“If you’re not using a password manager, you should be.” You’ve heard the refrain, and you’re probably tired of hearing it. But we won’t stop saying it until people get the message.

Rule #1 in online security is “Don’t re-use passwords for multiple web sites and services.” Rule #2 is “Use long, complex passwords.” Following those two rules means you have to remember multiple, long, complex passwords. This is not something humans are particularly good at, which is why we need password management software.

I use Password Corral, free Windows software from Cygnus Productions. It’s not limited to storing passwords, so you can use it for bank accounts, license information, and so on. It can generate strong passwords according to customizable rules. It won’t fill in web forms for you, and it can’t be accessed on the cloud, but I don’t actually want either of those features.

I also recommend Bruce Schneier’s Password Safe.

When deciding on a password management solution, there are several factors to consider. There’s a useful comparison of password management tools (PDF) over at the SANS InfoSec Reading Room. It doesn’t include Password Corral or Password Safe, preferring to concentrate on the more mainstream and popular services, but it’s worth reading.