Password Management Today

With the growth of internet web services and mobile apps, password management has become a real issue that a user should be concerned about. This has especially become so since now we are consumers of a lot of web services where the very first step is to create an user account which hopefully no one else can log into.

The basic problem of password management can be broken down into the following questions:

  • What password should I pick for which website ?
  • How should I store/retrieve my passwords ?

There are some solutions to tackle this problem.

Solution 1:

Use the same password for every website.


  1. Easy to remember even with growing number of websites.
  2. Use your brain only and do it efficiently (there’s just one).


  1. Big security risk.

Solution 2:

Choose a methodology that can be easily remembered for generating password for different websites. For e.g., add 007 after the website url.


  1. Easy to remember even with growing number of websites.
  2. No single point of security risk, the methodology needs to be discovered by someone trying to attack you.
  3. Use your brain only. Remember depending on how complicated the steps of the methodology are, efficiency of the password computation can vary.


  1. The security risk depends on the sophistication of the methodology.
  2. The manual process of computing the password limits the methodology or else trades off with the computation time. You don’t want to sit down with a pain and paper to compute your password :-).

Solution 3 (Takeaway for this post):

Use a password manager. There are lots of them out there.


  1. Managing passwords is not your problem.
  2. Can pick very strong passwords.
  3. No correlated passwords.


  1. Have to trust the password manager program

A browser comes with the simplest password manager since it saves your password if you want it to. A word of caution here, always use a master password for your browser to manage your password so that no one else can view your saved passwords without entering the master password. You also want the passwords to be saved on your computer in an encrypted file so that others cannot read it which any decent password manager would do. There are lots of password management tools out there. Use them. Generate a strong password if your password manager does not support password generation. Here are some ways to do it on Linux/MacOS or Windows. A password manager can also backup your saved passwords in the cloud to save you from machine failures. Preferably choose one which does that. Never compromise on encryption. The cloud is less trusted than your computer. If you still think you do not need a password manager, read this. Now that I am done sermonizing, looking back I used to do password management by hand by saving my passwords in a file and then encrypting them using a GPG key and storing them on git server. And then I stumbled up Pass. It does the same things but better. Try it if you a power user or just want to know how the infrastructure works without doing all of it :-).

This is not smart. Get smarter !!

Along came a greedy Domain Name Registrar

Everything was fine in the digital world, there was peace all along and domain name registrars maintained the peace. Then, one day I wanted to buy my own domain name so that I could set up my own private mail/web infrastructure on the public server I rented. As a proud and stingy person, I looked for the cheapest alternative around and hit upon Net4. They provided a .in domain for 199 INR (around 20 DKK). I wanted to buy the domain for multiple years but their multiple year prices were too high. I asked about the pricing policy, whether the renewal charges will increase. I was told it would be reasonable and consistent with customer expectation. The following year I was asked to pay 449 INR as renewal charge for a year. I was unhappy about it but I was busy in other stuff so I just quietly paid up. This year I was asked to pay 617 INR as renewal charges. What was weirder was buying a new domain with .IN extension cost 225 INR for a year and for multi-year period the maximum cost was 476 INR per year. The renewal charges for a year were substantially higher. This was just too much, the pricing policies were not reasonable and not consistent with customer expectation. When I brought this up before the customer care folks, they said the charges are determined taking various factors into account and are fair and non-negotiable. I had never heard such a self-contradictory sentence before. So, I have decided to move my domain to Gandi. I have heard well about them from friends. I am keeping my fingers crossed here. The entire episode has left a bad taste about the whole pricing situation with domain name registrars and IMHO we need some sort of uniformity here.