) way out of this conundrum is to store (in multiple locations, including some that are in plain view of others) not the passwords themselves, but mnemonics that would allow you (and only you) to reconstruct the actual password.
Let's say, a certain date has a special significance to you and no one else knows what that date is (let's pretend it's June 15, 2002). Given that, you can have a Dropbox password DropBox_2002-06-15, but store it in your system (or on a sticky note on your monitor for the world to see) as DropBox_MVSD (MVSD, as you probably guessed, stands for My Very Special Date).
Or, say, your late grandmother's favorite color was red. So MLGFC (My Late Grandmother's Favorite Color) in your mnemonic could correspond to "Red" or even to "#FF0000".
You could develop a small dictionary of substitutions that you can actually commit to memory and then store your mnemonics anywhere, including places where they can be seen by others...
Vinodh Sen E.
Technical Lead,ING Institutional Plan Services
Best Answers in: Web Development (89), Software Development (50), Computers and Software (35), Enterprise Software (24), E-Commerce (21), Databases (15), Computer Networking (10), Telecommunications (8), Information Security (7), Wireless (5), Staffing and Recruiting (3), Blogging (3), Information Storage (3), Job Search (2), Business Development (2), Business Analytics (2), Professional Networking (2), Starting Up (2), Using LinkedIn (2), Freelancing and Contracting (1), Mentoring (1), Conference Planning (1), Offshoring and Outsourcing (1), Intellectual Property (1), Employment and Labor Law (1), Advertising (1), Sales Techniques (1), Equity Markets (1), Nonprofit Management (1), Market Research and Definition (1), Professional Books and Resources (1), Business Plans (1), Small Business (1), Biotech (1)
Rob,
I have been using Roboform . It can store unlimited
number of passwords. Its simply the GREATEST . opensource software keepass.info is there but not the best. I settled with roboform after using many similar (not so good) software.
regards
vinodhsen
Links:
Clarification added 3 months ago:
firefox is good but not for this feature. dont use it.
Clarification added 3 months ago:
all my bank accounts, share trading accounts ,email accounts are protected by roboform . I have used share trading accounts even from public computers. there has never been a breach. This is because I can retrieve any password of mine from anywhere using online.roboform.com/login without using keyboard. as a result nobody can trace my password except me .
Clarification added 3 months ago:
keepass.info doesnt have realtime sync of passwords which you can access anywhere realtime using a web interface. roboform does have this using goodsync. leader in its niche
Do not store you passwords in a excel spreadsheet. Use KeePass a free password manager that encrypts your passwords with the best and most secure encryption algorithms currently known (AES and Twofish). You create a master password that can access all your other passwords. Also as a site note you should make sure you have anti virus, firewall and malwarebytes to protect your computer from other threats. If you would like to make the computer even more secure I would recommend using full disk encryption.
Links:
Patrick D.
Philanthropreneuring By Example with up to 50% Contribution to Good Causes 2012 - 17
Best Answers in: Using LinkedIn (1)
Hate to be the wet towel on this, but the absolute most secure method is to print them out, and store them in a well designed safe. Digital technology, at it's best, is nothing more than a complex locks worth picking, with many eager young nerds, just poised to try their skills.
Scott N.
Enterprise Portal Architect and Technical Manager
Best Answers in: Web Development (5), Software Development (4), Enterprise Software (2), Computers and Software (1)
I also use RoboForm, however I used the older version because A) It does require a subscription payment and B) It does not store my information on their servers. The only downside to the older version for me is that it only works with FireFox 3.x. For you, the older version may not be available anymore.
Wallace J.
Multimedia Producer, i3D Programmer, Acrobat 3D PDF, Android App, Virtual World & iTV Design, Kindle, Nook & Sony eBooks
Best Answers in: Using LinkedIn (139), Computers and Software (32), Web Development (24), Business Development (22), Government Policy (20), Internet Marketing (18), Software Development (18), Work-life Balance (17), Staffing and Recruiting (15), Career Management (14), Education and Schools (13), Small Business (12), Graphic Design (11), Job Search (10), Advertising (10), Starting Up (10), Wireless (10), Search Marketing (9), Change Management (9), Branding (9), Ethics (9), Travel Tools (8), Economics (8), Public Relations (8), Organizational Development (8), Manufacturing (8), Professional Networking (8), Energy and Development (8), Enterprise Software (8), Mentoring (7), Health Care (7), Business Analytics (7), Quality Management and Standards (7), Market Research and Definition (7), Blogging (7), Telecommunications (7), Internationalization and Localization (6), Mobile Marketing (6), Sales Techniques (6), Product Design (6), Customer Service (5), Occupational Training (5), Employment and Labor Law (5), Events Marketing (5), Writing and Editing (5), Planning (5), Communication and Public Speaking (5), E-Commerce (5), Freelancing and Contracting (4), Venture Capital and Private Equity (4), Government Services (4), Environmental Health (4), Direct Marketing (4), Viral Marketing (4), Supply Chain Management (4), Distribution (4), Professional Books and Resources (4), Business Plans (4), Computer Networking (4), Business Dining and Entertainment (3), Hotels (3), Event Marketing and Promotions (3), Conference Planning (3), Conference Venues (3), Customer Relationship Management (3), Lead Generation (3), Social Enterpreneurship (3), Project Management (3), Engineering (3), Green Products (3), Biotech (3), Databases (3), Information Security (3), Purchasing (2), Air Travel (2), Accounting (2), Financial Regulation (2), Personnel Policies (2), Public Health and Safety (2), Exporting/Importing (2), Offshoring and Outsourcing (2), Criminal Law (2), Contracts (2), Corporate Governance (2), Currency Markets (2), Personal Debt Management (2), Wealth Management (2), Green Business (2), Business Insurance (1), Commercial Real Estate (1), Facilities Management (1), Regulation and Compliance (1), Car and Train Travel (1), Certification and Licenses (1), Resume Writing (1), Budgeting (1), Corporate Debt (1), Foreign Investment (1), Corporate Taxes (1), Risk Management (1), Compensation and Benefits (1), International Law (1), Treaties, Agreements and Organizations (1), Finance and Securities Law (1), Intellectual Property (1), Guerrilla Marketing (1), Commodity Markets (1), Equity Markets (1), Nonprofit Fundraising (1), Nonprofit Management (1), Inventory Management (1), Personal Investing (1), Personal Real Estate (1), Franchising (1)
InfoGrid, Java7, MySQL
