What's your strategy for keeping all your PINs, passwords, etc.?

My list of PINs, passwords, user ID’s, usernames, etc. is getting frighteningly long. I keep it on a hidden place on my work computer, and print out a hard copy occasionally as it changes with time and keep the hard copy in a well-hidden place at home.

Now I feel insecure of my work computer hidey-hole. Does anyone have good suggestions of keeping this list secure yet accessible?

Use an online password manager?

I use LastPass.

I use Wallet.

I prefer an offline password manager because many of my passwords are necessary even if I’m not on the Internet. I use PasswordVault by LavaSoft. It has Windows, Mac and Linux versions, and can run from a flash drive for portability. I chose it because you can set up multiple “lists” of passwords, and choose to sync one or more lists with other users. This is invaluable for passwords that my coworkers also need.

Moved from General Questions to IMHO.

samclem, Moderator

Steganography. Seriously.

If I told you, then I’d have to come up with a new way of remembering them, and I’d have to change them all. So, no, I don’t write them down or store them anywhere except mah brain.

I write them on the inside of my eyeballs. Never lost one yet.

I do more or less what the OP does. I know it’s not safe, but there are simply too many of them for me to remember.

(We’re always advised not to use the same passwords for different accounts.)

Also, I need a versatile mnemonic file: simply having the login name and password isn’t enough. I need notes on sub-accounts, account numbers, group memberships, file paths, login options, etc. It’s convenient – but not safe – to have all of these in one big file.

Alas, I don’t really believe in the notion of a “hidden area” on the computer. I suppose I could jam it all on a USB memory stick, and simply unplug it when not in use.

I did use an encrypted password manager for a while, but it got too damn intrusive. It would pop-up at weird times, and would try to auto-fill information boxes that had nothing to do with my actual login. For instance, every single time I’d go to Amazon.com’s home page, it would try to fill in “my account.” Much too irritating!

1Password on my iPhone. It doesn’t autofill anything, so it’s not intrusive - I just pull it up and type in the password on my desktop/laptop, or copy/paste on my iPhone. There’s no way I could remember everything - at work alone, I have probably three dozen different username/PW combos (and what they’re for) to remember.

I’ve been using Dashlane recently, which can generate secure passwords, and your master password is never uploaded. This is secure, but if you ever forget the master, tough luck.

I find that creating an 8 character PW with both cases, a number and a special symbol fits most PW requirements, and can be fairly easily remembered. I sometimes tell people to create a phrase like “Bobspizzais#1” then change that every so often. Easy to remember, and is relatively complicated enough for a brute force hack attempt to take much longer than is worth it.

The only problem with that method is if you use the same PW for everything and it gets keylogged, you’re screwed.

Biometrics FTW.

I have a password-protected Excel spreadsheet with a list of logins/passwords. The filename is completely non-obvious, and the file is in a folder with dozens of other Excel files; a hacker or burglar who somehow gains access to my computer would first have to recognize that this file is not just another trivial Excel file, and then he would have to hack through the password to gain access to that file.

I have a desk drawer full of folders with instruction manuals for various things I own - tools, A/V equipment, electronics, etc., and I keep a small printed copy of the Excel spreadsheet tucked into a non-obvious folder (one full of other instruction manuals) in that drawer. A burglar would have to recognize that somewhere in this massive collection of instruction manuals there is a small sheet that contains all my passwords.

I use a program called SplashID. It runs on my home computer (Windows) and my phone (Android), with sync between the two of course. The program itself is password-protected, and both the computer and the phone have access passwords as well. I had the Palm version of SplashID back when I used that as a mobile organiser.

I’ve considered LastPass, but it seems too risky to store my passwords in the cloud, especially on servers located in the U.S. (Patriot act, etc.).

Admittedly not all that secure … but I don’t have too much critical stuff going on. I think I have less than 20 in my life.

I came up with a pattern on the keyboard that can be repeated in multiple directions, starting from many different keys. For each different need, I change where I start and which direction to go, so I only need to remember the first key for each need (and up to 4 guesses for direction sometimes). I keep a list of the starting keys, which is benign by itself, unless somebody watches me closely AND has the list. I also have a few other standard words/phrases that I’ve used for too long. I’ve occasionally changed my pattern (and thus all passwords). It is kind of a pain to go to all the sources in one sitting. 4-digit PINs I just remember.

SDMB=Y :eek:

For websites that allow special characters in passwords, I’ve made up a nonexistent email address and I insert the name of the service in it. For example, if I were to use Twitter (I don’t), I would use MyTweets!@fakeaddress.com or MySkype!@fakeaddress.com for Skype. Near impossible to crack and it makes remembering multiple passwords a breeze as well as not requiring me to write them down.

I’m not sure how wise it is but I have one password for everything.

Except for my stupid work. They don’t let you choose your own PW. You have to use a system generated one.

I do this for many things. My phone’s voice-mail, for instance is 1111. My debit card, the same. But, I never lose my phone or my debit card.

FLW. :stuck_out_tongue:

Maybe. But the account that the debit card is for has minimal funds and practically zero use. It’s mostly a safety net. My telephone voice-mail? If it gets hacked, what happens? I’m comfortable with the situation as is.:wink: