For the time being, passwords are the way that we authenticate users and secure most of our systems. There might be a better system in the future, but for now everyone needs to manage a series of logins and passwords, even if you have authentication for many systems linked through an internal domain or external system, like OpenID.
I think password managers are almost required these days to manage passwords for most people. I recently ran across an article on ArsTechnica where five security experts were asked how they manage their complex passwords across a multitude of services. Four of these experts use password managers of some sort, though there is quite a variety of them. One actually remembers passwords, though he tries to use proximity tokens and one time passwords when possible.
Bruce Schneier, one of the security writers I’ve followed for a long time uses Password Safe, which is what I use. However he also likes to use his own advice of long sentences turned into passwords and keeping backups of passwords on physical paper. I don’t like writing down passwords, but if you can keep the paper secure (not stuck on a monitor or under a keyboard), it’s an easy solution to use.
There are various ports on different operating systems and different methods to keep your files in sync, if you choose to do so. Two others use competing products (1Password and KeePass), but one uses a text file in an encrypted virtual disk image that he keeps on a USB key. I’m not sure I like that, but with proper backups, it’s not a bad solution.
There is a variety of advice, but overall there’s one thing to keep in mind: security is serious business. All the more so as we use various services more and more to conduct business in our daily lives. Losing a password that you share across multiple services could severely compromise your life. Whatever method you choose, stick to it and be careful in choosing your passwords.
Video and Audio versions
Today’s podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.