I started reading up on password managers in order to consider using one.
Up until now, I've made up passwords myself, and stored them in an encrypted file. Some of the drawbacks include: * I keep the passwords on the short side * I don't change the passwords as often as I should * I sometimes use the same password on more than one site All of the above because it is not convenient enough for me to do better. My head is just not "into" reading about password managers--it just seems to be too boring to really get into, so, I thought I'd try posting here to get opinions and recommendations from the list. (I am continuing my effort to read--maybe I'll get a renewed burst of enthusiasm after I send this ;-) Here are some of what I think are my criteria for a password manager: * encrypted storage on my own machines (no storage "in the cloud") * ability to transfer to other devices, including Android tablets and phones--either all the passwords or just one for some special logon on a machine I don't normally use. Currently I do almost everything (that requires a password) on one of my desktop computers. I have a laptop that I use very occasionally. Occasionally I've had to go to a library (or similar) to use a Windows machine. I do have an Android tablet and phone, and, in general, I don't use that for confidential type stuff (no banking, for example), but that could change if either I feel very secure or in some sort of extreme emergency. * (a repeat of part of the previous bullet) a means to easily take an individual password to another machine for occasional use of another machine * a means to recover all the passwords if the password manager becomes defunct (and this also implies backup and restore capabilities) * a means to automatically generate secure passwords * a means to automatically update passwords on the target websites (to facilitate regular / frequent password changes)--this is probably a stretch--I mean something that would work its way through the various screens and prompts to change a password with a minimum of manual intervention by me As an alternative to a password manager, I may create my own memorizable password generator "algorithm" that I can mostly use "in my head". For instance, it could be something like this: * think up a multiword phrase, possibly with a mnemonic connection to the target website (or, have a means to extract them from a book, e.g., the 3rd sentence of the 5th chapter of War and Peace--or maybe the first sentence in the book that contains the word bank would become the passphrase for my bank). * have a consistent substitution algorithm, which might do things like this: * capitalize the nth letter of each word (or the nth letter of the first word, the (n+1)th letter of the 2nd word, ... * substitute (or insert) a punctuation mark for (like above) the mth letter of each word (or the mth letter of the first word, the (m+1)th letter of the 2nd word, ... --the puntuation might be selected in, for example, keyboard order (or reverse keyboard order) across the numeric keys (e.g., !@#$%^&*() (although maybe some of those might be invalid in (some?) passwords) * some other similar generation rules Obviously, having "published" these ideas, my actual implementation will be somewhat different ;-)