Gary:
Passwords and the way people use them are as different as the people themselves. Thus you will get varied answers. My usage of passwords are what I would consider to be fairly secure, others might not, so let me just put forth a few simple things to do to keep yourself safe as possible.
The difference between saving your password and storing are often confused by even web sites themselves. Saving your password is suppose to be basically a site cookie that is kept in your cookie(s) file and every time that site asks for a password the cookie gives it usually before you even see any popup appear.
Storing a password is where a web site actually saves your password in their site. I can remember a few older sites that did this, but most sites do not (or ones that I'm aware of) the sites that do this are usually secure, but like everything else, any thing is only as secure as the person/ people that maintain the site.
If by some chance you might be referring to storing something like a credit card number, then my recommendation is "Only if you feel for sure this site can be trusted". I have only two sites I allow to keep my credit card information (one being Amazon.com) and only after doing business with them for several years.
Password software is ok I guess, but like anything else there is no definitive answer. Yes most IS encrypted, but then again which program do you trust? Basically a program allows you to enter a site, when the login & password comes up, you enter it into your PW (password) program where it is encrypted and stored. When you come to the site from then on the program will do one of two things.
1. Automatically log you on.
2. Ask you for the programs password, which in turn will log you on.
I've tried them both and finally decided to just keep a "rolodex" near my PC with all the logon, email addresses, passwords, etc. I've found most PW programs lacking as I like to keep notes and uses various email addresses depending upon how save I feel the site is and/or how often I feel I may do business with them.
As you sound like you are security conscience, let me offer one more bit of advice (assuming you haven't thought of it already) I've used this little trick for years and haven't any problems as of yet. Think about getting a credit card for use on the internet! I have one I use exclusively on the web with a limit of $300.00. This takes care of all the smaller transactions with sites I'm not sure of, or have never done business with before. Why? Well, I've found in the past, some sites tend to store your credit card info, just like they do other info like passwords and transactions.
The safest way to store passwords? Keep them off your computer or at least keep the program you store them in backed up.
Why do I keep mine on a Rolodex? I have over 125! I change the passwords about twice a year to about 3 or 4 months (depending on the site and how secure I feel it is)and it's much easier to shred a Rolodex card and jot down the new info rather then search through a data base.
Submitted by: Hawk
***********************************************************************
Answer:
I quote:
"I don't trust password managers because there is no way to know what they are doing with the information."
That is true of closed-source software, such as Internet Explorer. I use open source software exclusively (Linux operating system, Firefox web browser, Thunderbird mail client, etc...) so I _do_ know exactly what my software does with the information. And I can therefore decide whether or not to trust it.
The first step in managing passwords starts with the password itself. My passwords always meet these requirements:
1) no less than 8 characters
2) numbers, lowercase letters, and uppercase letters. At least one of each!
3) no dictionary words.
4) no more than 6 months without changing
This is easy to do if you just remember some catch phrases. I recommend thinking of a big news story and devising a password from it- that way you can easily change them every six months. For instance, you could devise a password from the headline: "Killer hurricane kills 20, leaving thousands homeless". My password would then be "Khk20ltH", or "khk20LTH", or "KHK20lth", or countless other variations.
Now, as for an answer as to the 'safe way' to have software manage your passwords for you, I use KDE wallet. This open source utility has been subject to enough peer review that although I do not personally understand it's methods, the best computer security experts the world over have approved it. That is enough for me! And if a flaw _is_ discovered, it will most likely be patched by the thousands of KDE volunteers who develop the software much faster than the hackers will be able to get to me. I trust KDE that flaws are openly disclosed immediately, thus shortening the flaw-to-patch time and raising awareness. I do not trust that close-source software companies will openly discuss flaws in their software openly, especially before a patch is available. Track record proves this.
Remember: passwords are like underwear. You don't share them, you don't leave them in places where they are easily found, and you change them often.
Submitted by: Dotan C.
***********************************************************************
Answer:
Like everything, there are pros and cons.
I like to use Autocomplete to store my passwords. Since few people have access to my computer at my end, there is very little risk. Visitors using my computer, could become a risk, I suppose, since they would be able to go to certain websites I access where username and passwords are saved. That?s the obvious downside to using Autocomplete.
The upside is, if spyware, including keyloggers, have invaded my system, the criminals are unable to detect the password and username. (I?m sure there are other means they have to try and steal our info). But, I find the Autocomplete (or saved passwords, in other browsers) to be safer than keying this info. (While more painstaking, copying/pasting from an app like Word may be a useful substitute for the unlikely more-paranoid-than-me crowd).
Websites offering "Remember me" use cookies to remember your info. Some sites I do this with. Typically, not, however. I tend to keep 5-10 typical cookies stored on my computer. While most websites are of no concern, I am extra paranoid with my info, and prefer limited access to info, so, I typically block cookies, and enable them for session use only. And then, only 1st party cookies. 3rd party cookies are ALWAYS disabled.
Cookies are helpful, but, I have never believed them to be privacy-safe.
Submitted by: Batman
***********************************************************************
Answer:
Web sites to my knowledge store passwords in encrypted fashion. Like anything, even this is not 100% secure as T-mobile just recently had a huge fiasco dealing with loss of member passwords and information from their database. Storing them on your computer carries the same risks as storing them anywhere else. Others may beg to differ, but in my opinion the only safe place to store passwords is by writing them down and keeping them in a secure location such as on your person at all times or in a safe.
Alternatively you can store your passwords simply in a text file located on your desktop or elsewhere and use a 3rd party application to encrypt the file that stores your passwords. I personally use Blowfish Advanced CS which uses the Blowfish encryption algorithm and is very difficult to crack. Even better keep the encrypted file on a USB/Keychain flash memory drive for even added security.
Submitted by: mustangmanfivoh
***********************************************************************
Answer:
They are NOT the same, Windows saves the passwords in a file or the site can ask windows to save your password, or the site can save your password and match it to your computer via a cookie. Windows does encrypt it's file but since it fills the password any time you revisit the site as does the site when it finds it's cookie, THEY ARE NOT SECURE.
If you want security, use a password program (I use RoboForm) and secure it with a password. Another way is to put your passwords in a word document and secure it with FolderLock.
Submitted by: maddog
***********************************************************************
Answer:
The two forms are totally different.
In the condition where browser asks for the password, it is actually getting stored on your machine either in the registry or may be a file which is in encrypted form. This password will be present only on your machine. If you have saved any password in browser, next time you login into same account from different machine, you need to resubmit your password. The security issues related to this are storing password on your computer, check it is completely safe unless and until you are only using the computer. And no spy ware is installed on your computer.
Now as you asked for the site, these passwords are kept safe by the site servers. Well, now even if you change the machine from where you are accessing the account, your password won't have to be submitted. The security issues along with this depends upon the site you are logging into. Like if save your password on to yahoo account, it depends on how much you trust yahoo mail.
Submitted by: Subodh K.
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic