I couldn't help noticing today that Ironkey Thumb Drives had purchased ads at slashdot, sourceforge, and boingboing. Clearly they were targeting me. Kyle also sent me email, so I decided to talk a bit about what I currently do.
First of all- if you just use windows, or possibly just windows and osx, AND YOU TRUST YOURSELF TO ALWAYS CARRY YOUR THUMB DRIVE - then you might as well just get an ironkey. They have a host of cool features I don't much worry about, and are ultimately more secure than what I do. If you, like me, use linux AND windows, and are just looking for a relatively easy way to have seperate, secure, passwords for all the different services and sites you interact with, read on.
Up to a few months ago, I had been just relying on a simple algorithm for my passwords- I took the domain name of the site, interleaved the letters (blogger = brleogg), mixed the case (brleogg = BrLeOgG), then made it k-rad (BrLeOgG = BrL30gG). I liked it- it was easy for me to do, and kept me from having the same password everywhere. The drawback was it didnt work so well for things that weren't websites, if someone had one password, they could eventually figure out the rest, and it was still vulnerable to keyloggers.
My new, improved, solution is to use Password Safe for windows, and the beta Java client for linux. It's simple, and it works well. Password Safe has a lot of great features that make it easy to use with windows. User names and passwords are automagically put in your clipboard, so key loggers only get ctrl-v when trying to get what you are doing. I put the binaries for both, and the safe file, on a thumb drive, and I have a portable password storage system that I am happy with.
I also keep the binaries and safe file on my home file server, which I can access remotely (I wouldn't do this from an internet cafe, or machine I thought might have a keylogger, obviously)- so if I forget my usb drive, I am not out of luck (this is why I prefer this solution to the Ironkey solution). If you didn't have your own personal file server, you could make do with a Gmail account, box.net free account, or xdrive free account.
So- the ironkey solution offers hardware encryption, a secure browser through a trusted network, and much much more. It's windows-centric at the moment, though they are promising linux support real soon now. All in all- if you trust yourself to always have your ironkey with you, it is a better solution than what I do. But for me, security is a spectrum with ease of use on one side, and total security on the other. My solution offers me just enough flexibility that I prefer it for the time being. I may eventually switch to using an ironkey in the place of my current thumb drive though, because they look really cool =)
