Bit off topic, but does anyone know of a good tool to store, save, protect usernames and passwords etc I am getting tired of keep forgetting them with the amount I have.

Any recommendations?

if you’re on a Mac, there’s only one choice, 1Password. It’s awesome.

If on Windows, someone else will need to make a recommendation.

I've been using Keepass for years now and it hasn't missed a beat.

http://keepass.info/

"KeePass, the free, open source, light-weight and easy-to-use password manager"

I have been using Splash ID from www.splashdata.com for years.

They had PC and Mac, iphone, Palm, BB, Windows Mobile.

They are fantastic, I have been their costumer I think since 2001 or 2002

I second Augusto's recommendation for SplahID; I too have used it on a daily basis for the past two years or so .

It's the best tool I know of that manages all my passwords on my desktop PC AND on my PocketPC, and automagically synchronizes information between the two.

This is one of the very essential piece of software that I use, along with MyLifeOrganized.

Eric


I have been using Splash ID from www.splashdata.com for years.

They had PC and Mac, iphone, Palm, BB, Windows Mobile.

They are fantastic, I have been their costumer I think since 2001 or 2002

I use Callpod Keeper - http://www.callpod.com/products/keeper

Runs on Mac, Windows or Linux, with apps for iPhone, Android and others so you keep synced while on the move.

The Mac application is a little slow to boot up perhaps, but other than that it appears secure and seems to do its simple job well. Syncs no problems with the iPhone app.

I have a special database for all passwords/logins in DevonThink, which is the tool I use for storing Reference Materials. Lets me keep all the necessary details together including direct links to login screens, history notes, etc.
(mac only)

If on a Mac, I would heartily second the recommendation for 1Password. It's truly an awesome tool, with a great team behind it. I recently had to start using Windows, and haven't found a good replacement yet. I'll have to try Splash ID now.

SplashID is the one I like the look of most since I’m not on the mac.

Call pod also looks fairly neat.

Thanks everyone.

For all those many, many passwords, I use Passwords Plus. I've had it so long, I don't remember exactly what I paid, but it was about $15 - $20. If I were starting now, I'd look for something open source, but the idea of converting all those passwords to new software scares me.

For Windows I would recommend Password Safe, it's free and works great:
http://passwordsafe.sourceforge.net/

For those that want your password to be accessible via Mac or Windows you an use KeePass. Definately defactor opensource password manager.

You can install the app but you can also use the portableversion to put in your thumbdrive to have it wherever you go.

download here >> http://portableapps.com/apps/utilities/keepass_portable

I'm on a Mac, and my vote is for Wallet - it's awesome. Syncs with iPhone too.

http://www.acrylicapps.com/

I use RoboForm on my PC and I use 1Password on my Mac. Both are great!

I used eWallet on the PC and windows mobile phone for years before switching to mac and using 1Password. eWallet does have an iPhone app.

I've been using this one for about a year. When coupled with a dropbox account you can have everything synced everywhere and all up-to-date.

lifehacker has a great post on how to make this all work. How to Use Dropbox as the Ultimate Password Syncer (http://lifehacker.com/5063176/how-to-use-dropbox-as-the-ultimate-password-syncer)





I've been using Keepass for years now and it hasn't missed a beat.

http://keepass.info/

"KeePass, the free, open source, light-weight and easy-to-use password manager"

there are plenty of decent desktop password managers. I was a big fan for a while of Password Depot. But there were few in my view that did a good job of syncing mobile and desktop. In my case that is Windows and Windows Mobile.

I have been using Spb Wallet for a while now and I have to say I am a huge fan. Desktop and mobile apps are great as is the sync. Also has a great toolbar browser plugin for Firefox (my preference) and Internet Explorer.

I used SplashID too and really liked it. But I didn't have SplashID with me (work, and on trips.) So I decided to consolidate and added my password information to my contact list in Outlook. Now, I have the company listed, a phone number, the website and my userid/password. I created two fields for the userid/password and a new view for websites so I can see them easily.

I print my contact list frequently and send it to my home account to keep everything current.

I'll put in a vote for 1Password as well. Have it for my laptop and my iTouch as well. Love it!

So I decided to consolidate and added my password information to my contact list in Outlook.


Umm . . . do you keep Outlook locked up? The purpose of password programs is that you can only access these using a master password. Anyone can go into Outlook and take a peek at your password information.

In the end I opted for callpod's "Keeper Desktop" for its safety and simplicity. Also has a neat android app to sync phone & laptop.

Thanks all the great suggestions.

Norton Internet Security 2010 does it well for me, it keeps them safe and you don't need to remember them.

Don't you guys worry about losing all your passwords, if you lose your hard drive via a virus or simply it getting brocken? If you manage to back them up somehow, does that leave you with a file that could be looked at by someone else?

I personally have all my passwords (not to mention all the various usernames and logins) in private memos on my Palm which is backed up on my computer. I assume my Palm and computer won't go down together! I need one remembered password to see the files.

But in case someone gets that password or finds a way of accessing the memos I have them in code form as in: "whereisbrokenbridge?2003" so someone won't be able to guess what it is unless they know what place I'm thinking of where there is a brocken bridge!

Perhaps I'm being over paranoid! but I particularly worry about things like bank/paypal/amazon account logins.

no, I'm not worried about it. But that’s because I have a backup strategy I feel good about. If someone doesn’t have that in place, they SHOULD be worried.

First, I make a weekly bootable clone backup to an external hard drive, so I have an exact replica of my hard drive that is no more than a week old at any point.

Second, I use a service called BackBlaze that uploads my files via the internet to offsite storage. I have it selected to backup all my documents, settings, pictures, music, photos, and this includes my passwords. This data is encrypted so there is little chance of anyone being able to view any of my data.

Third, I synchronize 1Password with the iPhone version so I have the data there, too.

So with all that, I'm pretty comfortable with my setup. Now, and this isn’t intended to be a Mac vs PC rant, but most people using PCs are under secured and their personal data is at risk. At a MINIMUM, you should be running a strong anti virus app and a software firewall with outbound monitoring, i.e. if ANYTHING on your system tries to make an outbound connection that you haven’t previously approved, you are notified and asked to approve the connection request. But I would also strongly recommend PC users also run real time anti trojan software. All it takes is one nasty keylogger for you to compromise all your personal/confidential information, and that equals a really, really bad day.

hmm, since keeper password is offline and encrypted isn't that secure enough?

not familiar with that app but if it’s offline and encrypted, then the passwords themselves should be secure.

But the other issue is the use of those passwords. If you are able to then copy and paste that or auto fill those passwords into the appropriate browser fields, if you have a key logger running on your computer, it could read that data and send it to someone else and now you’re compromised.

Second, I use a service called BackBlaze that uploads my files via the internet to offsite storage. I have it selected to backup all my documents, settings, pictures, music, photos, and this includes my passwords. This data is encrypted so there is little chance of anyone being able to view any of my data.

Can you trust the encryption software? Is it open source? If so, did you examine the code?

Can I trust their encryption methodology?

Well, first, I'm not qualified to analyze their code even if it was open source, which it isn’t. This stuff is way above my level of technical expertise.

Here’s their page on the nuts and bolts of how they do it:

http://blog.backblaze.com/2008/11/12/how-to-make-strong-encryption-easy-to-use/

looks strong to me. Re encryption, my basic assumption is that if someone REALLY wanted to break the key and get access to my data it might be possible if they had a lot of computer firepower, a lot of time and a real desire to focus in on my specific stuff. But the odds of that happening are less than unlikely, there’s nothing special about my data. No trade secrets, no passwords to multi million dollar swiss accounts. So I trust that the system they implement is sufficiently secure.

But the other issue is the use of those passwords. If you are able to then copy and paste that or auto fill those passwords into the appropriate browser fields, if you have a key logger running on your computer, it could read that data and send it to someone else and now you’re compromised.

I have auto fill on all my stuff through a software called sxipper. I also see that 1Password do this too (checked because i'm actually planning on getting a Mac) and you mentioned that you use 1password. Do you not use auto fill then because its not very safe?

You'll have to excuse me because I don't really know much in this area.

nope, I use auto fill.

so far, there are no reported instances of viruses or Trojans on Macs “in the wild”, in the real world. Maybe a couple isolated demonstration issues, but so far there’s really been nothing of concern on the Mac side. Some say that’s because the unix-based operating system that Macs use is intrinsically more secure than Windows (which I agree with) and some say it’s a lack of effort and focus by hackers (which I also agree with). In any event, I run an app called “Little Snitch” that monitors ALL outbound traffic and requests authorization for any connection I haven’t previously approved. It’s a bit of a pain to setup initially because you get a ton of requests as you structure your rules, but once you’re up and running it’s almost invisible.

Just make sure you have something running that will detect anything trying to “phone home”, run a good anti virus software like NOD32 or Kaspersky, sit behind a hardware firewall (like a wireless or wired router) and that will take care of the majority of the issues.

Re encryption, my basic assumption is that if someone REALLY wanted to break the key and get access to my data it might be possible if they had a lot of computer firepower, a lot of time and a real desire to focus in on my specific stuff. But the odds of that happening are less than unlikely, there’s nothing special about my data. No trade secrets, no passwords to multi million dollar swiss accounts. So I trust that the system they implement is sufficiently secure.

If you don't know the encryption code you cannot be sure if there is no backdoor that will allow the code creator to break your key in seconds. I do not suggest that it is implemented but there is no way to check it.

If you're suggesting that the average user should examine encryption code to assess how secure the application process is, i would represent this is grossly unrealistic for the typical or even power user.

as far as i'm going to take it is using a reputable company with tens of thousands of customers and many positive reviews from reputable tech reporters, and hope that if there was a glaring deficiency that it would be noted.

i could turn researching this into a full time job and i don't have it and neither do most people. so, read, research, make a reasonably informed decision and hope for the best.

your same argument could be made for the browsers we use. have you examined the browser code to determine there are no open back doors? how about your operating system code?

i just don't see this being a realistic position.

If you're suggesting that the average user should examine encryption code to assess how secure the application process is, i would represent this is grossly unrealistic for the typical or even power user.

(...)

your same argument could be made for the browsers we use. have you examined the browser code to determine there are no open back doors? how about your operating system code?

i just don't see this being a realistic position.

Let me explain the "open source code" concept:

If the source code of the software application is publicly available for examination there are thousands of experts in the cyberspace that will check if there is something wrong with the code or not. You don't need to be an expert - you can use the wisdom of the crowd of experts.

If the source code is closed in a company safe nobody (except for a few programmers working for this company) can check if it has bugs or intended malfunctions.

The difference is between "a few in a hidden place" and "thousands sharing their knowledge with the world".

thanks for the clarification.

Yes, I generally like open source but I don’t view it as an important enough of a criteria that it will drive me to choose an application that I deem deficient compared to others in terms of base functionality.

I realize some will disagree with this, and that’s fine. To each their own.

I prefer use LoginTrap (http://www.protemac.com/LoginTrap/).It’s prog can capture every login events.I use this tool and I know who logs on my Mac. It’s really good program. Try)

Best solution right now: http://lastpass.com/

If you are concerned about security listen to this podcast and worry no more: http://www.grc.com/securitynow.htm Episode #256.