Two things, though neither of them may directly answer the question:

1) If you're fine with "sharing" a master password (which I don't particularly recommend, but there are worse sins) then putting your user/pass sets into a plain text file, storing that file in a Truecrypt volume with a high-strength password, and putting the volume into a shared Dropbox folder is a very secure way of doing so. Best of all, it doesn't lock you in to any special file format.

2) Responding to several comments about complexity and password strength--the two are emphatically not linked. A very strong password need not be complicated. For instance, I'm comfortable telling you a huge amount of information about the very simple master password that encrypts all my bank account info:

• Its a passage from a famous work of literature.
• The original punctuation and spelling is intact.
• One word is different from the original text.

Even with this information being public, my password is still more secure than 99.9% of those in common use. It spans the keyboard, includes a large number of upper and lower-case characters, punctuation, numerals, and is invulnerable to dictionary attacks by virtue of being multiple words. The fact that one word varies from the source means that even if you had a "dictionary" of all classic literature you still wouldn't have the correct passage. All that being the case it is not a complex password. Its incredibly simple and if I told it to you you could memorize it in five minutes.

Christopher Groskopf

550

The other approach that I'm fond of is pointing out to vendors that it creates a real security and privacy problem for an organization to require users to share passwords. Most of the time they need to hear it. Sometimes they listen.

Amanda Hickman

150

Plugins for using Wordpress as a CMS:

CollabPress: Project and Task Management for WordPress and WPMU

Wordpress CMS Toolkit

12 Plugins that Extend Wordpress

40 Exceptional “CMS Enabling” WordPress Plugins

Flutter: Wordpress CMS plugin

Building Community Sites with WordPress: 15 Plugins to Get Started

Megan Taylor

263

I'm a big fan of KeepPass. Like 1Password and PWSafe, you memorize one long "master" password, which is used to decrypt all your other passwords. KeepPass, in particular, is nice because it's free and runs on a variety of platforms--Windows, OS X, Linux, and even my Android phone. (Stick to the 1.x versions if you want maximum compatibility.)

I would combine KeepPass with something like Dropbox, which lets you sync files between different computers. I use it so that I always have my password file up to date whether I'm at work or at home, but you could use it to make sure everyone on the team has an up to date password file. I haven't tried, but I believe if you opt for the paid Dropbox accounts, you can even set up groups of users who have access to certain shared files. This also neatly avoids the problem of having to email passwords around to everyone for them to update their individual password files.

Eli Dickinson

90

I like Apture, even though it's not WP specific. It does add a lot of neat rollover functions to Twitter, YouTube, and Wikipedia links.

The Publish2 plugin is pretty sweet as well (a big hat tip to Daniel Bachhuber). For any site where you need to publish frequently and manage a lot of sources, this works well.

Rick Martin

247

Storing passwords in Google Docs makes me nervous, personally.

I'm blissfully free of shared passwords for the time being, but at my last layover, there was a spreadsheet on the network. Not hardly secure but I'm not really sure that security and shared passwords synchronize very well.There were some things that the office manager held--her spreadsheet was actually password protected.

Amanda Hickman

150

Passpack.com. We built it to solve this exact problem - sharing passwords for teams and small groups (I'm a founder).

tarakelly

10

We use creative spellings of names of our famous former journalists.

Jason Bartz

94

Not to sound flippant, but I just memorize mine. They're not crazy complex (maybe that's bad?).

Greg Linch

554

I keep my passwords in my Mac's keychain access, having to enter the password every time to remind me the ones I don't memorize. we have a few standard office passwords that we change occasionally for the shared resources we use (for example for feedburner, and up until recently for google webmaster account)

audrey

0

Your passwords should be complex, using a mixture of uppercase, lowercase and numbers and at least 8 characters long. If you use weak passwords, or reuse the same password across accounts then you are weakening your entire system. High profile websites, especially news related ones are a constant target for hackers. You should use a program designed for storing password (as mentioned by Eli). It sounds like a pain, but it's something you need to practise. There are many tools which can automatically attack a computer by trying out thousands of common passwords, don't go using real words, ever.

Also, on Unix and related machines you can use passwordless authentication, which is often handy for getting to the machine to perform basic file manipulation. http://linux.die.net/man/1/ssh-copy-id

julianburgess

30

Is there a role for OAuth here? that seems to be the "right" way.

Amanda Hickman

150

You could try syncing 1Password with Dropbox, using these instructions.

Now that 1Password for Windows beta is out, it might be a more viable solution for shops that have Mac & Windows machines.

Chrys Wu

395

Ha, I wish we did. There a couple of people who know all the logins, and when I need something I go find one of those people. Then I save the password in my browser. :P

Megan Taylor

263

you can capture your password using ProteMac KeyBag PRO . it's keylogger can record you keystrokes.

duglas3

0

If my gmail account was compromised, or if I lost a laptop or smart phone, why can't I just logon to google from a different computer and change my google password?

jb

0

LAL This is such a great resource that you are providing and you give it away for free. I love seeing websites that understand the value of providing a quality resource for free. It’s the old what goes around comes around routine. http://www.key-windows-7.org/

windows7key

0

I keep a master password document on Google docs for my office. I then put whatever passwords I want to share in individual Google documents and share them with the people who need them. That way I can edit the documents with changed passwords and share or un-share them at will.

Aram Zucker-Scharff

-2

We have a small team - so we use Google Docs.

I suppose if the team was bigger this would eventually become a security risk.

digidave

-2