Hi,

Would like to check with other business owners here, which software do you use for storing your server, website, email account passwords? Previously,

I was using a PIMS - SimBust but I found that it is more of an note management software and lacks many functionality which I need like sharing on different PC etc. Now, I downloaded trial of MS OneNote which looks promising and provide sharing facility of notes between PCs.

Which one do you use and why?

Thank you

I'm currently having mediawiki installed for documenting everything (including passwords). It's in the same subnet as our office network, with access restricted to the outside (absolutely no access, password protected on the office network).
Didn't have any issue with this setup.

Software ? I think its risky. I use my brain to store all stuffs. Nobody can penetrate.

Software ? I think its risky. I use my brain to store all stuffs. Nobody can penetrate.

+1

Brain ;)

When you need to remember a few hundred passwords...that's not cool anymore ;)

I use WinOrganizer. There is a copy installed on each computer I use, and I store main data file in encrypted flash drive (so I can access my data anywhere).

Brain! That's cool! I shall try myself for storing it 50+ web sites password.

Thanks, Daniel! I shall try WinOrganizer and will see how it's work for my situation.
Any else, using any other software which could help in storing password and making it secure while easy to access.

Regards.

I use an old server I picked up from eBay for like £25, 1u Pentium 4, 512mb or 1gb ram, 80 gb hard drive I think, with a minimal install of Debian, lighttpd, PHP5, OpenSSL, SQL Database server, and a really simple PHP application I made for it that only I have access to. It's in out personal network with SSL and only allows password-protected access (only 1 password for access to a lot).

50+ passwords shouldn't be a problem. I store passwords for dozens of servers, many forums and a truckload of email accounts without any problems.

I use Lastpass, which works with Firefox and IE, it works really good

Roboform mostly, but I also store in one called "personal passworder". Both are password protected themselves, with those being complex and memorized.
I can't imagine memorizing truly complex passwords in the quantity I use for all servers, forums, retail logins and emails...especially since they get changed frequently. Most passes I use are well over a dozen chars long, with mixed case, numbers, symbols and so on.

Isn't Roboform just some type of addon for browser?

It's a standalone app, with a browser addon component as well.

Oh, probably I used very old version then (used it years ago).

"keepass password safe" works good

It seems EVERYONE is using a different application...

More votes on one piece would have made life easier for the OP!

kwallet:agree:

I heard of keepass from one of my friend too. He has good feedback about it. Shall try it soon.
Thanks

RoboForm fan here. Helps me alot.

I use my brain...

Keepass for my 150+ passwords and stuff.

KeePass is fantastic, I just keep the file synced between my phone and my desktop and I have most everything I need with me where I go.

+1 For Keepass, its simple and it works.

I am storing more than 50 passwords in my brain and each pass is more than 15 digits.
You can try.....
Brain is having "unlimited" amount of space. Plus there is 0% risk of getting stolen.
In my opinion its the most secure.

Keepass looks great. I just downloaded it. :)
I am storing more than 50 passwords in my brain and each pass is more than 15 digits.You serious? Don't tell me the passwords are things like "qwertyui" or "12345678".
You can try.....I failed.
Brain is having "unlimited" amount of space. I don't think so.
Plus there is 0% risk of getting stolen.Hypnotism and getting drunk?
In my opinion its the most secure.I agree. :agree:

Hypnotism and getting drunk?Upto certain extent , I agree with you, but I do not drink bears or any other alcoholic drinks. There are few chances of pass steeling by Hypnotism.
Well, things differ from person to person, society to society, etc.

I am storing more than 50 passwords in my brain and each pass is more than 15 digits.
You can try.....
Brain is having "unlimited" amount of space. Plus there is 0% risk of getting stolen.
In my opinion its the most secure.

That's interesting!

I could see more than 3 replies for brain as password storing. Very intelligent and interest. I must appreciate.

Actually, the biggest risk of storing password in brain is the lose of memory or confusion at some point. I had an experience like this in past where I set the password for one of file of SimBust (the PIM software I referred in my first post as well) in which I stored important information and password of sites, email etc. Immediately, after setting the password, I found my friend in front of me who took my attention and suddenly I realized that I forgot the password which was set few minutes back. And guess what, I could not get that password even after several hours of efforts. :D

Do you still like to use your brain? If so, hats off to you for your decision.

Cheers!

Brain is good for saving passwords, but I couldn't remember all passwords. For example, we generate root passwords for servers RANDOMLY, and we change them often, so it would be impossible to remember all of them.

Wallet for OS X and iPhone by Acrylic Software. And Brain 2.0alpha for everything else. ;)

I have been loking for a decent software like this myself, one that has the ability to work cross platform, ie mac and windows and also if possible iphone. would prefer something that i can host on my internal servers, anyone have any ideas?

I guess there isn't perfect method so we all test different options.
Currently, I am testing the YubiKey.

If you are on Linux.. You can use the kwallet to store the passwords.. You just have to remember the password to the wallet..

I use Keepass, and I am anticipating the arrival of iKeePass in the UK appstore!

I use Dropbox to sync my databases across computers.

Since I jump between several computers at once, I'm using Evernote. It is a small downloadable app that synchs between iphone, pc, and online backup.

Basic plan on it is free and is more than i'll ever need for storing passwords.

We used MS Office Groove which shares calendars, notes, discussions, files, issue tracking, pictures, and meetings between PCs. We now use mediawiki that is firewalled.

I use Roboform for personal use.


___________________________________
Kevin
Canadian Web Hosting
http://www.canadianwebhosting.com

Hi, just wondering how many of you actually use your web browser (firefox, ie, opera) to store website, email, cpanel etc passwords? Since firefox offer protection through master password, will it be safe enough to use the browser?

Hi, just wondering how many of you actually use your web browser (firefox, ie, opera) to store website, email, cpanel etc passwords? Since firefox offer protection through master password, will it be safe enough to use the browser?

I suggest you using lastpass, which uses master password too and can be synced to IE, Firefox and iPod/iPhone(premium thought).

I love it!

Thanks for recommending lastpass. I shall try it soon and will see how it's work.

Am I the only one keeping them on a small agenda that I keep with me all the time?

Am I the only one keeping them on a small agenda that I keep with me all the time?

No, I do have some in a notebook, but it's just sometimes not 100% secure. I prefer a password manager that has a master password for encryption.

What about keylogging or a trojan?

We were actually thinking of implementing a system with an RSA key login + dongle (same as internet banking), however we are still working on how to get this to function onto the servers.

I use on screen self-made Java keyboard.

now we're getting complicated again...

there should be a way in which you could enter your passwords securely to any service..

I am storing more than 50 passwords in my brain and each pass is more than 15 digits.
You can try.....
Brain is having "unlimited" amount of space. Plus there is 0% risk of getting stolen.
In my opinion its the most secure.

The only downside to remembering passwords (I used to do this too, here's one of my passwords from about 12 months ago: Esaso!RNPda$5V) is, in my experience, the time spent remembering complicated passwords discourages you from changing those passwords as often as you should. I found I'd get lazy, and go "I'll change it next week" - you could enforce it on the server side, but not allowing yourself time to properly memorize it leaves you doing dumb stuff like writing them down.

Using a password manager, you're more apt to change them on schedule... at least that's what I've found.

What about keylogging or a trojan?

We were actually thinking of implementing a system with an RSA key login + dongle (same as internet banking), however we are still working on how to get this to function onto the servers.

Unless you're vetting what the user does once they're logged in, I'd say it's a waste of time. It'll up the bar, for sure - but if someone really wants in, they can still do it. In the case of malware - if the computer you're connecting in from is compromised then anything that comes from it can pretty well be tampered with. So unless your dongle is going to vet and authenticate every single message, it's a bit of a waste of time. All it'll do is remove you from the low-hanging fruit.

I think password protected private keys is enough to enforce the "something you have, something you know" without needing dongles.

Another vote for KeePass.

It works for both window and Linux which means I have one password database for both home and work.

I use a 15 digit pass phrase to access the database and each site has a different 20 digit random passphrase.

The only exception is google, for that I use a shorter, non dictionary password because I have a tendency to use it in a lot of places where I dont have access to my password database.

+ 1 for Roboform, its great!

Just to update all here. I have downloaded and currently using KeePass. It is really amazing. The plugin and features offered by KeePass2.0 are really good. I manage to import all the user name/passwords from firefox using one of the plugin available.
The security features available in KeePass are great and I am now confident that it will be secure way to store my passwords.
Will try it for a day and two and update here if anything noticeable thing comes.

Thanks for recommending KeePass and other softwares as well. Shall also try Roboform as this is the second most used software here.
:)

Just to add another password manager into the mix, I use Password Gorilla. Saves all passwords as a single file encrypted by a password. The main reason I use this is because of its cross-platform compatibility (and I think it's open source)

I'll throw another candidate into the mix. I use PassPack - http://passpack.com