I admit it: I’m a Net Nerd (a professional one at that).  As such, I have dozens of sites that I frequent for both personal and professional reasons. Being security conscious, I have accumulated a mix of passwords and usernames. At last count, I had over a dozen passwords that I had to juggle in my head. Combine that with any of half-a-dozen usernames, and you can imagine that things eventually got out of hand. It finally got to the point where I was unable to log into any site without multiple attempts. Something had to be done.

I’ve developed a system that works incredibly well without sacrificing security. It employs three tools: 1passwd which handles login credentials in my browsers, TextExpander which handles passwords for non-browser apps like Terminal, and Lockbox.cc which stores passwords and other sensitive info securely on the web so I can access it from any machine.

First, 1passwd ($29.99 by Agile Web Solutions) is an excellent password manager and auto-fill utility for the Mac. (Sorry, Windows users. This one’s Mac only). 1passwd helps you by remembering your login credentials on a site-by-site basis. It’s smart enough to know what page it’s on and presents you with the credentials for that page. It even lets you save multiple credentials for the same page, which is extremely handy if you have multiple accounts on the same site (GMail, for example, or multiple test accounts on a site you’re developing). Finally, 1passwd stores this info in your keychain, so the most current info available in any browser at any time. Copying that keychain file from computer to computer allows you to extend 1passwd’s central utility across all of your computers.

So 1passwd covers login forms, but what about non-browser applications such as Terminal? Another strategy I employ is to use TextExpander to remember complex (and hence secure) passwords for root accounts. TextExpander, if you don’t know, is a must-have utility ($29.99 from SmileOnMyMac.com) that expands abbreviations as you type. It also makes those snippets available in your system’s toolbar, which is key to this tip. Since 1passwd doesn’t work in Terminal, I put the root password in a TextExpander snippet. When challenged for the password in Terminal, I simply select it in the TextExpander pull-down, and I’m good to go. This allows me to store any number of root passwords for any number of accounts.

(Note: I recognize that this technique requires storing your passwords in the clear in your TextExpander preferences, but if someone has hacked into your development system, you’re in a world of hurt for entirely different reasons.)

The final tool in my password arsenal is Lockbox.cc. This is a site I created (and which you are welcome to use) that allows me to store sensitive info securely on the web. This allows me to access this info from any computer, not just my development systems. For example, let’s say you just set up a site on a new host. The host typically sends you an email with your ftp login instructions, phpMyAdmin credentials, and other critical links. I save the relevant info in Lockbox.cc and I’m good to go.

So 1passwd is for daily use in my browser, TextExpander is for frequent use via Terminal, and Lockbox.cc is for archival and off-site access. Together, I’m able to use a variety of strong passwords and usernames without sacrificing convenience or utility.

Links:

• 1passwd - $29.99 @ http://1passwd.com, free 30 day trial
• TextExpander - $29.99 @ http://smileonmymac.com, free 30-day trial
• Lockbox.cc - Free! @ http://lockbox.cc

This entry was posted on Thursday, July 5th, 2007 at 7:01 pm and is filed under Tips & Tricks . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.