When everything you do requires a different password, how do you keep up with them all? The most common solution is to use the same username and password in as many contexts as possible. Not only is this ill-advised, it’s not all that practical. Maybe someone else is using your favorite username. Maybe your favorite password is too short or too long for some contexts, etc. So you end up with dozens of minor variations on a preferred username/password pair.
One solution is to keep all your passwords in place and have a strong password that unlocks your password collection. A security professional friend of mine recommends Password Safe for this purpose. It works well as long as you’re at your own computer or at a computer where you can access Password Safe on a flash drive, but not if you’re using a public computer.
Another solution is to use a third party authentication service like OpenID. Jeff Atwood posted a thorough discussion of the pros and cons of OpenID on his blog yesterday. OpenID can reduce the number of passwords you need to manage, but it won’t cut the number down much until more sites accept OpenID.
{ 1 comment… read it below or add one }
John Venier 05.23.08 at 09:34
I think the IronKey sounds good:
https://www.ironkey.com/
There’s also the Mandylion:
http://www.mandylionlabs.com/
Having a hardware solution can be annoying and perhaps pricey, but it does conform to the “something known, something owned” model for credentials.