How do you keep track of passwords?

jmax1201 · 2015-12-17T19:44:18.000Z

I do realize it is not always great to write down your passwords, especially store your written passwords near your computer. I also realize it is not safe to store them on your computer (Excel Spreadsheet, Database, etc.). I have been thinking about storing them in a password manager. However, keeping all of your passwords under one password is not so safe either. I realize there is not a way to keep your passwords 100% safe.

So, how do you keep track of your passwords? In your opinion, what is the safest way to keep track of your passwords?

Thanks!

starg33ker · 2015-12-17T19:45:45.000Z

I keep them in a free open-source software called Password Safe.

pwinch · 2015-12-17T19:48:05.000Z

At the office, we use KeePass, and have a few different databases for the different level of techs. Personally, I use an app called Pocket on my Android. Both work great!

stopthenoise · 2015-12-17T19:50:47.000Z

a great memory and keepass

drgort · 2015-12-17T19:52:39.000Z

I do have accounts & passwords documented on paper.
The paper is with our backup media in the fire/water-proof safe that is not in the server room, so don’t look there…
You do have an IT safe, right?

Neally · 2015-12-17T19:54:14.000Z

KeePass & brainz

georgemcfarlin · 2015-12-17T19:58:14.000Z

Thycotic secret server.

http://community.spiceworks.com/topic/1334456-fyi-until-12-21-thycotic-is-giving-away-secret-server-express-3-000-value

saluki · 2015-12-17T19:59:13.000Z

LastPass with a YubiKey authentication device.

I read an article a few months ago that said to use a notebook locked in a cabinet. “China can’t hack your cabinet.”

@LastPass

dean · 2015-12-17T20:02:36.000Z

iPassword. An app on my phone that has a separate code from my phone and stores all my usernames and passwords in it.

jordan-thycotic · 2015-12-17T20:23:34.000Z

Snufykat:

Thycotic secret server.

http://community.spiceworks.com/topic/1334456-fyi-until-12-21-thycotic-is-giving-away-secret-server-express-3-000-value

Thanks for the shout out, George!

Hey Jason! What type of passwords are you trying to store? Your own personal or your team’s shared IT passwords? How are you currently managing your passwords today?

I understand your caution towards not wanting to keep all of your eggs in one basket, but once you have them vaulted you’ll never have to memorize a password again and can set strict password requirements and begin rotating them automatically. Secret Server may be a good solution for you and provides military-grade encryption and 2-factor authentication.

I’d love to learn more about your use case. Please direct message me with any questions.

Thank you,

Jordan

@georgemcfarlin

mike-keeper-security · 2015-12-17T20:26:07.000Z

Hey Jason,

The ‘safest way’ to protect your passwords is probably not what you’re looking for. For example, here’s how the world famous hacker, Adrian Lamo protects passwords.

For something secure AND convenient, try a password manager. Javvad had a great post recently about why he uses a password manager.

Keeper is cloud and native across mobile, desktop and browser. From a security standpoint, we’re the only audited password management software in the space that is zero-knowledge.

Zero-knowledge security architecture guarantees that only the end user has access to stored data as all data is encrypted at the device level (not on the server) and the encryption keys, derived from the user’s master password, are also stored on the device, not the server. Everything is encrypted, including meta data.

Check out our security disclosure here: Best Password Manager Security & Data Protection | Keeper Security

@Keeper_Security

@jmax1201 @javvad-att-cybersecurity

mlanglois · 2015-12-17T20:27:10.000Z

we use Keepass. its nice.

kptim · 2015-12-17T20:38:31.000Z

Just remember them. I like GORT’s method of keeping them in an accessible/unforgiving “Undisclosed Location” in case of your demise.

kfberns · 2015-12-17T20:42:30.000Z

I tried KeyPass once and it balked when I tried to access my passwords and wouldn’t let me in. Thank goodness I still had the master list available.

Now I use a spreadsheet and password protect it and keep a copy on a flash drive. It’s not the most secure but then we don’t have any earth shaking data to protect either so it fits our situation.

phoenix04 · 2015-12-17T20:44:27.000Z

I use to use Keepass, but when management saw how nice it worked for me they wanted to expand it and share it among more users. That quickly got out of hand. We had one master password that controlled EVERYTHING and no one could be prevented from using credentials above their pay grade.

Since we are in the construction industry we send and receive a ton of large CAD files. Every bid we get some sort of link and login credentials. It was a bit of a nightmare.

We settled on Zoho Vault. Now we can share passwords as well as keep track of them from anywhere and any device. The android app makes my life sooooo much easier.

Zoho

Centralized Password Repository - Zoho Vault

Zoho Vault helps you store all your passwords in a centralized repository and organize them for better access and management.

tazking · 2015-12-17T20:44:51.000Z

yellow stickies stuck randomly around my monitors and under my keyboard…

I also use keepass. We also have a break glass account with username and password documented and stored in a physical location in case the bus finally hits me.

codyherb · 2015-12-17T20:49:40.000Z

I personally use @LastPass , i mean nothing is technically full proof. If you have a password that is strong, and two factor authentication it can only be as strong as you the user keep it.

But Lastpass has been great so far, even with being acquired by the logmein group, i haven’t seen a drop in performance or service.

jmax1201 · 2015-12-17T21:20:27.000Z

kfberns:

Now I use a spreadsheet and password protect it and keep a copy on a flash drive. It’s not the most secure but then we don’t have any earth shaking data to protect either so it fits our situation.

I am using this tactic now. I hide the data columns then password protect it. It seems safe to me. Thanks!

djaxis · 2015-12-17T21:23:21.000Z

Lastpass with 2factor auth. I do like its ability to share passwords if you happen to work in a team where multiple people need access to similar resources

Brony-Overlord · 2015-12-17T21:23:57.000Z

I use lastpass