I’m beginning to be overwhelmed.
A few weeks ago, I lost a USB-key (or flash-drive) with a copy of my master Firefox profile on it. The master profile has all the passwords on it. Think about that for a minute. ALL THE PASSWORDS. In one place.
After a rather frantic day changing the passwords on 227 different accounts, and struggling with a new password regimen, it became clear: I need a way to manage passwords. I probably also need better passwords, or at least more of them.
In the process, I also found which sites had rather poor password policies, and I’ve made a list of places to re-assess. In this day and age, password policies of “all numeric” or “only eight characters” or “upper-lower case only no numbers” are absurd. I’ve already decided to change vendors in some instances, due to absurdist password policies.
I still have to figure how to manage the passwords. There are several commercial solutions, as well as some open-source, but they almost all suffer from one or more drawbacks. I guess I’ll end up making a compromise, somewhere.
The first problem is with the hardware solutions – you have to carry it around with you, it needs batteries, it only stores a small group of passwords, what if I lose it? I don’t think I’m going to use a dedicated hardware unit.
The software solutions, well, I think I’ll have to go with one of them, but for an alternate path, I’m also beginning to use OpenID. I have accounts on several of the providers, but after having poked around a bit, I think I’ll end up using the Google-based provider most often. In order for this to work, of course, you have to have a Google Profile – and thus a new webpage was birthed.
Along the way I’m also going to finally take the plunge into the smartphone pool – StupidPhone™ is starting to wear out, and it’s about time I stepped forward from the trailing edge of technology. Whichever password manager I pick needs to run on an Android-based phone.