Ask HN: Password managers

2 points by waldrews ↗ HN
HN is a security savvy crowd that, I assume, does not like to reuse the same password on multiple sites of dubious security. What software do you use to manage the proliferation of passwords, user id's, and email addresses you have to give out to register on so many websites? Do you synchronize these across multiple browsers/boxes?

Is there market opportunity for a piece of new password management software? What features aren't there that should be?

6 comments

[ 3.5 ms ] story [ 24.7 ms ] thread
I am a software security consultant and developer, and I've got to say my favorite is PasswordSafe, originally written by Bruce Schneier, it's now open source and available on sourceforge. It's secure, lightweight, easy to use and can be installed on a thumbdrive for portability. http://passwordsafe.sourceforge.net/
I've been using Roboform but I'll definitely be checking that one out - thanks.
For anything not ultra secure (bank/paypal/email/etc.), I remember a main password and then use a bookmarklet that creates different individual passwords that work for each website. The advantage of this is that I don't have to do any synchronization at all, and I can access any website on any computer.

I really can't believe this hasn't caught on as a password solution, even among the geeks I know; it has all the advantages of a password manager without the disadvantages.

http://supergenpass.com/

Heh, I recently blogged about a system I came up with to manage this, using a ruby password generator that was linked on HN and storing the results in a dropbox directory. Super super insecure but kinda fun to think through. http://digg.com/u19L9

I don't actually use that system though, I generally use the same user id and generate the password using a formula based on the website I'm registering at and other mysterious factors.

I use plain text files encrypted via gpg.

There's a gpg plugin for vim. If you don't like vim, you can probably find one for your preferred editor.