Ask HN: What password management system do you use?
I'm trying to start using random passwords for [almost] everything to be more secure. What do you use to manage your passwords?
(I'm on a Mac, but all suggestions are welcome)
(I'm on a Mac, but all suggestions are welcome)
6 comments
[ 4.8 ms ] story [ 26.8 ms ] threadIn my previous position as a systems administrator, I shared responsibility for approximately 120 Unix and Windows servers. We used KeePass to house a master password list which was then stored in a Subversion repository.
We used KeePass because it would run on all three desktop environments used in our shop (Windows, Mac, Linux). The single password database was protected with a very long passphrase known by us five systems administrators and our manager.
We used Subversion to manage updates, distribution and backups of the password database.
The only caveat I can think of is that you have to have some sort of update policy for what versions of the password file is authoritative or the database(s) can get out of sync.
Our solution was to simply say the last commit into Subversion was authoritative and it was your responsibility to make sure the copy on your local machine was up-to-date before you started modifying it with new information. This effectively eliminated having personalized copies on your desktop because no one wanted to have to retype all the passwords if their version wasn’t authoritative.
I bring around my database on a usb key and to add another layer of security have a key required to open the database itself.
On my Macbook at work, I just use the system keychain. It's simpler as I don't use my work passwords beyond that machine.
For servers, encryption keys, or really anything I want to keep safe but available to myself, I use Emacs, Org-Mode with org-crypt, and Dropbox. Any Org-Mode header tagged with :crypt: will be encrypted against my gnupg key.