Password management is not a simple task, for me that is

I’m hav­ing trouble keep­ing track of all my online pass­words. Being the good little net / social media junkie that I am, I tend to sign up for every demo or beta that there is…just to try them out. 

Here’s the prob­lem: they all want a pass­word. I’m lazy. I give them all the same, dis­pos­able pass­word, think­ing “hey, if it’s com­prom­ised, no wor­ries, it’s not the one I use for my banking..etc”. Now that’s not very secure. I’ve since changed my ways. I have hun­dreds of passwords.

For a long time now, I’ve been using Pass­word Safe on my home com­puters, an open source pass­word ‘vault’ applic­a­tion that securely encrypts your login id, pass­word and oth­er attrib­utes or notes you want to keep about sites you log into reg­u­larly. I keep the data file on a serv­er, and Pass­word Safe run­ning on those com­puters loads the data over the network.

But lately I’ve been using a Flash Drive to keep my doc­u­ments and applic­a­tions handy as I move from com­puter to com­puter to work com­puter. I’ve also installed a port­able applic­a­tion man­ager / sys­tem called Port­able­Apps. Unfor­tu­nately Pass­word Safe does­n’t have a Port­able­Apps version. 

So now I’m test­ing KeePass — the new­er applic­a­tion on the block. It has quickly garnered a large and vocal fol­low­ing, and for good reas­on. Here’s the fea­tures list:

• Strong Security
• Mul­tiple User Keys
• Port­able and No Install­a­tion Required
• Export To TXT, HTML, XML and CSV Files
• Import From Many File Formats
• Easy Data­base Transfer
• Sup­port of Pass­word Groups
• Time Fields and Entry Attachments
• Auto-Type, Glob­al Auto-Type Hot Key and Drag&Drop
• Intu­it­ive and Secure Win­dows Clip­board Handling
• Search­ing and Sorting
• Multi-Lan­guage Support
• Strong Ran­dom Pass­word Generator
• Plu­gin Architecture
• Open-Source!

One of the cool­er fea­tures is (with a plu­gin) the abil­ity to import Pass­word Safe data, so I can now carry my hun­dreds of pass­words with me, as I need them.

Even­tu­ally I’ll prob­ably install KeePass on my home com­puters, point them to the single data file on my serv­er, and replace Pass­word Safe. 

Anoth­er option, one that I’m just start­ing to explore, is online pass­word vaults. I’ve recently set up a PassPack account, but am hav­ing issues with the CSV import of my exist­ing pass­word file. 

The concept looks cool, seems secure, but I’m in no hurry to con­vert yet. Pass­Key is work­ing for me right now.

Now here’s a ques­tion, what do you (do you?) use to keep your pass­words safe yet con­veni­ent? Online? Off­line? Paper??