So, some password expirations along with the revelation that one of the more sizeable forums had been hacked and all their usernames and passwords stolen made me finally get do what I’d meant to for a while and start using KeePass.
KeePass is a free/multi-operating system/open source program with encrypted database to maintain your passwords, and includes a password generator. Now, instead of having my three passwords (one throw away, one root, one financials) I’m basically generating a unique 20 character value for each and every site. It’s certainly more of a pain in the ass – I’ll need to start using some scripts on things instead of manually looking up and typing a password every time – but in the long term, it’s the only way to eliminate the potential of compromise between different sites.
I know some people are already better at this than me – what do you use?
My current practice is to just use mkpasswd on linux to make a random passwd then plop that into a txt file that gets gpg’d. I just look for zinger.asc, then gpg -d zinger.asc then copy/paste that into the login panel.
This way each site has a unique passwd and can have a unique userid… though that does get a little annoying 🙂
Passwords are so last year, I use a null entry.