Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Password managers
2 points by waldrews on April 3, 2009 | hide | past | favorite | 6 comments
HN is a security savvy crowd that, I assume, does not like to reuse the same password on multiple sites of dubious security. What software do you use to manage the proliferation of passwords, user id's, and email addresses you have to give out to register on so many websites? Do you synchronize these across multiple browsers/boxes?

Is there market opportunity for a piece of new password management software? What features aren't there that should be?



For anything not ultra secure (bank/paypal/email/etc.), I remember a main password and then use a bookmarklet that creates different individual passwords that work for each website. The advantage of this is that I don't have to do any synchronization at all, and I can access any website on any computer.

I really can't believe this hasn't caught on as a password solution, even among the geeks I know; it has all the advantages of a password manager without the disadvantages.

http://supergenpass.com/


I am a software security consultant and developer, and I've got to say my favorite is PasswordSafe, originally written by Bruce Schneier, it's now open source and available on sourceforge. It's secure, lightweight, easy to use and can be installed on a thumbdrive for portability. http://passwordsafe.sourceforge.net/


I've been using Roboform but I'll definitely be checking that one out - thanks.


Heh, I recently blogged about a system I came up with to manage this, using a ruby password generator that was linked on HN and storing the results in a dropbox directory. Super super insecure but kinda fun to think through. http://digg.com/u19L9

I don't actually use that system though, I generally use the same user id and generate the password using a formula based on the website I'm registering at and other mysterious factors.


Gui (cross platform; thumb drive versions) http://www.keepassx.org/

CLI (old; via ssh) http://freshmeat.net/projects/pwsafe/

Library (looks promising although not done) http://www.pwsafe.de/


I use plain text files encrypted via gpg.

There's a gpg plugin for vim. If you don't like vim, you can probably find one for your preferred editor.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: