Joined on 12-11-2001
TechSoup Member
I've got personal usernames and passwords - some personal and some professional, organization usernames and passowords, etc. It goes on and on. Right now, I've got multiple spreadsheets. Eek!
How are folks keeping track?
Does it connect with your mobile devices?
How do you share it with others?
Is there a good software solution?
Thank you!
Joined on 11-10-2003
TechSoup Member
On the mac side - 1Password is great! Well worth the price.
http://1passwd.com/
Joined on 02-18-2004
New Hampshire
As an IT person, I cringe that you would keep a spreadsheet of your usernames and passwords. This is very common unfortunately. I always advise people with difficulty remembering passwords to get a biometric fingerprint reader. I don't know how many times that I've found peoples passwords on a sticky note under their keyboards in addition to their online bank account numbers.
Joined on 03-21-2001
Los Angeles
There are many products that try to solve this problem. I have not yet used any of them, but maybe we can get some guidance from users of, e.g.
KeePass or, for Gnome desktops,
Revelation (which the
Free Software Foundation is promoting).
I'll second the recommendation for KeePass. Self-contained and very secure; I run it off a USB flash drive and it does quite nicely. There is even a *nix port available, so you can share a database in a multi-platform setting.
I had used it a few years ago, but a bug caused my database to get unrecoverably wiped out. This left a bad taste in my mouth... but the rest of the program was so good that I started making periodic backups of the data, in the event that it would get corrupted again. (It never has.)
Other problem is that -- since I use the in-built password generator -- all my passwords now are 20+ random letter/number/symbol strings. Thus, if I am ever without my flash drive, I find that I can't log into anything anywhere. :cwm11;
Currently I use a mix of flat .txt files to store my un/pw combos in. With that being said, this is stored on a TrueCrypt drive encrypted with AES and my GPG/PGP keys.
The only reason I've used this approach, instead of a seperate tool is it's only one login that I have to enter to gain access to my encrypted files.
Joined on 12-11-2001
TechSoup Member
Ok, these are interesting answers, but I'm not sure they get to the heart of the problem.
I've got staff that need access as well. For example, everyone needs the UN & PW for our New York Times subscription, some need UN & PW for website admin, only financial staff need access to our bank info... My spreadsheet is 200 lines long.
This isn't something I want to put on a keychain and take home with me (although that's a good offsite backup). It needs to be on the server where staff can access it, preferably with different levels of access.
Any other ideas?
Thank you!
In that position, I would use the KeePass program and set up different database files. One for my own personal passwords, one for "shared", another for the financial ones, etc. Each one could be secured by a different password that you control. Thus, access to the passwords can be controlled by which groups of staff have which passwords.
Make sense?
Joined on 07-20-2005
Hartford, CT
I don't see anything wrong with keeping usernames and passwords in a spreadsheet. You just have to be conscious of whom has access to that file. You may want to encrypt it (try
TrueCrypt). But there's nothing wrong with even a simple text file so long as you take the correct precaution. Don't lose your TrueCrypt passkey, though :)
: I don't see anything wrong with keeping usernames and passwords in a spreadsheet.
As Chris shared, in this instance you're probably ok to keep these items in a less secure method like this. Make sure that you have some level of control over who can access, as well, who can delete. It's probably ok to keep the file read only.
One thing to remember, is many online services make it pretty easy to change a password. Consider that anyone who has the 'current' password might be able to change to a 'new password' causing you problems in resetting the info. Make sure that people only have rights to access the information they need. ie: Your reception staff doesn't need access to Microsofts eOpen tool.
Also, make sure when someone terminates that all the passwords they had access to get reset. If they continue to use subscription access from another job site you may be (likely are) in violation of the vendors acceptable use policy.
Joined on 06-09-2002
TechSoup Member
For me, the answer is the Microsoft Fingerprint Reader. The software keeps the usernames and passwords encrypted so I don't have to worry about someone seeing a spreadsheet. The file can be imported or exported so I can have the same access for my desktop and laptop without reentering the information twice or having to remember when I update one to update the other.
elwoodpc
Spreadsheets and small ms access dbase stored on TrueCrypt which allows a time limit on how long it is left open. When I open the dbase it opens a form which searches for the account I want. Nice thing about the dbase is as soon as I move to another record it saves the info.
Joined on 02-18-2004
New Hampshire
It sounds like a fingerprint reader is not what the original poster is looking for. Am I correct that your company has a subscription to what you are looking at with one username and password?
My solution is an intranet (web) interface to a database. The records are filtered based on the network name of the user logged into the browsing computer. So, a user can only see the passwords that are relevent to that user.
In the case of a termination, it is straightforward to determine which passwords need to be changed by simply querying the database to determine which passwords were available to that user.
Joined on 07-20-2005
Hartford, CT
elegant, tclaremont :)