Password Managers and Post-It Notes

Thursday night at 11:30 pm and you need to access a site to complete a large project you're working on. You should be asleep but that is something that a sane person would be doing. Instead you're playing beat the clock to get your work done for Friday at 9 am and you find that you can't remember your password.

Thursday night at 11:30 pm and you need to access a site to complete a large project you're working on. You should be asleep but that is something that a sane person would be doing. Instead you're playing beat the clock to get your work done for Friday at 9 am and you find that you can't remember your password. 

In a fit of rage you turn over your keyboard and are about to bash it against the monitor against while screaming something barely intelligible when you notice a yellow sticky note affixed to the underside of the keyboard. For a moment you're relieved as you recall putting the errant password information on it. 

On closer inspection you realize that it is a note from your Information Security department. "We know it is often hard to remember so many passwords but, please don't do this again. If you recall we had a discussion with your department about this last month. Signed, Infosec". 

A mixture of homicidal rage and embarrassment washes over you. In short order the embarrassment takes front and center as it dawns on you that, yes, this is something that you should know better. On the note it continues "PS- Have helpdesk reset your password and use a password manager to help manage your credentials".

Sneaky approach? Of course. Will you ever forget this lesson? Not a chance. 

Password managers, for those of you not familiar with them, are applications that are purpose built to store credentials in a secure manner so that you only need to remember one password to access the application and not 200+ or so as most IT practitioners have to contend with on any given day.

So, what are some examples that are out there of these applications? First off there is my go to application from the folks at AgileBits. Their password management tool is one called 1Password. 

This application allows you to save all sorts of password credentials with relatively seamless integration for submitting passwords into web forms. The part I enjoy with this application is the fact that I can synchronize the password database across multiple devices. To say that this is rather handy for me would be understating it. 1Password isn't free but, I've been a user for quite a long time and quite like it.

From AgileBits:

1Password is a password manager that goes beyond simple password storage by integrating directly with your web browser to automatically log you into websites, enter credit card information, fill registration forms, and easily generate strong passwords.

Another handy tool is the free application called Keepass.

From Keepass:

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

[UPDATE] I'm rather embarrassed to admit that I neglected to include Lastpass when I first published this piece. I will go sit in my shame closet now. Thanks to Ben Jackson for catching this significant miss on my part. =]

From Lastpass:

Have more than one computer? At work, at home, on your laptop - wherever you'll be browsing, you can download LastPass and login with the same account. Your data is securely synced automatically, so you always have access to your latest updates.

These are a few of great tools to help you manage your passwords and ensure that you can avoid sticking notes to your monitor and under your keyboard.

This is by no means an exhaustive list. If you have suggestions that have worked for you please share them in the comments section. 

Cheers!

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.