Web Passwords
Thomas to share the password management scheme.
I used to use a limited set of passwords, but found that solution inadequate for a couple of reasons. Firstly, sites to which I do not want use them proliferate, e.g. my mortgage company, my stock trading accounts, my banks, my cellphone accounts. They need their own solution anyway. Secondly, I can never remember which password was used where. Once the set grows bigger than 3, one starts running the risk of being locked out when trying.
Eventually I gave up, wrote them all into a text file, and encrypted the file with gpg. This seems to work well.
I also allow Firefox to remember passwords for forums, Mixi, etc. I do not know how strong the Firefox’ encryption is with the master password, so I do not trust it with sensitive passwords.
My biggest issue currently is Google and its Borg bend. Their single sing-on scheme covers very sensitive stuff, like Adsense. In the same time, I have no idea how safe Gtalk’s authentication is against snooping. Even it Jabber itself is strong, Pidgin as an implementation, frankly, does not inspire a lot of confidence. I mentioned before that it does not seem to have any support for a key store. Clearly it wasn’t written by people who care much about security.