[bigiain]

A _startlingly_ large number of people are (still) re-using passwords across multiple sites. The Gawker/Sony(/PerlMonks for me) compromises revealed a _lot_ of email addresses and passwords, some significant portion of which almost certainly allowed attackers access not only to the specific website that was attacked, but also to the email service of the exposed user.

I'm pretty sure none of Jeff's advice helps you against a government-agency level attack agains you specifically, but following it _will_ protect your email even if some other random website you once registered for exposes the login details you used there. I _hope_ that's not a problem for any HN readers (any more), but what about your partner/children/parents/coworkers? I'd bet good money that _someone_ you know and care about is reusing their email account password on random website signup forms.

[alanbyrne]

My name is Alan Byrne, I work in IT and I'm a password re-user :(

On that note, does anyone know of a secure keysafe app that will sync across my various PCs, iPad and Android phone? This is what is stopping me from going the single use password route.

[andrewaylett]

I use Keepass (or KeepassX, or KeepassDroid, and there's an iOS app too) and Dropbox.

[mseebach]

Me too. Just remember to set the load-factor quite high. I've got it set to about 8 million rounds which is about one second on my beefy work computer, two on my private laptop and ~eight on my Android phone. The last bit is a bit annoying but at this point my key database is a pretty high value target - and I can't revoke access to it remotely if I lose my phone.

[bhousel]

I'm very satisfied with 1Password..

[jamesgeck0]

I've been using Firefox Sync on my desktop and Android tablet. Unfortunately, I don't think the Firefox Home app on iOS does passwords.

[random42]

lastpass should work.