questionswas your password compromised ?

vote-for27vote-against
vote-for5vote-against

I use 1Password on my Mac. It's not free but it's a very convenient way to keep my passwords organized. I have one (local) password to access 1Password but I use its strong password generator for all websites that contain anything worth protecting.

Edit: Damn. The price has gone WAY up since I purchased it..now ~$50. It used have a limited version that only stored X number of passwords. Now it appears that they offer a 30-day free trial.

vote-for12vote-against

I use KeePass and it's free. Link

vote-for12vote-against

I use an old-school piece of paper in a safe place. Works terrific.

vote-for10vote-against

@missellienc: I use KeePass also, because it runs on MacOS, Windows, Android, and iOS.

I store the KeePass database in Dropbox so it's always up-to-date on all of my devices.

And no, my password wasn't compromised. 16 characters, mixed case and specials, randomly generated by KeePass.

vote-for10vote-against

I just have an Excel spreadsheet of all my passwords. It's protected with a simple password that I made sure my son knows.

Protip: make sure someone close to you knows how to get to your passwords in an emergency. Found this out the hard way when son's father died.

vote-for6vote-against

For normal things (mainly anything except credit cards and banking) I use a simple mental password system where I base the password on a common pattern that is customized and made unique for each site. Makes it easy to remember (all I have to remember is the "key" for each site and the general pattern) while making them impossible to guess. I do use a a few common generic passwords for throwaway cases tho (things I don't care much about because there's no serious information: read-only forum / website accounts), although more and more I have either been deleting accounts I don't use or going to the unique passwords and storing them in Firefox.

Realistically there's only so much one can do at your end: chosing a strong password and protecting it. Vigilance is all that can be done against the rest (up-to-date antivirus, rapid reaction to any compromised systems, using multi-factor authentication, etc.) since companies clearly are getting compromised quite a lot.

vote-for4vote-against

Linkedin - Yes. But I changed it immediately when I started hearing rumors.
I use a different unrelated password on every single site that is as complex as allowed.

I use Keepass religiously and sync the encrypted database via dropbox. Both Windows/Mac/IOS/Android have both dropbox and keepass clients. Dropbox is free, Keepass is free for most clients and minimal cost for a descent one on IOS.

Yeah, it's a pain but working in ITSec I've long since learned I can't control what others do with my data. I don't want to end up as a hermit so I take the measures I can take to lock stuff down.

vote-for3vote-against

My password hasn't been compromised AFAIK and I don't use any kind of program to remember them. I have forgotten a few though. I try to steer away from anything that even remotely makes me think hmmmm...is this site safe?

vote-for4vote-against

I use LastPass. It is cross platform, including WebOS, so I can access my passwords from anything. It also supports two factor authentication with YubiKey.

The free version doesn't include mobile, but it is well worth the money.

vote-for1vote-against

I use my brain. I have different completely random upper/lowercase letter/number/symbol passwords for every site. Takes me 3 or 4 times entering a new password to have it memorized.

vote-for1vote-against

I also use Lastpass for non-financial sites. For financial site (my bank, my credit cards) I have a password protected Word document on my laptop, and on it I have solid hints for all my passwords. Clear enough hints that I have no trouble figuring them out, and someone who knows me very well could probably also figure them out, but not a stranger. That's also where I keep the notes for the silly stuff, like which letters have to be capitalized for those sites that require it. I hate complicated password requirements. For a little while my credit union required a password that was exactly ten letters. After about 20 minutes trying to think of something, I just set my password as "exactlyten". They changed the rule so I switched to a better number-letter password.

vote-for1vote-against

@sully51: Wow. You've either got a photographic memory or you visit a lot fewer password protected sites than I do. I have about 50 passwords on my "secret" list, and I have no idea how many minor ones Lastpass is keeping track of, but it's a lot. I've been online for an hour and had to enter passwords for eight sites so far, five deal-of-the-day sites, my email, EBay, and a place I shop for pet toys. When I pay my bills later it's going to be another dozen password protected sites. There's no way I could remember that many "different completely random upper/lowercase letter/number/symbol passwords" .

vote-for1vote-against

@moondrake: Not really. You might be surprised how quickly you start to remember even complex passwords when you use them every day. I am required to change my password at work every 90 days, and it has to include at least 1 uppercase, 1 lowercase, 1 number, and 1 symbol, and be at least 10 characters long. I don't necessarily come up with a new password for each site, but I do rotate them around. It's better to have a smaller "pool" of passwords and change them regularly than it is to have a different password for each site that never changes.
But I also prioritize the sites. If it's not a site that will ever contain any of my sensitive information, I will use the one of maybe 4 less complex passwords. If the site will have access to any financial information or otherwise sensitive info, it will get a more complex password that I'm not currently using anywhere else (not to say it hasn't been used before).