Two weeks I go I wondered about passwords: how to tackle that?. Doing web development, I have tons of logins and I used to have one password for most of the sites I log in to. Not terribly safe.
My chosen solution: oplop. https://oplop.appspot.com/ . The comments on that previous blog post suggested that. It doesn't store anything on a server, everything happens locally in your browser.
- You pick some master password or passphrase that you can remember.
- When you need a password, you go to the oplop page and type in an identifier for the password ('google', 'bitbucket', 'yourcompany.com', whatever) and your master password.
- The identifier and the master password get combined into one md5 hash and then the first 8 characters are taken. There are a few extra deterministic rules to ensure it is a mix of characters and numbers.
- Tadaah, you've got your 8 character password that looks like a cat walked over your keyboard. I then tell firefox to remember the password, of course.
I've got a new mac, so that is a good way to start a-fresh with all my passwords. Every site that I have to log in to, I take the extra effort of setting a new password.
So: new apple, new passwords!