I don't know quite what prompted it, but I've made a major change to the way I handled passwords over the last couple of days. I used to remember an assortment of quasi-random passwords for really important things (my GPG certificate, user and root passwords, PayPal etc). For other things I tended to use one password I've been using for everything for about eight years - with a couple of numbers thrown in sometimes, but usually not. I've mostly been careful to keep the trash password off anything with money attached, but even so, if you could guess it you would have been able to impersonate me in quite a lot of places...and probably wreck the Mandriva Club site. So I finally got my arse in gear and rectified this situation, with the help of Gpass, a very nice and simple GNOME password manager. It simply stores username / password pairs, with a name and description, in a database which is Blowfish-encrypted via a master password. Since the only thing you have to remember is your master password, you can make it nice and strong and just spend ten minutes memorising it. So now absolutely everything for which I have an account has a different, utterly random password, and Firefox is set not to remember any of them. Much safer than the way I had it before. It's something I'd definitely recommend; it takes a few hours to set up, and it's a bit of pain migrating things over, but it's definitely a better way to go. Just make darn sure you have the gpass database backed up several times in different places :)


No comments.