[web007]

Those are great, and I've used 1Password and LastPass to generate / store passwords for a couple years now, but they're not a proper solution.

If I have my super-secure password that I generated in my browser, Chrome will sync it and let me log in on my browser too. Great! Now how do I get that into my phone when the APP requests me to log in?

Answer: Some password system needs to tie into the IME of computers and phones in order to be effective and secure wherever your passwords need to go.

OpenID / OAuth seems like the general answer, but it's not easy to use, and it's not practical unless I can get my bank, Facebook, some mom-and-pop website and HN to all use the same system. IME integration would bypass all of these, and would be so much simpler than getting everyone to learn the OAuth dance.

[rogerbinns]

> Now how do I get that into my phone when the APP requests me to log in?

As someone who recently factory reset their tablet and phone, boy was that painful. The password generator passwords are long and use a wide variety of characters, numbers and punctuation. Entering them is really tedious and time consuming. Usually you can't see the entered password so a single error means you have to keep trying again.

[fluidcruft]

Hm. Maybe something like a qr-code keyboard that would allow you to scan and enter a code from your monitor into a text field?

[stephengillie]

I've been using a password manager to manage my super-secure password system for a few weeks. Since I started, my friends have been calling me paranoid.

What disturbs me about this, why I feel it's relevant, is that these are people with the technical ability to configure their own minecraft servers and run jailbreak/root(?) hacks on consoles. Almost all of them have at least taken 1 or 2 C++ college courses or Codecademy courses. These people aren't technically challenged, nor are they Luddites. They should be aware of how insecure most passwords are, but they feel it's not relevant to their life.

Any suggestions on how to deal with that problem -- people calling you paranoid because you don't use an easy to remember password on all sites?

[A1kmm]

> Any suggestions on how to deal with that problem -- people > calling you paranoid because you don't use an easy to > remember password on all sites?

They think you are paranoid because they think that you are worried about Mark Zuckerburg logging in to your Google account or something along those lines. Explain that websites get compromised all the time - you could bring up the LinkedIn (http://lifehacker.com/5916177/65-million-linkedin-accounts-m...) or the Gawker (https://gawker.com/5712615/commenting-accounts-compromised-+...) compromise if they use one of those sites, and that when criminals get things like your Google passwords, they will often delete your data and try to scam your friends out of money - there are many stories, here is one about it: http://bits.blogs.nytimes.com/2007/11/09/e-mail-scammers-ask...

[stephengillie]

Merely linking to this blog on Facebook got me called paranoid by one of these friends just a few hours ago.

[fluidcruft]

When you open an entry in KeePassDroid it adds entries to the notification pull down menu to copy either the username or password. I find this works quite well. Browse to the key in keepassdroid, then go to the app you need to login to. Pull down the notification shade and select copy username to clipboard. Paste. Pull the notification shade and select copy password to clipboard. Paste. Done.

[ahlatimer]

1Password has an iPhone app (and probably Android, too). You can sync all of your passwords over the network or dropbox. It's a bit more tedious than just using the 1Password browser plugins, but it works. Just copy the password from the app and paste it into the app/website/etc. 1Password will also open a browser window and enter your account details for you if you're using mobile web.

[drivebyacct2]

LastPass has a great mobile apps with "copy notifications" if you're fortunate to be on Android. It makes it much faster than it would be typing a password anyway.