What is the best way to secure passwords?

[yellowknife]

This is not necessary a bitcoin-specific question, but it is certainly an important issue for bitcoin users, especially in light of recent disclosure of hashed passwords from mtgox.

What is the best way to keep your passwords secure? I have long believed in memorizing passwords and not writing them down or storing them anywhere. However these days with so many different logins to keep track of, it doesn't seem practical anymore to try to keep a variety of passwords memorized. I can make my passwords much longer and more secure if I don't have to memorize them.

I've looked at password management tools such as keepass, but I can't help but feel nervous about having all of my passwords stored in one place, even if it is encrypted. And even then, the question becomes, where to store that file? If I store it on my PC, it could be vulnerable to malware which copies it offsite somewhere where it can be brute-forced. If I store it on a thumbdrive, I risk losing access to everything if I ever lose the thumbdrive. If I store it "in the cloud", I risk security issues such as the issue with Dropbox yesterday (where you could log in to any account without a password for 4 hours).

I'm genuinely interested in how people are dealing with this. There doesn't seem to be a clear best solution.

[1715322220]

1715322220

[1715322220]

1715322220

[InstaGx]

What ever you do you should always save it in different physical locations. The redundancy will minimize the risk of loosing all those passwords.

Also you shouldn't register all important accounts on the same e-mail address. You can make more than one GMail account for example.

For the encryption I'd choose a password container with encryption like KeePass and a small Truecrypt container. Put the password container into the Truecrypt volume and sync it (the Truecrypt container) with other services. If your dropbox gets compromised they'd still have to crack the Truecrypt container. The password database is encrypted too, so you can have the Truecrypt volume mounted all the time. The passwords would only be exposed if KeePass (or LastPass or whatever) is currently running.

[azuthus]

Hi,

I use Data Guardian for my passwords and to generate strong pw.

Like Truecrypt, Data Guardian uses one master pw. I backup the Data Guardian db in many different places so if my computer goes down or the file gets corrupted, I always have a backup.

There are the FireFox ways such as synching them using many of the addons that they offer such as lastpass or Xmarks all.

Good luck and let us know how you make out and what you settled on.

Az

[justusranvier]

I've been very happy with LastPass.