Password Managers?
Aug. 21st, 2009 01:40 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
jducoeurAn article mentioning RoboForm today reminded me of a question I've been meaning to ask: do y'all have favorite password managers?
Once upon a time, my password situation was really simple. I had a pretty limited set of passwords: the one for my bank account, the high-security work password, the medium-security password for sites I reasonably trusted and cared about, and the low-security one for all the cases that I really didn't give a damn about. That suffiiced decently for a fair number of years.
But as the world has gotten more complex (and, annoyingly, persists in failing to support a good common authentication scheme), the number of passwords I need to track has bloomed. The security spectrum from "Deathly Important" to "Who Cares?" has filled out, and I am less comfortable using the same password on multiple sites than I used to be. And the result is that it's getting damned hard for me to keep track of all of them.
For CommYou, we've been using the conceptually simple approach of a flat file, checked into Subversion on my server, encrypted with GPG. That works adequately (and has the advantage that it allows us to share the common work passwords in a secure way), but it's a bit of a pain in the ass, so I don't want to do that for my manifold personal website passwords and such. So I think the time has come to break down and buy a real password manager.
So, opinions? Whatever I get *must* run well on Windows. (Don't get into it -- it's a fact of my life.) Being able to also run on Linux would be a plus for the future, but is not immediately essential. It should be reasonably quick and easy to use, although I do *not* actually care all that much about automatic form-filling: while it's nice, I'm willing to contemplate something that's basically just a lookup index. I need to be able to use it from many places, and back it up easily. Obviously, it needs to be highly secure, keeping the passwords in some strongly-encrypted form that I can trust, hidden behind my super-secure master password.
Recommendations welcomed. RoboForm is an obvious candidate, with some appealing features (such as a keychain-based version) and looks good enough in most respects, but it doesn't run on Linux, which might matter when I get a netbook. So I want to look around a little for alternatives before making a decision...
Once upon a time, my password situation was really simple. I had a pretty limited set of passwords: the one for my bank account, the high-security work password, the medium-security password for sites I reasonably trusted and cared about, and the low-security one for all the cases that I really didn't give a damn about. That suffiiced decently for a fair number of years.
But as the world has gotten more complex (and, annoyingly, persists in failing to support a good common authentication scheme), the number of passwords I need to track has bloomed. The security spectrum from "Deathly Important" to "Who Cares?" has filled out, and I am less comfortable using the same password on multiple sites than I used to be. And the result is that it's getting damned hard for me to keep track of all of them.
For CommYou, we've been using the conceptually simple approach of a flat file, checked into Subversion on my server, encrypted with GPG. That works adequately (and has the advantage that it allows us to share the common work passwords in a secure way), but it's a bit of a pain in the ass, so I don't want to do that for my manifold personal website passwords and such. So I think the time has come to break down and buy a real password manager.
So, opinions? Whatever I get *must* run well on Windows. (Don't get into it -- it's a fact of my life.) Being able to also run on Linux would be a plus for the future, but is not immediately essential. It should be reasonably quick and easy to use, although I do *not* actually care all that much about automatic form-filling: while it's nice, I'm willing to contemplate something that's basically just a lookup index. I need to be able to use it from many places, and back it up easily. Obviously, it needs to be highly secure, keeping the passwords in some strongly-encrypted form that I can trust, hidden behind my super-secure master password.
Recommendations welcomed. RoboForm is an obvious candidate, with some appealing features (such as a keychain-based version) and looks good enough in most respects, but it doesn't run on Linux, which might matter when I get a netbook. So I want to look around a little for alternatives before making a decision...
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
(no subject)
Date: 2009-08-21 06:33 pm (UTC)http://www.schneier.com/blog/archives/2009/08/password_advice.html
(no subject)
Date: 2009-08-21 06:36 pm (UTC)Yeah, Yeah, I know, but it is the only one I have found which is worth the hassle.
Let me know what you find.
(no subject)
Date: 2009-08-21 07:09 pm (UTC)(no subject)
Date: 2009-08-25 10:44 pm (UTC)(Version 1 is certainly an option, but version 2 is considerably more feature-rich, and some of those features are interesting to me...)
(no subject)
Date: 2009-08-27 08:19 pm (UTC)I've had some intermittent crashes, mostly when I try to save a password file; it throws an array out of bounds exception, but I've not hooked it up to a debugger to see the details. There's some UI issues, minor fit-and-finish, but that's to be expected -- except for the one where it stops showing the password in the right character set, and that one's new.
If it wasn't for the "save crash" one, I think it would be workable. I even thought it was because of Ubuntu's NTFS write support, but copying it to my ext3 Ubuntu home space was a no-go.
(no subject)
Date: 2009-08-21 07:47 pm (UTC)(no subject)
Date: 2009-08-21 09:43 pm (UTC)Also heard good things about KeePass, but I've not actually used it yet, so take that for what it's worth.