Note: I am talking about for a regular Joe desktop user, not a sysadmin or something else. A friend of mine says he keeps all his major passwords in a single plain text file locally on his computer.
I personally feel like that isn't a good idea, because if a hacker gains access to his computer and finds the file then he knows all of his passwords. Then again, if the user doesn't do anything odd on the internet, and just does some mild browsing, word processing, and email, how risky is this? Suppose this person has a typical home setup; something like a modem --> WiFi router (built-in firewall) with WPA2 password --> OS firewall and if Windows then proper antivirus software installed, etc.
Alternatively, what would you suggest for average users who need to keep up with many passwords? Just have them all hand written? Only store them on removable media and disconnect them immediately after using them? Use a single password service like LastPass? Just let the web browser save all your passwords for you?
EDIT: Didn't know about this, looks really cool: https://en.wikipedia.org/wiki/FIDO_Alliance Hope it gets implemented sooner than later.
Bookmarks