Passwords are probably the most annoying things that people have to deal with other than constant registration requests from every site we visit, which in turn breeds more passwords. A vicious cycle that leads to password reuse, and poor password policy.
I am both a geek and a sysadmin, therefor I know how important passwords are and how dumb password reuse is. To be honest though, I've been known to reuse weak passwords for logins I don't care about, that have nothing to do with my important information. Most trivial forums I do this with - because I don't care if my account there gets hacked, its not related to anything important. Sorry Ubuntu and RoosterTeeth forums if I randomly start posting ads for prada handbags.
I (foolishly) decided to try using the "Lastpass" password manager plugin for Firefox and Chrome (and I.E now I think) to manage my passwords. The interface is smooth, password generation easy. Lastpass even syncs the passwords via the ......Uh, "Cloud" so all my OS's and web browsers would be the same. This is about the point I should have /facepalm'd. But I didn't.
APT which I totally use sarcastically, as anyone is quick to label a security screwup on "oh noes, China's state sponsored hackers cracked our, uh, outward facing SQL server." /facepalm. From Google to Epsilon to Sony and many more, massive companies have had thousands of users information, passwords, emails, even credit card and banking information stolen by the shadowy world of Crackers, carders, thieves and Anon cowards. Cracking for the sake of cracking, or stealing honest peoples creds is just retarded. That is not the Hacker way, but thats a rant for another post.
Now, rather than doing the smart thing and deciding to use either my mind or an offline password manager, I stuck with Lastpass. Until this morning Now, I'm looking at the 37 passwords I had stored in there, including my Facebook, Twitter and Gmail logins, and others like github, roosterteeth, and Ubuntu forums. The smart thing is to change all these passwords immediately. 37 of them. Why, oh why did I even think trusting a CLOUD BASED password management system?
Because I like convenience. This is why we have weak passwords, passwords on sticky notes, stored in the browsers cache or, in (potentially) insecure cloud based sync systems. Lets face it, remembering 37 strong passwords is darn near impossible unless your some sort of memorizing genius. I can't remember what song I listened to ten minutes ago, forget remembering all those passwords.
IronKey usb drive.I'll let you know how it goes. Brain vs KeePass! (I've got $500 on keypass beating the brain, just fyi)
The most important thing to remember is no one is going to care about your passwords like you are. If you want to trust Firefox or Lastpass, or even KeePass to keep your passwords safe, then do so. Myself, I tried to give one such service a chance, and I'm back to the 'ol noodle. I hope. What is your favorite method of password management / generation? Please comment and spread the wealth!