"Ed Huntress" wrote:

Wow! You must have one good memory. Or your passwords are too obvious.
Or you don't have that many. *Some* of my account names and passwords are
on 3 x 5 cards and that deck is 1/2" thick.

Most of mine are encryptions that follow an algorithm I have in my head, and
a memorized sequence for applying the algorithm. Sometimes I have to stand
for a moment in front of ATM machines, and at the supermarket, while I run
the algorithm in my 30-Hertz central processing unit, which I keep under my
hat. d----8-)


I gave up on having Firefox remember the passwords and yes I use a password on the
password list since any virus could swipe the list and put me in a bad spot.

Now I use lastpass https://lastpass.com/ This program keeps my passwords in an encrypted
file, uses their servers to syncronize my passwords across every device I use on the
internet. Only an encrypted file is kept on their servers and they don't know my password
if they can be trusted.

Every new site I enter, I have lastpass create a unique password and store it. If I join
a site tonight and tomorrow I fire up firefox from my usb drive at work, I have the
username/password combination available as soon as lastpass connects to their servers.

Steve Gibson did a podcast on it. http://twit.tv/sn256

I trusted firefox to secure my password list, trusting Lastpass, that I pay for their
service, wasn't that different a trust situation.

TIP. If you ever forget your password and a site sends it back to you, that password is
toast. They stored it where someone administrating the site can see it in the clear even
if encrypted.

More secure sites, create a hash of your password then save it and then compare the hash
of your entered password after they hash it each time when you log in to see if there is a
match. They can not tell you what your password was. A hash is a one way function that
if properly implemented has no reverse execution.

Wes