"As for “which email address”, I use a catch all for my domain and use the name of the website I’m at as the id. Thus, codinghorror.com jdanielsmith |dot| org."
My brother did that for a long time, and when he moved out and I effectivly took over control of the connection I considered doing the same. However, he said that he didn’t get that much spam. I did it for a short while, and I didn’t get anything that doesn’t already filter out for me. So I deemed it unecessary.
But then again different horses for different courses. Depending on where you sign up (no, I’m not referring to porn necessarily, I’m referring to popular websites that may post your email in a harvastable manner) will signify who ends up with your email.
Have a look at a href="http://www.amustsoft.com/1-password."http://www.amustsoft.com/1-password./a It’s in beta yet, but idea looks interesting: “1-Password generates a unique password for each web site through one-way hash (HMAC-MD5 encryption) of your Master Password and the web site address”.
Yet another plug for Secret Server …
We are about to release 1.1 which will include import capability so you can easily import your AnyPassword or Keepass passwords to try it out.
We are also incorporating our commercial API for two factor authentication into the next release which will allow for keyring tokens to further secure your master repository.
Secret Server is for technical teams who want to share and audit passwords.
I tried the tool Scott recommended but it really wasn’t that great. Having a smart phone I wanted to keep things in sync on my desktop and my smart phone. I travel a lot so NOT being at my desktop where my passwords are happens a lot. I’ve been using Code Wallet Pro for sometime now. It has a desktop version and a smart phone version. Pretty nifty program, lots of features I don’t even use like creating your own custom templates, etc. Yeah, it cost money, but it keeps everything in sync when I travel, for me, it was worth it. My $.02.
Tim Bray on “The Prompt of Doom”
http://www.tbray.org/ongoing/When/200x/2006/07/05/The-Prompt-of-Doom
Uh, Jeff, didn’t you advocate single-factor authentication a while back? Yeah, on the October 10, 2005 blog entry, the one about just using passwords and no usernames.
I know it’s a bit rude of me to dredge up old posts. But has your opinion changed?