Justin du Coeur (jducoeur) wrote,
Justin du Coeur

Password Managers?

An article mentioning RoboForm today reminded me of a question I've been meaning to ask: do y'all have favorite password managers?

Once upon a time, my password situation was really simple. I had a pretty limited set of passwords: the one for my bank account, the high-security work password, the medium-security password for sites I reasonably trusted and cared about, and the low-security one for all the cases that I really didn't give a damn about. That suffiiced decently for a fair number of years.

But as the world has gotten more complex (and, annoyingly, persists in failing to support a good common authentication scheme), the number of passwords I need to track has bloomed. The security spectrum from "Deathly Important" to "Who Cares?" has filled out, and I am less comfortable using the same password on multiple sites than I used to be. And the result is that it's getting damned hard for me to keep track of all of them.

For CommYou, we've been using the conceptually simple approach of a flat file, checked into Subversion on my server, encrypted with GPG. That works adequately (and has the advantage that it allows us to share the common work passwords in a secure way), but it's a bit of a pain in the ass, so I don't want to do that for my manifold personal website passwords and such. So I think the time has come to break down and buy a real password manager.

So, opinions? Whatever I get *must* run well on Windows. (Don't get into it -- it's a fact of my life.) Being able to also run on Linux would be a plus for the future, but is not immediately essential. It should be reasonably quick and easy to use, although I do *not* actually care all that much about automatic form-filling: while it's nice, I'm willing to contemplate something that's basically just a lookup index. I need to be able to use it from many places, and back it up easily. Obviously, it needs to be highly secure, keeping the passwords in some strongly-encrypted form that I can trust, hidden behind my super-secure master password.

Recommendations welcomed. RoboForm is an obvious candidate, with some appealing features (such as a keychain-based version) and looks good enough in most respects, but it doesn't run on Linux, which might matter when I get a netbook. So I want to look around a little for alternatives before making a decision...
Tags: technology

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded