Too much info?

I’m losing my marbles.

It is entirely my own fault of course, due to the fact I’m a complete and utter tart. I sign up for the latest widget, doodah or thingymajig at the drop of a hat, and as I am, believe it or not, fairly security and safety conscious, I do try and use different passwords for them all.

Add in the number of websites that I maintain, with different logins for admin screens, blogging platforms, and FTP settings…

THEN add in online banking, email addresses and… well you get the picture. Like most people who spend a fair … ok ok… large portion of their time online, I have, quite simply, too many chuffing details to remember.

Web browsers do their best by helping to remember passwords and so on, but that’s fine until you have to reinstall or use another computer. Then you usually fall back on the password reminder system offered unless, of course, there isn’t one. Then you, ummm, I, am completely screwed.

FTP sites are the worst. Which is no small matter as I have details for about 20 or so, both my own and those I’ve worked on.

So, my dearest readers, how do you handle all this? I’ve tried Keypass, text files, even an Access database back in the day. None of them work. Ideally I need something that is either portable, or encrypted so I can host it on a web server somewhere. Risky? yes I guess so but that’s an argument of ease-of-access versus security and as I’m lazy I go for ease-of-access and to hell with the consequences.. until they, you know, happen. Then, yeah, not so much.

Anyway, hints, tips, ideas, applications… help me!!!


  1. thom said:

    Flexwallet is one of the main reasons I have to stick with a Windows Mobile phone. Desktop & Phone; secure; simple; customisable templates.

    Worth a look.

    December 12, 2007
  2. Ian D said:

    One of my friends swears by 1Passwd which does allow you to take passwords on palms/treo’s and I’m sure iPhone too. I use Yojimbo at the moment as a dumping ground for notes, passwords which are encrypted and other stuff that needs a home.

    December 12, 2007
  3. Mark M said:

    Write the information on a piece of paper, and keep that in your wallet: it’s 99% secure – definitely better than a file on a USB stick, etc.

    December 12, 2007
  4. bitful said:

    Use one password for every single logon. Write password on piece of paper. Put paper under keyboard. 😉 I swear I’ve seen people do that.

    I’ve started looking for a solution too, and I’ve had Passman recommended to me:

    December 12, 2007
  5. Gordon said:

    thom – yeah, I miss my Windows Mobile when it comes to stuff like this.

    Ian D – Yojimbo is OSX only yes? I’m still, largely, a Windows user.

    Mark M – yeah…. oh look, someone stole my wallet. 😉

    bitful – that’s what I do right now. OK, not really but it’s damn close!

    December 12, 2007
  6. Ian D said:

    Yes, Yojimbo is for Mac. There area couple of online password managers out there but I’ve no idea how safe or secure they are. I wouldn’t trust them but then I’m paranoid.

    December 12, 2007
  7. Lyle said:

    I tend to use two methods for this.

    1) For “normal” website stuff, I have about five passwords. One for sites I never plan to use again, two for sites I return to, and two for stuff that I don’t want stored using the other passwords.

    All are “secure” in that they’re a) not words per se, b) aren’t just letters and numbers, but also upper/lower case, and have punctuation in as well, c) not 733+-speek adaptations and d) words that’re only relevant to me and my history, thus not known by the majority of people anyway.

    2) For FTP stuff in particular, I tend to keep a spreadsheet with site, username, and password. That’s then encrypted and password-protected, and stored on my laptop (and thus on my backup drive) and also on a domain that’s also protected through .htaccess. (i.e. password to get to it, then still having to know what the decryption key is)

    Of course, if I forget the encryption password then I’m knackered, but as it’s one that’s significant to me without being obvious, I think it’s fairly safe to recall.

    Oh, the third step – just in case I do forget it – I have a number stored on my mobile which, when typed in again through predictive text will give me the password.

    Paranoid? Me? Yeah, probably. But it works, and I’m yet to permanently forget a password.

    December 12, 2007
  8. I use the “service” recommended by Jon Udell years back –

    You remember one password and the above website (actually the javascript on that page, so it’s all local) munges it with the domain name of the site you want to log into to give a password that’s unique to both you and the site.

    You only have to remember one password; it’s portable across computers because nothing is stored anywhere (apart from your head).

    And you can get a nice bookmarklet that means logging in only requires me to click “Generate password” on my toolbar and fill in my master password, and the bookmarklet fills in any password fields on the page with the relevant password.

    December 12, 2007
  9. Armin said:

    Don’t think it has been mentioned yet, Password Safe is the one I use. Originally developed by Bruce Schneier but now open source.

    December 12, 2007
  10. Blue Witch said:

    I have 2 file boxes of index cards, filed alphabetically, kept under lock and key. One card per site/application etc.

    Works perfectly for me, and never ever fails.

    Ah, the old fashioned solutions are the best 🙂

    December 12, 2007
  11. Blue Witch said:

    And, on the back of each card, I also write additional info: eg when I’ve changed password, or paid for a service, or dates and items I’ve ordered from particular sites (together with any relevant details about delivery speed, customer service, ‘goodwill payments’ that have been required/made etc).

    Obsessive, moi? Mais oui, but at least I don’t make the same mistake twice. If a company has been dreadful, I’ll never order from/use their services again!

    Customer service is my hobby, jsut as computing is yours…

    December 12, 2007
  12. Gordon said:

    Index cards! Why didn’t I think of that. We use them extensively at work, which I’ve always found funny, a high-tech, bleeding edge IT company relying on index cards so heavily.

    The Web 2.0 part of me (god, did I just say that?) would really like a portable solution that is completely web focussed. I use Google for all my other personal stuff, and it is a system that works for me, so I’m surprised there isn’t something out there in the same vein.

    December 12, 2007
  13. Lyle said:

    There is, of course, the Google Browser Sync add-on for Firefox, which does all of what you’re talking about (except for the FTP passwords, unless you do FTPing from within firefox too)

    Personally I don’t get it to save passwords – Google can know too much, IMHO – but it can do so.

    December 12, 2007
  14. Pete said:

    Write them all down on a piece of paper, but use some really basic encryption method to make it more secure (for example, replace every second letter with the next character in the alphabet). As long as you don’t use real words in your passwords, it will be uncrackable.

    December 12, 2007
  15. John said:

    I’ve been using SplashID for a few years now for this sort of thing.

    It’s quite flexible, allowing you to define custom fields for different types of entry and to categorise entries so that you can easily zero in on a particular class of items (e.g. showing just work-related records, or all bank account entries, or all web site logins or whatever.) It’s a commercial product, but it’s not at all expensive given that it’s a program you’ll end up using every day, and considering that you get both a desktop and a PDA version of the program for the price.

    (I’m using the PalmOS/MacOS version, but they also do a Windows Mobile/WIndows version which I’d imagine has the same functionality.)

    December 13, 2007

Comments are closed.