I've used lastpass before and was wondering what others use for passwords. I jump between 3 machines so a secure tool would be nice. Just wondering if there are alternatives to lastpass.

thanks

I dont use 1, but just read this thread a day ago.

It gives some alternatives : http://ubuntuforums.org/showthread.php?t=1999228

I've tried password managers but found them not to my tastes.

I've memorized a lengthy and complex character string I use as the core of my passwords. I use a little algorithm I've memorized to, then, build a unique password around that core for each individual site. In essence, I reconstruct a site-unique password each time, rather than memorizing them all. I'm sure the very long strings generated by a password manager is, technically, harder to crack. But, this seems reasonably secure to me.

I also limit this approach to sites where my money is at potential risk. (Limiting who you give your banking or credit card info to is an important way to reduce risk.) For sites like this I use a couple of other complex passwords I've simply memorized.

(Writing down complex passwords on a piece of paper you carry with you -- don't stick it on the monitor -- is actually not such a bad idea, *if* you omit the name of the sites each password applies to. That you hafta memorize.)

I've tried password managers but found them not to my tastes.

I've memorized a lengthy and complex character string I use as the core of my passwords. I use a little algorithm I've memorized to, then, build a unique password around that core for each individual site. In essence, I reconstruct a site-unique password each time, rather than memorizing them all. I'm sure the very long strings generated by a password manager is, technically, harder to crack. But, this seems reasonably secure to me.

I also limit this approach to sites where my money is at potential risk. (Limiting who you give your banking or credit card info to is an important way to reduce risk.) For sites like this I use a couple of other complex passwords I've simply memorized.

(Writing down complex passwords on a piece of paper you carry with you -- don't stick it on the monitor -- is actually not such a bad idea, *if* you omit the name of the sites each password applies to. That you hafta memorize.)

Just to play the devils advocate, are you sure that if someone where to get a hold of one of your passwords for one site (in clear text), would they be unable to reverse your process? just a thought. Its usually not good to reuse any part of a password as a rule of thumb. Code breaking is all about looking for reoccuring patterns in data.

Just to play the devils advocate, are you sure that if someone where to get a hold of one of your passwords for one site (in clear text), would they be unable to reverse your process.

No, I'm not certain, of course. On the other hand, using a password manager does not protect you if the password is captured. Password managers are just a convenience for people who do not want to manually handle all their passwords. They do create lengthy passwords, but we could all do that anyway.

My exposure to risk is mitigated because I use that password scheme with only 3 sites. Money and privacy are not at risk at other sites, where I use other passwords whose loss it likely only to generate spam.

Frankly, I think we are at greater risk from inadequate protections at some of the organizations that retain our athentication data. More transparency about how they store and protect that data is needed. (My bank, on the other hand, uses two-factor authentication for routine logins, while any attempt to transfer money out of the account, or set up something like a new recurring bill payment, or make changes to the account itself, requires another layer of additional authentication using a fob provided by the bank. All communication is onsite, so the only email I might get from the bank is a linkless notice to go to the site.(I.e., any allleged bank mail with a link is a phishing attempt.) Other organizations need to use the same approach.

Frankly, I think we are at greater risk from inadequate protections at some of the organizations that retain our athentication data. More transparency about how they store and protect that data is needed. (My bank, on the other hand, uses two-factor authentication for routine logins, while any attempt to transfer money out of the account, or set up something like a new recurring bill payment, or make changes to the account itself, requires another layer of additional authentication using a fob provided by the bank. All communication is onsite, so the only email I might get from the bank is a linkless notice to go to the site.(I.e., any allleged bank mail with a link is a phishing attempt.) Other organizations need to use the same approach.

+1 and it seems to happen enough.

Frankly, I think we are at greater risk from inadequate protections at some of the organizations that retain our authentication data.
+1
I'm in total agreement. Good call.

+1
I'm in total agreement. Good call.
+2