Password Manager opinions and recommendations
I started reading up on password managers in order to consider using one.
Up until now, I've made up passwords myself, and stored them in an encrypted
file. Some of the drawbacks include:
* I keep the passwords on the short side
* I don't change the passwords as often as I should
* I sometimes use the same password on more than one site
All of the above because it is not convenient enough for me to do better.
My head is just not "into" reading about password managers--it just seems to
be too boring to really get into, so, I thought I'd try posting here to get
opinions and recommendations from the list. (I am continuing my effort to
read--maybe I'll get a renewed burst of enthusiasm after I send this ;-)
Here are some of what I think are my criteria for a password manager:
* encrypted storage on my own machines (no storage "in the cloud")
* ability to transfer to other devices, including Android tablets and
phones--either all the passwords or just one for some special logon on a
machine I don't normally use. Currently I do almost everything (that requires
a password) on one of my desktop computers. I have a laptop that I use very
occasionally. Occasionally I've had to go to a library (or similar) to use a
Windows machine. I do have an Android tablet and phone, and, in general, I
don't use that for confidential type stuff (no banking, for example), but that
could change if either I feel very secure or in some sort of extreme
emergency.
* (a repeat of part of the previous bullet) a means to easily take an
individual password to another machine for occasional use of another machine
* a means to recover all the passwords if the password manager becomes
defunct (and this also implies backup and restore capabilities)
* a means to automatically generate secure passwords
* a means to automatically update passwords on the target websites (to
facilitate regular / frequent password changes)--this is probably a stretch--I
mean something that would work its way through the various screens and prompts
to change a password with a minimum of manual intervention by me
As an alternative to a password manager, I may create my own memorizable
password generator "algorithm" that I can mostly use "in my head". For
instance, it could be something like this:
* think up a multiword phrase, possibly with a mnemonic connection to the
target website (or, have a means to extract them from a book, e.g., the 3rd
sentence of the 5th chapter of War and Peace--or maybe the first sentence in
the book that contains the word bank would become the passphrase for my bank).
* have a consistent substitution algorithm, which might do things like
this:
* capitalize the nth letter of each word (or the nth letter of the first
word, the (n+1)th letter of the 2nd word, ...
* substitute (or insert) a punctuation mark for (like above) the mth
letter of each word (or the mth letter of the first word, the (m+1)th letter of
the 2nd word, ... --the puntuation might be selected in, for example, keyboard
order (or reverse keyboard order) across the numeric keys (e.g., !@#$%^&*()
(although maybe some of those might be invalid in (some?) passwords)
* some other similar generation rules
Obviously, having "published" these ideas, my actual implementation will be
somewhat different ;-)
Reply to: