Quick Endorsement: 1Password
1Password is Macintosh/Windows/iPhone software that dramatically improves a built-in function, the "Keychain." It is so dramatically better that I think that you probably need to buy it.
Consider this scenario: You go to a website, say, oh, gawker.com, and you decide to comment on some article. So it asks you to make a login. So you need to specify a user name and a password.
Now, if you're like most people, you don't have a fetish for remembering passwords. If you're the typical user, you probably use one password for many different web sites. And that's bad, because if someone hacks gawker.com, and can decode your password there, they could use that password on other sites.
That is precisely what happened the other day. (insert emoticon of shock horror) http://blogs.forbes.com/firewall/2010/12/13/the-lessons-of-gawkers-security-mess/
Gawker was stupid, and their password database was easily decrypted. Worse, Gawker employees were using a single password on multiple sites, so now the "bad guys" are wreaking mayhem on many of Gawker's private data -- including money-related data.
So this presents a problem: You want to use a different password for every site, but you can't remember them all. You probably have 100+ web passwords. (Don't believe me, launch "Keychain Access" and count.)
On the Mac, you could use Keychain Access to remember the passwords for you, but many websites do not allow it to fill in the passwords for you. (You can work around this, but it's a little complicated.) Even if they do, getting Keychain Access to generate a fresh password for a web site is, well, a little complicated.
1Password solves all this -- it adds a button/menu thing to Safari and Firefox. Click it and it will fill in the passwords it knows about, even if the website doesn't want that. (It can also remember your credit cards, and fill THEM in.) It also has, right on that button/menu, a "create a new password" feature. Click THAT every time you create a login, and it stores what it created on its keychain. Also, 1Password has support for syncing passwords between computers, and to your iPhone. You can even specify which passwords need an extra layer of protection (eg. bank passwords).
Obviously, the most important thing is to make sure that the master password you select is VERY VERY secure. My suggestion is to do what William Gibson suggests, and tack three words together ("Mona Lisa Overdrive"), and change a few of the letters to numbers, or add a punctuation mark, or whatever. The trick is to make a phrase that's easy to remember, meaningful to you, and something that is an obvious answer to a password hint. So, for instance, you could have a password like "1vej%nahro", but the phrase "1'm cleaning my oven!" is actually MUCH MORE secure in addition to being more memorable and easier to type. (Note that the hint "That commercial that says BLANK while I sleep" is not a good one. Try "gleeful commercial")
Anyway, maybe you are a security nut who has memorized the 385th to 400th digits of π, and likes running gpg on the command line. If so, you can save $50.
If you're a normal person, you probably need 1password. As an incentive, it's has some gorgeous user interface candy.
Also, it's part of one of those "many Mac packages for cheap" bundles: http://www.mupromo.com/?ref=4438
Consider this scenario: You go to a website, say, oh, gawker.com, and you decide to comment on some article. So it asks you to make a login. So you need to specify a user name and a password.
Now, if you're like most people, you don't have a fetish for remembering passwords. If you're the typical user, you probably use one password for many different web sites. And that's bad, because if someone hacks gawker.com, and can decode your password there, they could use that password on other sites.
That is precisely what happened the other day. (insert emoticon of shock horror) http://blogs.forbes.com/firewall/2010/12/13/the-lessons-of-gawkers-security-mess/
Gawker was stupid, and their password database was easily decrypted. Worse, Gawker employees were using a single password on multiple sites, so now the "bad guys" are wreaking mayhem on many of Gawker's private data -- including money-related data.
So this presents a problem: You want to use a different password for every site, but you can't remember them all. You probably have 100+ web passwords. (Don't believe me, launch "Keychain Access" and count.)
On the Mac, you could use Keychain Access to remember the passwords for you, but many websites do not allow it to fill in the passwords for you. (You can work around this, but it's a little complicated.) Even if they do, getting Keychain Access to generate a fresh password for a web site is, well, a little complicated.
1Password solves all this -- it adds a button/menu thing to Safari and Firefox. Click it and it will fill in the passwords it knows about, even if the website doesn't want that. (It can also remember your credit cards, and fill THEM in.) It also has, right on that button/menu, a "create a new password" feature. Click THAT every time you create a login, and it stores what it created on its keychain. Also, 1Password has support for syncing passwords between computers, and to your iPhone. You can even specify which passwords need an extra layer of protection (eg. bank passwords).
Obviously, the most important thing is to make sure that the master password you select is VERY VERY secure. My suggestion is to do what William Gibson suggests, and tack three words together ("Mona Lisa Overdrive"), and change a few of the letters to numbers, or add a punctuation mark, or whatever. The trick is to make a phrase that's easy to remember, meaningful to you, and something that is an obvious answer to a password hint. So, for instance, you could have a password like "1vej%nahro", but the phrase "1'm cleaning my oven!" is actually MUCH MORE secure in addition to being more memorable and easier to type. (Note that the hint "That commercial that says BLANK while I sleep" is not a good one. Try "gleeful commercial")
Anyway, maybe you are a security nut who has memorized the 385th to 400th digits of π, and likes running gpg on the command line. If so, you can save $50.
If you're a normal person, you probably need 1password. As an incentive, it's has some gorgeous user interface candy.
Also, it's part of one of those "many Mac packages for cheap" bundles: http://www.mupromo.com/?ref=4438