Pinterest Stumbleupon Whatsapp

With everything online rightly requiring a password to be chosen, stored, and entered, it’s getting increasingly difficult to manage these random collections of numbers, letters, and symbols.

Difficult, but not impossible. With your help perhaps we can turn difficult to easy.

If A Thief Has Your Key, Change The Locks

We want to know, How Do You Manage Your Passwords? This question is asked in light of the Heartbleed bug recently discovered in OpenSSL Massive Bug in OpenSSL Puts Much of Internet At Risk Massive Bug in OpenSSL Puts Much of Internet At Risk If you're one of those people who've always believed that open source cryptography is the most secure way to communicate online, you're in for a bit of a surprise. Read More . One simple programming error led, two years later, to the Internet being broken. And it will remain broken until all of the affected websites update OpenSSL to fix the error.

The only advice worth listening to regarding Heartbleed is to change all of your passwords once the storm has passed Heartbleed – What Can You Do To Stay Safe? Heartbleed – What Can You Do To Stay Safe? Read More . Changing them prior to a website updating OpenSSL is absolutely pointless, as your new password will then be leaking out to passing ne’erdowells utilizing Heartbleed for nefarious purposes.

If you emitted a groan at the very idea of changing all your passwords then you’re not alone. I did the same, and so did everyone I know in real-life. But it’s a necessary step to take if you want to ensure you’ve done all you can to prevent becoming a victim of identity theft, fraud, or hacking. Remember, security matters.


Which leads us to the point of this post: to discuss, discover, and disseminate the ways we all manage our online passwords. We want to hear how you’re managing your passwords, and we want to know everything about your system short of the actual passwords you’re currently using.

How do you choose a strong password? How do you remember different passwords? And which password goes with which website or service? Do you have a system? Do you use password management tools 5 Password Management Tools Compared: Find the One That's Perfect for You 5 Password Management Tools Compared: Find the One That's Perfect for You Choosing some sort of password management strategy to deal with the huge amount of passwords we need is crucial. If you're like most people, you probably store your passwords in your brain. To remember them... Read More ? If so, which one? Do you write all your passwords down on a piece of paper? Do you have a preferred length? Do you just use letters or a combination of letters, numbers, and characters?

Have Your Say

All comments will be read and most will be replied to, before a follow-up post is published containing the We Ask You ResultsOne reader will even win Comment Of The Weekwhich will be included in the follow-up post!

We Ask You is a column dedicated to learning the opinions of MakeUseOf readers. This column is nothing without you, as MakeUseOf is nothing without you.

  1. Josh
    April 28, 2014 at 2:00 am

    I use safe in cloud. I like being in control of the file the passwords are stored on. Plus with two factor Authentication I have less worries about someone hacking in. I use to use lastpass, but thought one good hacker would go after them and have everyone's info. Mine is separate and secure.

  2. m-p{3}
    April 23, 2014 at 2:18 am

    A combination of KeePass and Google Drive. That way I have an online copy available and can access it from my Android device using KeePass2Android (which keeps a cached copy for offline use, that automatically syncs in background).

  3. Rocco
    April 20, 2014 at 6:59 pm

    I use Awallet Password. I keep thinking about moving to KeePass or something similar, but I like they idea of my passwords being stored locally.

  4. S A
    April 18, 2014 at 9:39 am

    Norton Identity Safe

  5. Ramandeep S
    April 18, 2014 at 3:24 am

    KeePass. The way it is better than LastPass: If you ever let LP remember your PW on browser then it is available to anyone who can open your browser. All the passwords. KeePass is way safe. It gets locked after you shutdown your computer. Also local things are better than cloud.

  6. R A Myers
    April 18, 2014 at 12:36 am

    The only account I have that was supposed to be vulnerable was Google Mail. I've moved our SIMS back to our un-smart (non-Android) phones. We have stopped usiong and have purged our computers of Gmail, Google Maps, Talk, Search, etc..

    When Google has updated Open SSL, and it's verified by a trusted outside source, we'll wait to see if anything rears it's ugly head. If nothing surfaces in a month or so, we'll consider reinstalling our SIMS to the Android phones and reinstalling the Google programs unless the alternatives provide suitable service.

  7. Ed
    April 17, 2014 at 9:51 pm

    I use a spreadsheet with the website, first letter of my username, first and last character of the password. If the first and last character of the password isn't enough of a hint for me to remember ... well, it hasn't been a problem yet.

    In other news, I think it's ridiculous that online services have yet to send me a personal email about:
    1. They were not vulnerable to heartbleed.
    2. It's OK to change my password now.

    Not a single email from any online service that I use.

    • Dave P
      April 21, 2014 at 6:13 pm

      That's true, I also haven't seen many websites emailing their users about Heartbleed. It's hard to fathom why this is the case.

  8. Hungry Storm Trooper
    April 17, 2014 at 7:41 pm

    heart bleed*

  9. Hungry Storm Trooper
    April 17, 2014 at 7:40 pm

    I use KeePass 2 to create 180 bits strong password with 30 chars, special chars, underscores and numbers. It's CTRL+ALT+A auto fill works great with Chrome. After heart heard it took me 15 minutes to change all my passwords. I prefer Keepass over Lastpass as I have full control over my password files and it's opensource.

  10. Horusbedhetys
    April 17, 2014 at 6:41 pm

    Last Pass Premium, so I can also use it on my tablet! $12 for a year protection.

  11. AnitaB
    April 17, 2014 at 6:36 pm

    Years ago, back in the days when "password" was one's password, I started an Excel spreadsheet and created numeric/character passwords that I copy/paste when logging in. There is one tab for personal and one tab for work. It started out as a simple list, but now includes additional data so I wasn't hunting around for info all the time -- such as a username, password hints, account number, expiration date, etc.

    Even my social media passwords are long character strings, so if I want to enter the time sink of Facebook, Pinterest, etc., I have to be intentional about it.

    Now, I use password generator, enter a "master password" each time and select from the results, then copy/paste into the spreadsheet.

    Periodically, I print out a copy in case of a drive/backup failure.

    The spreadsheet itself has an innocuous name and is password protected. Depending on what I'm doing, I keep the file open for easy access. Best part is that I don't have to remember anything.

    LastPass sounds like a great program as well as some of the other mentioned. Just depends on how one likes to organize their info.

    • Ramandeep S
      April 18, 2014 at 3:33 am

      If you choose KeePass you can have much better productivity. I think you've never used it. It can be like you Excel Spreadsheet but with a capability to automatically paste Usernames and Passwords in one shot without have to copy paste each of them.

  12. TheColonel
    April 17, 2014 at 5:12 pm

    I have owned approx. 35 vehicles in my life and I remember every one of them. Year, make and model for any vehicle will both be accepted as a new password and be tough to break as, by default, you have uppercase, lowercase and numerals in every one. Example: 1972ToyotaCelica.

    • Ramandeep S
      April 18, 2014 at 3:26 am

      But you don't have special characters. Have a PW manager.

    • Dave P
      April 21, 2014 at 6:10 pm

      That's a good method. As already stated though, you should probably add a special character somewhere :)

  13. ReadandShare
    April 17, 2014 at 4:10 pm

    1. Forum sites - one semi-easy password for all forum sites
    3. All other sites - complicated passwords generated (and stored) by Lastpass

  14. A41202813GMAIL
    April 17, 2014 at 3:51 pm

    I Use A Table In My Head To Create And Remember Individual Passwords To Individual Sites.

    When Will People Learn To Create And Remember Passwords By Themselves Without Any Outside Intervention Whatsoever ?

    Why Most People Give Unnecessary Third Party Services And Software A Backdoor Into Their Lives Is Beyond Me.

    • Dave P
      April 21, 2014 at 6:07 pm

      It's each to their own really. I can see it from both sides. You should keep doing what you like doing, and those who use password managers will keep doing their thing. :)

  15. Alex V
    April 17, 2014 at 2:44 pm

    I am a bit paranoid so I keep my important passwords on a simple notebook away from the electronic world. For the rest of the thousand passwords I use LastPass.

    • Dave P
      April 21, 2014 at 5:59 pm

      You're the second person to say that. I actually think it's more common that most people think.

  16. Dennis F.
    April 17, 2014 at 1:17 pm

    I've been using LastPass for the past 3 years or so. Works great.

  17. RichF
    April 17, 2014 at 12:41 pm


  18. James Howde
    April 17, 2014 at 12:27 pm

    I've come round to using LastPass.

    I used to use a system similar to Petah's based on song with same first letter as site, bodge it with l33t to pass diversity checks then string some lyrics together. However I found that I was almost always using firefox's password manager to fill them in and so decided the PM might as well do the picking too. It's similar to phone numbers - I used to know loads by heart because I dialled them - now I just pick the name off a list and only remember my own number by a fluke of it being easy.

    That doesn't apply to financial passwords though - I'm still paranoid enough not to trust anybody else with them.

  19. Al S
    April 17, 2014 at 12:25 pm

    PW Character Set. Because many sites don't support special characters, generally DLU (digits, lower and upper case letters). S (the 10 shift-number special chars) and
    X (the 22 non-S special chars) where sites allow/require them.

    PW Length. Based on password criticality: min length/DLU entropy/criteria:
    Low: 8 / 47.63 / sites that don't store personal data (other than email address & password)
    Med: 12 / 71.45 / sites that store personal data
    High: 16 / 95.27 / email accounts (gmail, etc), sites I buy from (Amazon, etc), cloud storage (Dropbox, etc)
    Very High: 20/ 119.08 / Financial sites (banks, mutual funds, etc)
    Extremely High: 24 / 142.08 / LastPass, KeePass, and GPG master passwords.

    PW Generation. PWGen, LastPass, KeePass.

    PW Storage. LastPass = (Low, Medium). KeePass = (High, Very High). My Head (Extremely High).

    • Dave P
      April 21, 2014 at 5:56 pm

      Here's someone who takes their password security seriously!

  20. Christopher W
    April 17, 2014 at 12:17 pm

    I tried KeePassX, and found the learning curve too steep. Then I found LastPass, and haven't looked back.

    I know just about all password apps have random generation functions, but it's nice that LastPass makes it a simple macro (Alt-G).

    Also, the ancillary addons, like credit monitoring and password auditing are VERY nice, as well as the support for Linux. Really appreciate that.

    And then there's MakeUseOf's generous reward of a year of free multi-device support... :-).

    • Dave P
      April 21, 2014 at 5:54 pm

      We aim to please! :)

  21. Phil D
    April 17, 2014 at 11:56 am

    Have tried every password manager there is over the years, but keep coming back to 1Password. Cross platform, cross device, easy to manage, keeps track of my software licenses -- what's not to like. I also use an easy to remember, strong password technique for some sites. However, I can't share it because then my security would be compromised .

    • ReadandShare
      April 17, 2014 at 4:04 pm

      What's not to like? The price. For me anyway, I don't like paying $24.99 when there are so many free options out there -- both online and offline.

    • Dave P
      April 21, 2014 at 5:54 pm

      Good call not sharing your technique. Certainly we didn't want (or anticipate) anyone sharing anything that would compromise their own system.

  22. Helen R
    April 17, 2014 at 11:32 am

    I use LastPass. The only issue I have with it is when a pop up asks for the password. Lastpass seems to need a webpage.

  23. Matthew C
    April 17, 2014 at 11:07 am

    I use LastPass on my laptop and phone.
    Works great for me.

  24. Gary. A
    April 17, 2014 at 10:24 am

    Sticky Password for me. I have been using it for years now and never had a problem.

    • Lence
      April 18, 2014 at 6:45 am

      Me too Gary! Great tool. Glad to see someone else using this awesome tool. Sticky Password forever! :)

  25. Hania B
    April 17, 2014 at 9:13 am

    I use LastPass Premium (taken from makeuseof :-) )
    I use it on my laptop and tablet.

  26. Dawn J
    April 17, 2014 at 9:11 am

    This subject is actually near and dear to my heart since I have been "password challenged" for years - since I belong to numerous websites (and still refuse to check "remember me" the password (PW) issue plagues me - in fact it even had me considering devising an efficient and simple system - It is certain I am not the only one with mental blocks - "blonde moments" when I login to to a site and have to click "forgot my password" for the umpteenth time - could a clear solution be my get rich opportunity - on any given day I log in to well over twenty plus sites - then there is twitter, Facebook, a zillion emails - my recent management system is index cards which are tucked in a little binder and yes I constantly refer to my pw index card book - that is it - a primitive index card compilaton - whenever my pw gets "rated" after creating it at a site invariably mine are rated "strong" probably because I do prefer a lengthy pw with a combination of letters,symbols and numbers - I have used one pw word that was my husbands and I have another I have used for eons - lately I have saved and used the pw's generated and sent by the sites when I have to request a new one - the words,symbols and letters stay pretty much the same - it is the combination that I change and then go blank - kinda like "the stories are true, the names have been changed to protect the innocent" right now if you are thinking I may be paranoid with a touch of OCD you would not be too far off -ideally thumbprint identification would be my idea of fast - safe - foolproof - heavy on the "fool" - also since I forget them and/or do not write them down they get changed frequently and that has contributed to this cycle of abuse - as computer savvy as I fancy myself to be I did not know "password management tools" were an option hence I shall promptly check that link out - especially since anyone that has read this far has probably nearly lost the will to live - it truly is a big problem in my life - but hey we all have our crosses to bear -

  27. stan
    April 17, 2014 at 9:04 am

    I use roboform which is ideal on all computers and also available in portable format. It generates and stores secure passwords and will sync between all computers as required.

  28. Jerry
    April 17, 2014 at 8:46 am

    Great article Dave, nicely written. I have seen many articles because of the HeartBleed but this one ask directly for action for those who don't use password managers. I have tried almost all of those mentioned in the comments but I have ended up with Sticky Password ( because they don't force you to put everything into the cloud and on their servers, you can have your database on your PC locally. And their mobile versions are for free. My advice to everyone is to use any password manager available which fits their needs and to use different and super strong passwords for every site they have an account on. Or maybe if their memories are that great that they can remember passwords like brKir7j&^@RC7&IK, they can use their brains :)

    • Dave P
      April 21, 2014 at 5:49 pm

      You would need quite a brain to remember a password like that one. I know I'm not intelligent enough to do so.

    • Jerry
      April 22, 2014 at 5:54 am

      Exactly, that is why I need a password manager and that is also why I have recommended Sticky Password. It generates the strongest passwords ever and saves them in a blink of an eye. How handy for me, who can not remember even my girlfriends phone number :)

  29. Galin
    April 17, 2014 at 8:13 am


  30. Matthijsdegraaff
    April 17, 2014 at 7:43 am

    I use KeePass to manage and generate most of my passwords. I still use some old passwords for multiple webpages, but I'm trying to get those out of my system.
    I use the KeeFox plugin to connect KeePass to firefox for ease of use and I use a plugin to sync my database with google drive. I also use a keyfile wich I keep offline and take with me on a USB.

    I found LastPass a bit anoying. The tiny icons in al the inputfields, bleh. Also I failed to get it to ignor some of my frequent webpages I use for work, he kept asking again and again. Very likely that I just did something wrong, but that doesnt help either. KeePass + KeeFox is simple and doesn't disturbs the flow. I also think it may be more secure because the file is yours and you can save it where you want it (online or offline, in a encrypted container or not). 2 factor security is the only thing I miss.

    Also, if you use LastPass or something alike you are part of a large group. Attackers are more likely to target a large group of users as there is more to gain. When you use your own system the gain of attacking you is lower and more Security through obscurity!

  31. Alan W
    April 17, 2014 at 6:44 am

    I tried RoboForm for a time and marks out of 10 was -1. Switched to lastPass on a reccommendation and been very happy with it for a couple of years or so now. I change my passwords approximately every month and considering I have 58 of them stored in my vault, it takes a bit of time but thats a small price to pay for security. I change my LastPass master password each week - just in case!
    I suppose you could say that its a bit over the top but its the day and age we live in, drop your guard and you are compromized.

    • Dave P
      April 21, 2014 at 5:48 pm

      What was wrong with RoboForm?

      58 passwords? Wow, I thought I had too many!

    • Alan W
      April 25, 2014 at 5:53 pm

      I found RoboForm not that easy to use but to be fair only ever tried it the once after that wandered around until I stumbled upon LastPass. As for the passwords, they just accumilated over time through various websites and online stores that I use. I did have a little thinning out but only managed to delete two sites as the rest I use.

  32. Bassey
    April 17, 2014 at 6:04 am

    I use LastPass to generate and manage all of my passwords

  33. Peter
    April 17, 2014 at 5:12 am

    KeePass is my app of choice. It is open source, good, reliable & can generate short & long passwords, lets you set your own passwords. I back up the KeePass database, which is encrypted, to a cloud service that also encrypts it.
    For my apps that I need to open regularly with a password I use a long pass phrase I work out myself, for all the other apps I let KP generate passwords that contain letters, digits, symbols, punctuations, etc.

  34. Jeremy G
    April 17, 2014 at 4:53 am

    For the majority website accounts I use LastPass to generate and remember my passwords. In this, I include forums, social media, blogs (including MUO) and database services such as GoodReads and Letterboxd. I consider these to be unimportant in the scheme of things and would not be greatly concerned if I lost control of these accounts.

    I have, for instance, had my twitter account hacked, and was suddenly posting numerous twits in an arabic script. Easily remedied, when all is said and done.

    For file storage, shopping, government, medical and banking accounts I keep my passwords in my head. These I will, to the best of my ability, allow no one else access to. I do, however, include a couple of the more poignant ones, including the Last Pass password, in my Will, that my files may be recovered, and death notifications be made.

    • Dave P
      April 21, 2014 at 5:46 pm

      Your comment raises a very important issue: what happens to your accounts and passwords after death? That may be the basis for a future We Ask You, so thank you for that.

  35. pistachio
    April 17, 2014 at 4:39 am

    I used to use Dashlane...But after a bit research, i found that any website showing your passwords on their website is insecure, i mean what if their website's server got hacked? So i moved to Safe in cloud. It stores data in cloud but at least it does not have any website to be hacked.

    • David M
      April 17, 2014 at 11:20 am

      I was using dashline, but since I signed up a few weeks ago, my gmail has had logins from other states at least 3 times in the past couple weeks. I went back to Keepass (a local database, but I share my data file on Dropbox so I can access it from my tablet and pc)

    • pistachio
      April 17, 2014 at 5:16 pm

      Great! Even i am thinking to move on to Keepass when i will find a working port of it on my N900. But I like the GUI of safe in cloud, so elegant ! Keepass looks so outdated in GUI but in features it is perfect for my need.

    • Elad P
      April 17, 2014 at 9:19 pm

      I've been using Dashlane since it was in beta and to be honest, I couldn't be happier about it. I love this app so much, it has completely transformed my online experience. I've never had any issues with this app and the way I understand it, your data is pretty much impenetrable since it's encrypted on their server and the only key to this encryption is your master password. That is why you have to memorize your password, and that's why they can't restore it for you if you forget it - they don't store the password on their server so that is can't be stolen.

    • Dave P
      April 21, 2014 at 5:44 pm

      It looks as though we have conflicting opinions on Dashlane. Some more research is required...

  36. Dusty L
    April 17, 2014 at 3:53 am

    Lastpass is my password manager of choice. I love the simplicity of the UI and I like the fact that your master password is not saved on their servers. On password strength, it depends on the site. If it has anything to do with anything financial, I go as complex and long as possible. If it's just a site I browse occasionally, I'll stick with an 8 character random password with 1 or 2 numbers thrown in.

    • Dave P
      April 21, 2014 at 5:42 pm

      That all seems very sensible :)

  37. John
    April 17, 2014 at 3:13 am

    I use KeePass and place the encrypted password file in a cloud sync folder. That way I can access the password file from any device that supports the cloud sync and KeePass application.

  38. Petah
    April 17, 2014 at 2:55 am

    We use Passpack at work. But for my personal account I have a system similar to this:

    First character of the website, in caps: M
    A % sign: %
    6 fixed letters: iefotu
    2 fixed numbers: 69

    Which means my password for this site would be: M%iefotu69
    And my Facebook F%iefotu69

    I donno how good that is, but at least it got numbers, symbols, caps, and is different on every site.

    • Ed
      April 17, 2014 at 9:45 pm

      What about giving us your bank websites and usernames please?
      This info is no good to us without the missing pieces.

      I joke :)

    • Petah
      April 18, 2014 at 4:10 am

      That wasn't my exact system, just an example of one.

    • Dave P
      April 21, 2014 at 5:41 pm

      I've seen this sort of system used before. I like it. Have you ever had any issues?

    • Petah
      April 23, 2014 at 10:03 pm

      No issues since using this system, have had my Gmail account hacked a couple of times before using it though.

    • Al S
      April 24, 2014 at 2:36 am

      I would not consider this approach to provide an acceptable level of password security.

      Say that you use the same pattern for all sites except you change one character to the first letter of the web site (doesn't matter where in the password you put the web site character).

      Now, assume I get your password for a site (think the Heartbleed bug). Assuming you are accessing Bank of America and you use "B" as your variable, I search the string for the letter "B" (or maybe "b").

      If I was a cracker, now my guess that your gmail password is your compromised password with "G" (or "g"), replacing the "B". Even if your "differential pattern" was some combination of upper/lower case letters for "BOA" (BoA, Boa, etc), you have greatly reduced what passwords I have to try to get your gmail password.

  39. Wanyi
    April 17, 2014 at 2:38 am

    Well I don't use any password management tool, and Just write down all password in my notebookXD

    • Dave P
      April 21, 2014 at 5:40 pm

      I assume you keep that notebook in a very safe place?!

  40. Paul J
    April 17, 2014 at 2:07 am

    I use LastPass to manage all of my passwords. Works great for me, they are random, long and hard to remember, but the ones I use the most I know. In general I use 12 to 15 characters long, mixed with letters, capitals, numbers and punctuation. (And I use 2-Step verification along with Google Authenticator on the important online services, like cloud storage, email, etc.)

    • Dave P
      April 21, 2014 at 5:39 pm

      That all sounds very safe and secure :)

  41. John C
    April 17, 2014 at 1:58 am

    I use Lastpass. Even for gaming when it's client based and no site login I use Laspass secure notes to keep track. I also use the longest and most random generated password allowed for each one.

    • Dave P
      April 21, 2014 at 5:38 pm

      What made you choose LastPass over the competition?

    • John C
      April 21, 2014 at 9:36 pm

      That's a real good question. At first, I was just trying out different password managers and luckily stumbled upon Lastpass. After constantly seeing great reviews and hearing positive things, I decided to just stick with it, have been happy ever since.

  42. Aleks
    April 17, 2014 at 1:55 am


  43. Eric s
    April 17, 2014 at 1:51 am

    If my password has to be more than 3 sequential numerical characters I don't sign up.

Leave a Reply

Your email address will not be published. Required fields are marked *