Yawn, yawn… not a very exciting subject, but it has to be done. The number of passwords and accounts that most of us have to keep track of is just not manageable without some sort of system, unless you have a photographic memory. I don’t.
I’ve had a few systems over the years; from using the same password for every account, to variations on that password depending on the website, to a password-protected spreadsheet. But none of these was really satisfactory.
I recently came across LastPass, which I have been using for while now. It integrates into my browser, and works great most of the time. It painlessly logs me into whatever site I happen to have stored in my vault and asks to store logins for any new sites. I don’t have to remember the password which means that I can use really secure ones, and I can also view them if I need to. On the downside, I still feel a little nervous having all my access details floating up there in the cloud. I know it is all encrypted, but still…
So, for the accounts that I really don’t want anyone to get their hands on I have stuck them onto an encrypted USB key (using TrueCrypt). I only mount it when I need to so it is hardly ever exposed to the outside world. Although I’m not so sure about TrueCrypt now, after the original project was mysteriously abandoned earlier this year. TODO: check out VeraCrypt, which is apparently an improved fork of TrueCrypt.
All very boring and time-consuming stuff, and I don’t think there is a perfect solution, but I do feel a little bit more comfortable now that something has been done.