After shitting the proverbial brick last week re the Apple ID/iCloud debacle, I downloaded 1Password and methodically changed the password to everything I cared about with a randomly generated string that included non-alphanumeric chars. Sometimes I find this inconvenient as the integration on the iOS app is not great (unless I'm missing something), and will never improve unless Apple exposes APIs allowing deeper integration; but my current thinking is the extra security is worth it. Previously all my passwords were the same thing modulo a changing non-alphanumeric char, which I understand is dumb, but I was too lazy to change them. The aforementioned Apple incident provided the final impetus for change. Obviously, it later transpired that the breach was down to social engineering and weaknesses in human security rather than compromised passwords, so all this is moot as the best security precautions are only as strong as the weakest link in the chain.

Something else I found interesting is Apple allows a max of 32 chars in their passwords. I discovered this as the password I was trying to set was significantly longer than this. Does this not suggest that the passwords are not hashed? If they were the length of password would not matter as the hash outputs are identical lengths and Apple could set the db column size accordingly.

I also switched to 1password after that debacle (though I should have done it before). 1password is great on a mac, but accessing passwords (via dropbox) from a linux machine is a pain in the ass.

Password management still seems like an unsolved problem.

I wrote a bit about this awhile back here (http://software-and-algorithms.blogspot.com/2012/06/password...). Basically, I use HMAC to generate passwords based upon a single strong password and an account-specific phrase.

All of my passwords are randomly generated and kept in a password database. The database is then auto-sync'd to a cloud storage service. This keeps my passwords secure, but easily accessible.

Specifically, I use Password Gorilla (since it's psafe compatible and cross-platform) and SpiderOak (since it's encrypted and cross-platform).

LastPass Premium -- it runs on everything. I am happy with it, but I'll probably take a look at 1Password soonish.

The price of 1Password turned me off. (There was also some UI glitch I didn't like, but I don't remember what it was, and Lastpass is no beauty itself.)

One of the ways I manage my passwords is by not sharing meaningful information about how I manage them in public.

PasswordSafe is good http://pwsafe.org/ and helps me keep a different password for every site. You can also save some ancillary information as well - useful for developers with data keys for api access.

Simple and quick to use which helps maintain the discipline.

There was a discussion right about this 4 days ago : http://news.ycombinator.com/item?id=4343097

I've been using RoboForm, not well designed (it seems like they are improving though) but works great on both Mac and PC (sucks on iOS).

We are using LastPass. There are risk still though.

keepasx

1password.

KeyPass has always treated me well, is free, and runs on multiple platforms.