Some time around 2006, I started thinking about my online passwords in a new way. Until this point, I had used a collection of perhaps a dozen gibberish passwords, which I reused on various sites depending on the sensitivity of the site. For example, my bank account would use a nearly unique password, whereas a random forum would use a very commonly reused password.

This worked acceptably well, but I frequently had to ask myself: “which password did I use when I signed up for this service?” In response to having to guess my own passwords, I made two decisions: I would start writing my passwords down, and I would make them all unique and randomly generated. Four years later, I am using a totally different system, and I’ll explain all of my reasoning.

To facilitate my random password approach, I started using 3x5 index cards and a card filer. I added A-Z tabs, and I generally filed cards according to the domain name of the service (e.g. paypal.com is filed under P). I wrote a quick perl script to make 10 random passwords at a time, and I would pick one from the list and write it down on the index card. I really liked the concept of a purely non-digital password storage system, because it would be essentially unhackable without physical access. Essentially unhackable - more on this later.

There were several drawbacks to the index card system. For brevity, I’ll just list them:

  • writing some characters by hand is ambiguous. I confused capital I, lowercase L, and numeral 1 all the time. Capital O and numeral 0 are also a trick.

  • it’s possible to copy the password incorrectly

  • it is extremely difficult to create a backup copy, so catastrophic loss is a possibility

  • if someone has physical access to the index cards, they have access to your accounts

  • it’s tedious to type in a random password every time you log in

  • it doesn’t scale well after about 400 accounts

The scaling problems were the real killer. For example, did I file sandbox.paypal.com under P for paypal or S for sandbox? I don’t remember, so I need to perform a linear search through both letters. Or, since a disproportionate number of words start with S, then it became a more tedious task to flip through all the S cards in order to find an S site, whereas a site that started with Y would be pretty quick to look up since there were fewer. Eventually, it got to the point that I knew it was too much of a chore to look up cards, and on that basis, I became too lazy to log in to my accounts! Total failure.

keychain icon

The solution for me is to use Apple Keychain. If you’re a GTD adherent, then you’ll understand what I mean when I say this is my trusted system for account information. How did I reconcile a digital password storage with my original goal of keeping my passwords offline in order to make it unhackable? It was when I realized that both offline passwords and the keychain can be successfully attacked with a keystroke logger. If someone went to those lengths to get a password, then it wouldn’t matter how it was originally stored; the password could be intercepted regardless.

Why use Apple Keychain? Based on my list of drawbacks for the index cards, here’s a list of pro-Keychain points:

  • built-in random password generator

  • keyword search

  • simple cut-and-paste workflow makes it very easy to enter passwords without typing

  • keychain itself is password protected

  • passwords are Triple DES encrypted (which should be acceptable until the year 2030)

  • simple to back up keychain file

  • slick integration with many applications, including Mail.app, subversion, and Safari/Chrome.

I’m currently at about 900 accounts (yes - this is deserving of a separate post unto itself) and the system is working great. I think this scales to meet my requirements, and probably beyond. In practical terms, a password that used to take 30 second to retrieve is now instant. I probably save 5 minutes per day by switching away from index cards, and I am avoiding untold frustrations. In all, I recommend Apple Keychain highly.