Christmas morning 2012, one of my Gmail accounts was hacked. The good news was that it wasn’t my main account. The bad news was that it was one I used for a fair amount of work-related communication. I was lucky that I caught it quickly and was able to button it up within an hour or so, but it was a surprisingly intense experience, leaving me feeling violated, humbled, vulnerable, and silly.
The first thing I did, after changing all of my passwords, was to switch on two-step verification with any service I used that supported it. The other thing I did was commit to using a password manager to create unique and secure passwords.
I checked out some web-based tools, but I didn’t like the idea of having all of my important passwords someplace I might not be able to them access down the line. Also, although I know most web-based password services take great pains to make sure they cannot see any passwords, it still seems like a point of vulnerability. With web-based clients ruled out, I looked to clients, settling on KeePassX, which is the basis for quite a few password management tools.
rest here