Recently I worked with a client who wanted to secure a number of his servers and services. I found that he was using a combination of notebooks and Firefox “remembered” passwords as his password management technique. From the start, I will announce that my worst password manager award goes to the “Firefox remembers my passwords for me” technique (although Firefox isn’t the only browser guilty of this…). For anyone reading this who has not yet seen the light -
My alternative to this is KeePass Password Safe. KeePass is free, open source, available cross-platform, and keeps all of your passwords in a password-protected, encrypted database. That’s right, you still need to remember one password to manage all of your entries, but without that master password, no one can access any of your passwords.
A couple of other great features:
KeePass is a great tool. I keep my multiple KeePass Databases on a portable flash drive, along with the installation packages for Mac OS X, Linux, and Windows, just in case I am using a computer without KeePass installed (and without internet connection). You can also get versions of KeePass that will run on a flash drive, but this seems like overkill to me for such a small application.
My one concern with KeePass is that the latest releases use .NET, and hence are not natively cross-platform. KeePass seems to be aware of the ramifications of their decision, and continues to make their 1.x releases available (and even updates them occasionally).
If you are not using a password manager yet, you should consider KeePass. If you have a large number of sensitive passwords stored in your browser, you should consider deleting them, and storing them elsewhere.
// TODO croquet rules, Habari theme(s), GWT/GAE // –imperialWicket