views:

401

answers:

12

I'm wondering what people use for storing their username, passwords, urls, IPs, domains, and any other login information they need to both do their job and in general life. It might also store serial numbers or similar data.

I find that I'm registering for probably 5 sites a month, paying some piece of software, just setting up a new hosting account or ssh access to something. By the end of the month, I've both forgot what those sites were and what my username and/or password is--not that I use a completely different password every time. Next month when I go back, I end up using the forgot password and then changing the password to something that I'll forget.

I'm also thinking it needs to be mobile, probably browser based (not a USB key or other protable media) and very secure.

I'm thinking there are maybe 2 different solutions: one for a company where everyone in the company can access it and one where it's only you.

What does everyone else use to store their authentication information?

Edit: I'm looking for something to store more than just a username and password. It needs to store IPs or domains for example for SSH access. It also needs to have the ability to put some kind of comment in or other information because, for example, the site maybe limited to 1 IP.

+1  A: 

I use a certain string of characters in all my passwords, then for each new site I register on I append another string of characters which can be determined by looking at the site's name or URL. All I have to remember is the base password and the algorithm for determining the rest of the password.

yjerem
What about the other authentication information?
Darryl Hein
What if the domain name changes and you haven't been there for a while?
Ed Swangren
@Darryl: I've always relied on my memory alone for all my authentication information. I use the same username for almost every site I register on and other than that I guess I don't have too much to remember...
yjerem
Well, that's true for all of this data. Lets say that a site changes your username from your customer username to your email address. All of this has to be maintained and you have to make sure you put everything into it...have to put this aside.
Darryl Hein
@Jeremy: Yeah, I manage about 50 websites, and each one has an FTP password, URL, web management, maybe SSH and mysql...just adds up.
Darryl Hein
Ah, I guess I was a bit misled by the title (as soon as I saw it I assumed it was mainly for passwords, I did read the whole question but not very closely I guess...)
yjerem
@Ed: Hasn't happened to me yet... I did have to change my password when hotmail.com changed to mail.live.com but it wasn't when I hadn't been there for a while.
yjerem
+1  A: 

Try Password Gorilla and use GetDropBox.com to keep it synced across machines. I think it was recommended by the developers of this site.

Nerdfest
They also recommended PasswordSafe for Windows machines ... Gorilla id for Linux/Mac.
Nerdfest
Too bad Password Gorilla doesn't allow you to store more information, such as an IP and domain...nicely anyway.
Darryl Hein
The version I've used (Linux) has fields for group, title, URL, userame, and notes (multi-line text), so if you use the notes for you IP, you should be covered.
Nerdfest
I'm thinking thought that I would need to install Password Gorilla on every box. This wouldn't work for a mobile device, such as a phone. I would also not want to install it on someone else's computer.
Darryl Hein
+1  A: 

I use KeePass. It has versions for various platforms (KeePassX for Linux, for example) and has been quite stable for me. No lost data yet, so I haven't had to resort to my backups :)

Mike Wagner
Not mobile. Needs to be accessible from any where.
Darryl Hein
Sure it is. Use KeePass Mobile. It's in the downloads section.
Mike Wagner
Oh sorry, I totally missed the "not USB".
Mike Wagner
Yeah and any computer. I don't think I should install it on a public computer, at say the library. It also needs to work on smart phones.
Darryl Hein
Either way, most of the responses here answer your primary question, which was how OTHER people store their authentication info. You go on to ask about a solution that will meet your needs, but this is a secondary question. Just pointing out for future posted questions :)
Mike Wagner
+2  A: 

I use PasswordMaker and it's fantastic Mozilla Firefox add-on. All passwords are generated from a website URL and your username. You enter a master password which then essentially "unlocks" all your passwords so you really only have to remember one password but can have a unique password for each website you have an account on.

PasswordMaker was also recommended by Jim McKeeth in Stack Overflow Podcast #9.

Note also that there are many other ways to integrate with PasswordMaker besides the Firefox add-on. For example, they have an online version that can be used essentially anywhere as long.

cowgod
Unfortunately it's the combination of users names, ips and other data that is important, not just the password.
Darryl Hein
A: 

Use the same password for everything. Give it out to strangers.

Just kidding. I use three tiers of passwords - the lowest one is really easy to remember, and applies to all accounts whose security I don't care about. I just use it for most things like this.

For the other stuff, I don't find it to be such sensitive information, so I'll store them in a large "info.txt" text file. I'll put a password hint next to it, such as "the bad one", or "double z" for example, if I have a password I use a lot that has two zs in it. I just use standard CTRL+F search to lookup the info.

Claudiu
As stated before, the password is probably the easiest to remember, it's all the other information that's not so easy.
Darryl Hein
+1  A: 

I keep everything always with me on my Treo, with SplashId. (Handles custom fields, too)

Joril
+1  A: 

I have two different solutions: For work related passwords (login to our webbservers and mysql users and logins), we use a shared google doc. It's not ideal, but it's better than having just one password (we did when I started), and it's better than being locked out if one guy gets run over by a bus.

My private solution is a variant of Jeremy Rutens solution, an algo that gives a couple of chars based on the url/hostname and another algo for the second half of the password (which usually gives me two or three choices when I've forgotten the pass - but that takes just a few minutes extra).

Ibn
A: 

I store my passwords in text files on an encrypted partition.

che
A: 

Like claudiu I use a several tier system and my memory, I have a good handful of passwords that I know all from memory, and depending on what type of stuff I'm using depends on what passwords I use. Effectively I have two or three passwords for each of my "tier" catagories. Sometimes I have to try several of them if it's a site I don't use often until I get in. Though typically I'm very good at remembering which one's I uses on which sites.

Sekhat
+1  A: 

Here's a simple solution that I think fits your requirements.

  1. Store all your usernames, passwords, URLs, IPs, whatever in a plain text file. Yes, really. You may even want to have one text file for usernames & passwords, another for URLs, another for IPs ... whatever works for you.
    Alternatively, if you'll have MS Office, Open Office, Star Office, or some other compatible office program available at every site, a spreadsheet works splendidly for this type of thing.
  2. Zip this (these) file(s) up and apply a good password.
  3. Attach this zip file to an e-mail you keep in your favorite Web-based e-mail box. To keep it easy to find, you might want to create a separate folder, or just create a separate e-mail account just for this purpose.

That's it. Assuming you can rely on have a Web browser with access to your Web mail, an unzip utility, and a text file reader (or better yet, spreadsheet reader), you can access your information securely from anywhere.

P Daddy
+1  A: 

I use Password Safe. You can store, organize and retrieve all the essentials in a snap. It also has a handy "generate random password" that I use more and more, especially for those once-in-a-while-never-worth-remembering-the-password sites.

http://passwordsafe.sourceforge.net/

What do you do for portability? Other computers and mobile devices?
Darryl Hein
A: 

Clipperz looks like a good solution. It allows you to store pretty much anything you want and encrypts all of your data with your password. It also includes an export feature and offline read-only version. And it's free!

Darryl Hein