101 Comments

• Digg
• Bury

Too many passwords made me buy univauth.com... haven't done anything with it yet, but I figure universal authentication is big money down the road when somebody figures out how to do it securely and smoothly. THEN I'll make ONE MILLION DOLLARS selling the domains. MWA HA HA! (to the bank)

• Reply

• Digg
• Bury

Yeah, that's a good idea. Let a website run by someone else store your passwords for you. No chance they could go into your password files and steal them and then use them to break into your accounts. (previous comments all DRIPPING with sarcasm) Even with a totally legitamate company there are always employees who can be tempted. I would go with Icohiomatty's suggestion myself. And here's a suggestion always make your password so that it contains numerals as well as letters, possible adding symbols as well, and break it up. Don't make it password1235. Be more creative. Use caps and lowers something like this Pa3sW24oRd15. This makes your password harder for hacker programs to crack. Of course they can still get it eventually but it will take them more time and make it more likely that they get caught.

• Reply

• Digg
• Bury

There are some good tools suggested here... variations on the "password changing salt" idea. But remember, this is only as secure as your "master" password. Make it really long, really unique, use symbols, use numbers. C'mon, it's the only password you need to remember... make them work for a few hundred years if they want to bruteforce it.

• Reply

• Digg
• Bury

If you want to compute the meaning of life to login to every junk website account, have at.I just use the same, easy, crackable password for this crap. So what if sombody hijacks my CocaCola account.

• Reply

• Digg
• Bury

SHA-1 has NOT been "cracked." The link falsely claims this and goes into detail in the "update" about how collisions have been found.This means SHA-1 can be brute forced in ~2^60 operations as opposed to 2^80. It is less secure, but not cracked. If used for passwords, most systems will lock out an account somewhere between 2 and 2^60 tries. There is however a 1/(2^60) chance they could guess it on the first try...

• Reply

• Digg
• Bury

I use Chris Zarate's password generator, and have so for a few years now. Does it suck needing to google for his site when I have a new web browser I want to enter passwords in? Yes. (I normally just keep the bookmarklet in the top left corner.)However, the most secure password is the one you only keep in your head and never write down. With a password bookmarklet, no website ever sees my master password. They never know it even exists. So now I basically have a single password for everything, I never have to make or remember a new one, and nobody ever sees it, ever. I think that's as close as possible you can get to a "good thing".

• Reply

• Digg
• Bury

variety567 - that's why I use passwordsafe.com AND the zarate password generator. Passwordsafe stores all the urls and login names (I don't keep any of the really important stuff like bank accounts on there). And mostly my passwords in passwordsafe just say "(passgen)", meaning that I need to use the bookmarklet to enter the password. So even passwordsafe doesn't really have my passwords (not to mention the fact that they have a ton of stuff on the site saying they encrypt things and that nobody can even see what's being transmitted.)Passwordsafe + Password bookmarklet = Maximum Security Heaven.

• Reply

• Digg
• Bury

Roboform stores to your computer also. In fact, it is not capable of storing to a network.

• Reply

• Digg
• Bury

I agree totally.

• Reply

• Digg
• Bury

www.NeedMyPassword.com is the perfect solution for this! It is safe, secure, and free.

• Reply

• Digg
• Bury

Hi all.I suggest PassPack, a online password manager. It is secure, Web2.0-styled, user-friendly and free!You can try it at www.passpack.com

• Reply