Password manager

A password manager is a secure password-protected database of your passwords with some program that lets you access the database. The obvious advantages are:

    • You only need to remember one master password (to access the database)
    • Each site's password is completely independent of the other sites' passwords. Thus for each site you can make your password be as long as possible and with as large an alphabet as possible (including whatever special characters that specific site permits) and if you need to change a site's password, you do so and then don't need to remember any versioning info later. Also for the very stupid sites which assign you a password instead of letting you choose one, you can simply add your assigned password into your database.
    • The nicer programs have many time-saving options, e.g. customized filling in your user name and password at each site's login page.

The obvious disadvantage is that you must always have access to your password database. That's no problem if you only use one computer, but if you use many computers, including computers that don't belong to you (e.g. in libraries or customers' offices or friends' homes, etc.) this means you need to do something like:

    • Carry your password manager on a USB memory stick with you and hope it works on the computer you're using.
    • Put your password manager somewhere on the web where you can get at it and hope you will be able to access that site when you need to.
    • Carry it on some small computer or smart phone with you which you use to look up passwords and then manually type looked-up passwords to the computer you're using.
    • Save an encrypted document with a plaintext list of your passwords someplace e.g. in your email account so that you can get it and safely decrypt it on any computer (e.g. using http://bitwiseshiftleft.github.com/sjcl/demo/ which runs the decryption locally in your browser via Javascrypt).

And even if you never use computers you don't own, if you use several computers, then you must worry about keeping the password manager in sync across all your computers. I.e. if I add a new password to a new site on my desktop, I want to be able to find that password later when I'm using my laptop.

Despite these practical inconveniences, many people use this kind of system, so there are many existing password manager programs which seem well supported with large user bases. Searching the web for "password manager" will find many such programs, as well as reviews and comparisons of them.

A popular free cross-platform open source one is KeePass from http://keepass.info or its lighter-weight equivalent KeePassX from http://www.keepassx.org/.