Ask HN: What password management system do you use?

3 points by switz ↗ HN
I'm trying to start using random passwords for [almost] everything to be more secure. What do you use to manage your passwords?

(I'm on a Mac, but all suggestions are welcome)

6 comments

[ 4.8 ms ] story [ 26.8 ms ] thread
TL;DR: KeePass with Subversion.

In my previous position as a systems administrator, I shared responsibility for approximately 120 Unix and Windows servers. We used KeePass to house a master password list which was then stored in a Subversion repository.

We used KeePass because it would run on all three desktop environments used in our shop (Windows, Mac, Linux). The single password database was protected with a very long passphrase known by us five systems administrators and our manager.

We used Subversion to manage updates, distribution and backups of the password database.

The only caveat I can think of is that you have to have some sort of update policy for what versions of the password file is authoritative or the database(s) can get out of sync.

Our solution was to simply say the last commit into Subversion was authoritative and it was your responsibility to make sure the copy on your local machine was up-to-date before you started modifying it with new information. This effectively eliminated having personalized copies on your desktop because no one wanted to have to retype all the passwords if their version wasn’t authoritative.

1password, it's great with dropbox but if you get the feeling you're buying the same program over and over again, it's because you are - mac, windows, ios, android at least is free.
Keepass / KeepassX. The latter would work for you.

I bring around my database on a usb key and to add another layer of security have a key required to open the database itself.

For browser-based authentication I use lastpass.

For servers, encryption keys, or really anything I want to keep safe but available to myself, I use Emacs, Org-Mode with org-crypt, and Dropbox. Any Org-Mode header tagged with :crypt: will be encrypted against my gnupg key.