23
12
Is there a password manager that I can use on multiple computers, to remember all the passwords I use on the sites I visit?
Password manager for multiple computers?
Answers
17
If you are already using a password manager, you could combine that with a cloud service like dropbox, or mesh. Just make sure that you can save the profile of your password manager inside a folder that is synced by the cloud service and all your other connected computers will get the updates!
Chuck
Posted 2009-08-18T23:12:43.380
Reputation: 491
2+1 for suggesting a local password manager (most secure) in conjunction with cloud storage. Additional tip: Don't store your master password in the cloud :-) – Chris W. Rea – 2009-08-18T23:24:33.730
6I use the password file on Dropbox, but require a key file that is not on dropbox. Since the key file doesn't change, I don't have to worry about it being out of sync. But since the password file needs the keyfile to be opened, I'm covered if Dropbox gets hacked. – CoverosGene – 2009-08-18T23:41:02.137
I'm using Keepass. – CoverosGene – 2009-08-18T23:41:51.573
1KeePass + mesh works fine for me as well ;) – Torbjørn – 2009-09-04T04:17:21.287
16
I have a very simple way of dealing with passwords:
I don't like password managers, but I like crypto, so I take advantage of one-way hashes (md5, sha1, etc) and generate passwords using them.
How it works?
First, I choose a good long password that I will use everywhere. For example qwerty (don’t use that, just an example). Now for every site, your password will be the md5 (or sha1) of qwerty + site name. For example:
$ echo “qwerty http://www.facebook.com” | md5
9d7d9b30592fd43dd6629ef5c12c6e9a
$ echo “qwerty http://www.twitter.com” | md5
cdf0e74e19836efb20f29120884b988d
That way my password for facebook is 9d7d9b30592fd43dd6629ef5c12c6e9a and for twitter is: cdf0e74e19836efb20f29120884b988d
Both long and secure. If someone steals my twitter password he has no way to reverse back to figure out the other passwords. Plus, doing that you don’t need any password software stored (just the md5/sha1 binaries which come by default on Linux and are easy to find on Windows).
sucuri
Posted 2009-08-18T23:12:43.380
Reputation: 261
Sounds pretty cumbersome - do you literally have to open up a shell and type that command to log in to any site? – Steve Bennett – 2011-10-07T06:05:36.680
5That's actually nice, except for websites that trim the password to their criteria WITHOUT telling you but surprisingly they only trim on signup and not on login. – silverCORE – 2012-08-08T16:37:02.790
1
or use http://passwordmaker.org that is basically a GUI around that idea.
– tool – 2012-12-13T12:02:12.0403
How do you remember what the exact site name is? For example, http://www.facebook.com now directs to the secure login page (https://www.facebook.com - not formatting right but that's https instead of http as the protocol). Will you remember that when you created the password, you used the old nonsecure page? Or what about when www.foo.com starts directing you (a year later) to www.foo.com/login or something like that?
– Jer – 2012-12-27T14:55:34.337In addition to password recall, you also have several other issues that prevent this from being a 100% solution. For instance, sites that have specific password requirements (symbol, upper-case, max-length, etc.) would all break this approach. Then you would have to remember which sites you hashed and which sites you had to set different passwords to, in addition to everything you already have to remember (password, hash key, site name, etc.). – Moses – 2013-04-08T18:41:26.907
4AAARGH! Principle is fine, but your keyphrase will be all over your bash logs AND will be visible to other user of the machine you're on if you type it in like this! – brice – 2014-04-14T18:52:13.237
@sucuri Interesting idea, but what do you do when a website forces you to replace your password every 3 months (and even checks that the new password is different than the old one)? – Erel Segal-Halevi – 2014-04-25T06:26:20.057
10
Lastpass is another good alternative.
CGA
Posted 2009-08-18T23:12:43.380
Reputation: 3 767
...and the Lite version is free – Joe Schmoe – 2009-09-01T10:07:59.770
5
Something like Keepass on a USB drive that you always have available might be a workable solution as well.
Travis Northcutt
Posted 2009-08-18T23:12:43.380
Reputation: 901
3
I recommend KeePass: Keepass.info
The latest version has built in sync option so you can setup a local ftp server or a network share and use keepass. Network share might be simpler as keepass implements its on file locking mechanism so it will tell you if someone else is using the password database. It also has many ports so you can even put it on ur mobiled phone, home computer (ftp sync), etc..
J Sidhu
Posted 2009-08-18T23:12:43.380
Reputation: 606
KeePass is available in binary form for most operating systems and some PDAs. – Chris Nava – 2009-08-19T03:48:22.613
2
I use Password Safe, and manually sync the data file between the computers I use regularly (a handful -- it's manageable.)
Chris W. Rea
Posted 2009-08-18T23:12:43.380
Reputation: 10 282
2
Take a look at http://passwordmaker.org/
The cool thing about this is that you don't need to synchronize passwords between multiple computers because given a master password and the name of a website it will generate a password for that site that will be the same every time from any computer.
There's a plugin for firefox, and various other tools to generate the passwords.
rjmunro
Posted 2009-08-18T23:12:43.380
Reputation: 1 078
2
Keepass Portable installed inside a Dropbox* folder works really well. If you often use public computers, you can use Dropbox Portable to sync the passwords to your thumb drive.
There is also Passwordmaker, but it only works for new passwords. If you don't want to bother to change all your old passwords, it good for you current accounts.
*Warning: refferal link
Daniel H
Posted 2009-08-18T23:12:43.380
Reputation: 1 506
1
Firefox with Firefox Sync (also known as Weave) is good for that. Remote storage is encrypted; the encryption password is separate from your Weave credentials.
Tobu
Posted 2009-08-18T23:12:43.380
Reputation: 2 584
1
Something like this? I do not personaly support doing this, but this is what you are looking for.
I have not used these, but I recommend finding reviews and user experience stories as this could be a potential major security hazard.
Troggy
Posted 2009-08-18T23:12:43.380
Reputation: 10 191
Passpack is a life saver! – Michael La Voie – 2009-08-18T23:35:49.603
1
If you are talking about passwords for websites, etc. then I recommend using the Firefox extension XMarks. All you have to do is install it on every computer and it will synchronize passwords as well as bookmarks.
Bertlacy
Posted 2009-08-18T23:12:43.380
Reputation: 29
Was a great option in '09 but XMarks is closing down at the end of '10. – Cory House – 2010-10-05T13:57:25.883
XMarks has plugins for IE, Friefox and Safari – nickf – 2009-08-18T23:36:05.657
1
Try this: Xmarks: The Easiest Way To Synchronize Bookmarks (Or Favorites). It also synchronizes your passwords.
1
Roboform has an online capability, not only can you sync but my understanding is that you can access the stuff on their site without having the client installed (say, someone else's computer.)
They also have a U3 version of the program--put it on a U3 key and you can use it on any computer.
Loren Pechtel
Posted 2009-08-18T23:12:43.380
Reputation: 2 234
1
Seconding Clipperz. This is an excellent site that allows you to download a local copy of your passwords that can be opened by any javascript-capable browser, giving you offline access. It also allows you to setup one-time-only passphrases to minimize exposure to keyloggers, etc.
orphu
Posted 2009-08-18T23:12:43.380
Reputation: 31
1
There are a couple of great devices for password management (http://mylok.ii2p.com/ and Roboform) . I'm constantly traveling and I've found them more useful when I'm hopping from computer to computer.
Troy
Posted 2009-08-18T23:12:43.380
Reputation: 11
0
I recommend JPass. It is java-based simple application, so i can use that on Linux at home and Windows at work (and it is freeware for private and commercial use). Very handy app.
JPass is a simple, small, portable, free and cross-platform password manager application with strong encryption. It allows you to store user names, passwords, URLs and generic notes in an encrypted file protected by one master password.
marioosh
Posted 2009-08-18T23:12:43.380
Reputation: 2 921
I suggest you specify what operating system(s) you use. Windows, OS X, Linux? – Chris W. Rea – 2009-08-18T23:22:44.170
1
dupe? http://superuser.com/questions/255/how-do-you-keep-track-of-all-your-passwords
– fretje – 2009-08-18T23:24:28.130@fretje: SU-Q255 didn't specifically ask about multiple computers. So, I would say this is a more specialized version of the question and not strictly a dupe. But, there's value in combining some of those answers with a sync tool or service. – Chris W. Rea – 2009-08-18T23:28:16.407
And the most upvoted answer for KeePass on SU-Q255 specifically mentions cross-platform as one of the reasons the person answering (me! :)) uses it. – jtimberman – 2009-08-19T07:25:13.317