Linked In Password theft

The recent Linked In password theft inspired me to write this post about password management.

Passwords are everywhere. We have them at the office, and at home. There are so many that no one person can remember all of them. Most people probably have credentials for web sites they don't remember using.
One way to keep track of logins and passwords easily is to use the same one on multiple sites. That makes it easier to remember one password. However if anyone ever exposes that one password, now they can go to other common web sites and try that password. So that means you are trusting some guy running a web site from his garage with the password to your bank account. They have your email and your common password. They could go to many different common web sites and access your private information. You never really know how secure people are being with your passwords. In reality companies should really not keep your real password but a hash of your password so only you really know what your password is. But who really knows what they are doing with them.
To keep things simple and keep things secure I use a free opensource program keepass. Keepass This application is small. You can even run it from a thumb drive. It will generate passwords that are different for each web site and keep them encrypted and secured. I use this in conjunction with dropbox and I am able to access my passwords on any machine. I turn off all password remembering on my browsers, that way I know only keepass has my passwords and they are safely encrypted.

So get secure and get keepass.