questionswas your password compromised ?


I use 1Password on my Mac. It's not free but it's a very convenient way to keep my passwords organized. I have one (local) password to access 1Password but I use its strong password generator for all websites that contain anything worth protecting.

Edit: Damn. The price has gone WAY up since I purchased ~$50. It used have a limited version that only stored X number of passwords. Now it appears that they offer a 30-day free trial.


I use KeePass and it's free. Link


I use an old-school piece of paper in a safe place. Works terrific.


@missellienc: I use KeePass also, because it runs on MacOS, Windows, Android, and iOS.

I store the KeePass database in Dropbox so it's always up-to-date on all of my devices.

And no, my password wasn't compromised. 16 characters, mixed case and specials, randomly generated by KeePass.


I just have an Excel spreadsheet of all my passwords. It's protected with a simple password that I made sure my son knows.

Protip: make sure someone close to you knows how to get to your passwords in an emergency. Found this out the hard way when son's father died.


For normal things (mainly anything except credit cards and banking) I use a simple mental password system where I base the password on a common pattern that is customized and made unique for each site. Makes it easy to remember (all I have to remember is the "key" for each site and the general pattern) while making them impossible to guess. I do use a a few common generic passwords for throwaway cases tho (things I don't care much about because there's no serious information: read-only forum / website accounts), although more and more I have either been deleting accounts I don't use or going to the unique passwords and storing them in Firefox.

Realistically there's only so much one can do at your end: chosing a strong password and protecting it. Vigilance is all that can be done against the rest (up-to-date antivirus, rapid reaction to any compromised systems, using multi-factor authentication, etc.) since companies clearly are getting compromised quite a lot.


Linkedin - Yes. But I changed it immediately when I started hearing rumors.
I use a different unrelated password on every single site that is as complex as allowed.

I use Keepass religiously and sync the encrypted database via dropbox. Both Windows/Mac/IOS/Android have both dropbox and keepass clients. Dropbox is free, Keepass is free for most clients and minimal cost for a descent one on IOS.

Yeah, it's a pain but working in ITSec I've long since learned I can't control what others do with my data. I don't want to end up as a hermit so I take the measures I can take to lock stuff down.


My password hasn't been compromised AFAIK and I don't use any kind of program to remember them. I have forgotten a few though. I try to steer away from anything that even remotely makes me think this site safe?


I use LastPass. It is cross platform, including WebOS, so I can access my passwords from anything. It also supports two factor authentication with YubiKey.

The free version doesn't include mobile, but it is well worth the money.


I use my brain. I have different completely random upper/lowercase letter/number/symbol passwords for every site. Takes me 3 or 4 times entering a new password to have it memorized.


I also use Lastpass for non-financial sites. For financial site (my bank, my credit cards) I have a password protected Word document on my laptop, and on it I have solid hints for all my passwords. Clear enough hints that I have no trouble figuring them out, and someone who knows me very well could probably also figure them out, but not a stranger. That's also where I keep the notes for the silly stuff, like which letters have to be capitalized for those sites that require it. I hate complicated password requirements. For a little while my credit union required a password that was exactly ten letters. After about 20 minutes trying to think of something, I just set my password as "exactlyten". They changed the rule so I switched to a better number-letter password.


@sully51: Wow. You've either got a photographic memory or you visit a lot fewer password protected sites than I do. I have about 50 passwords on my "secret" list, and I have no idea how many minor ones Lastpass is keeping track of, but it's a lot. I've been online for an hour and had to enter passwords for eight sites so far, five deal-of-the-day sites, my email, EBay, and a place I shop for pet toys. When I pay my bills later it's going to be another dozen password protected sites. There's no way I could remember that many "different completely random upper/lowercase letter/number/symbol passwords" .


@moondrake: Not really. You might be surprised how quickly you start to remember even complex passwords when you use them every day. I am required to change my password at work every 90 days, and it has to include at least 1 uppercase, 1 lowercase, 1 number, and 1 symbol, and be at least 10 characters long. I don't necessarily come up with a new password for each site, but I do rotate them around. It's better to have a smaller "pool" of passwords and change them regularly than it is to have a different password for each site that never changes.
But I also prioritize the sites. If it's not a site that will ever contain any of my sensitive information, I will use the one of maybe 4 less complex passwords. If the site will have access to any financial information or otherwise sensitive info, it will get a more complex password that I'm not currently using anywhere else (not to say it hasn't been used before).