It comes with no surprise to me that online database of passwords are being hacked. Last week Gawker Media got compromised and their password database stolen. Passwords were stored in an encrypted format but are still prone to dictionary attacks.
So how do I do it?
I use a different password for every account I create online. I combine uppercase, lowercase, numbers and non-alphabetical characters when possible.
How do I keep up with different passwords?
Well with so many passwords it is almost impossible for me to remember them. I use an excellent software: KeePass.
Do I create my own Passwords?
I do mostly. But lately I have let KeePass generate them for me.
How do I access my own password database from different places?
The easy way? Storing the password database on a USB thumb drive. Just make sure that the database has a strong password for accessing it.
The convenient way? Synchronizing to the cloud. I use DropBox for that matter. I can download from the website, or if feasible, install the DropBox and KeePass application on the local machine where I am working on.
What If I need to access the site using my SmartPhone?
No problem. I installed DropBox and KeePass for Android. Both Applications are available for pretty much all mobile platforms.
Is my smartphone saving passwords for websites?
Yes, for convenience, although it is a security concern.
What if my phone gets lost/stolen?
I installed Android Protector and the most sensitive applications require a PIN to access it. I have also installed Lookout for Android which allows me to backup sensitive data to the cloud, remote lock, remote locate and the best option, remote wipe.
Do I change my passwords?
Yes. Every 3 months at the most.
This is what I do for my passwords. How do you do it?