I've been using a product called Key Wallet and it has made my life sooo much simpler. Nice interface too. It can store the url where each password is used. It's a dream, and no I have no affiliation with the folks who developed it.

I use an eye scanner linked to a fingerprint relay requiring both eye and hand cordination...

My Visa card company mentioned that they are working on using PIN numbers for online shopping so that 3rd party payers will no longer be needed of course that means a lot of PIN numbers will floating around the web...

I've been using KeyWallet for a couple of years now, but the developers have seemingly abandoned it. It's a shame because it's really a great piece of software.

I've been watching another freeware password manager called Password Corral that looks to have potential if the developer gets around to releasing the next version.

Unfortuantely I have hundreds upon hundreds of logins that I track and I have considered just going the PGP encrypted Excel file so that I could sort everything the way I like.

Usually the only passwords I write down are throw-away one's. The most important one's stay in my head. If I do write it down, I jumble it up - works more as a password hint.

You *can* make cryptic passwords memorable, though, just by substituting a few letters with similar looking numbers and symbols. For example you can turn your dog's name, say Jasper, into a password like j@5p3R. Then throw in a few extra characters to make j@5_p3R+

I use Steganos Security Suite [steganos.com] which allows me to create an encrypted drive. Within that encrypted drive I store a Word doc that has all the ID's and passwords for all the sites I use.

That way I only need to remember one password to access all my different id's and passwords (yes I assign different random 6 to 8 letter/number passwords to different sites). That one password is (password1password1password2) (where each password is a 6 digit alphanumeric combo). I figure an 18 digit alphanumeric password would take quite a long time to crack.

Regarding "You've lost your PDA, now all your passwords are lost", and "Encryption buys time, not security":

Using SplashID, my passwords are also in the encrypted desktop program.

Encryption buys time, not security?... no kidding. If I DO lose my PDA, I'll be changing my critical passwords... same as if your "scrap of paper" system disappeared. But, if your paper disappeared, you really WOULD have lost all your passwords.

Regarding having your passwords stolen via Broadband connection while Syncing... turn off cable-modem, sync, restart modem... and maintain your firewall.

Your scrap of paper can't be "hacked", but it can easily be deposited in the pocket of any visitor to your desk... do you know your friends and relations as well as you think?

-- irritating diatribe follows ---
I always love arguments that state: Your solution is not absolutely iron-clad-foolproof... therefore we'll do nothing. World hunger won't be solved by my donation, therefore I'd only be wasting my nickel, therefore I'll do nothing at all. Brilliant.

Mr3Putt

Shakespeare famously wrote: "nothing would come of nothing"

But I wasn't recommending nothing - I was recommending something!

(i.e. don't put data in digital format if you want it safe - put it in analogue format. I'm not aware of hackers burgling houses!)

I got four different paswords that are glued to my brain. I've been using one of them since 1996.

>>i.e. don't put data in digital format if you want it safe - put it in analogue format. I'm not aware of hackers burgling houses

No, hackers don't burgle houses, social engineers snoop, neighbors snoop, kids snoop.

Encrypt sensitive information with PGP. Once encypted, only cryptanalysts can snoop effectivley and without access to Crays, the cracking process will take more than 40 years.

Secure doesn't mean unbreakable. Secure means that the time involved to defeat the security isn't profitable.

The thesis was very simple - you can't hack something written on paper. Is this the principle objection - that it is simple!

That hackers don't burgle houses has been agreed upon.

Now we have

social engineers snoop, neighbors snoop, kids snoop.

Do social engineers burgle buildings to find passwords?

Do social engineers burgle bulidings to find passwords

Yes, they do. They don't break and enter, but they find their way into buildings and into desks and they talk to people that they think they can get info from.

Writing a password down is always a bad idea.