Talk:Passwords
From 43FoldersWiki
[edit] Serious portable password list recommendations?
Let's face it, passwords represent a real problem for a system like GTD (or any effective organization system). We can't memorize all of our passwords because memorable passwords are inherently insecure (and the whole point of GTD is getting that kind of crap out of our heads). Keeping passwords in a moleskine or other paper-based system is not really an option (due to potential lossage). Passwords have to be kept in a secure form. I currently have my password list encrypted in voodoopadon my computer. I also have a Palm application with my passwords on it, but it doesn't sync with my Mac in any way at all (seriously, iSync has turned out to be completely useless for every form of data I actually use, including the basic PIM stuff... Apple really dropped the ball in every conceivably way here).
My question is this. Mac users, what do you use? What do you use to securely store your passwords, not just on the desktop, but when you're on the go (and no, I don't mean on your laptop)? I would love to find an encrypted notepad that syncs with the Palm, but I've had zero luck there, though there is at least one password database app that has a mac desktop component (but the interface makes it nearly unusable on the computer). I'm really surprised that no one has developed a consumer electronic device for specifically this purpose (like a very small PDA built primarily for password access, it has to be smaller than the PDA I already have to really be useful), or at the least that more cellphones don't have an encrypted notes feature built in.
I use a single text file, encrypted with GPG. That said, I'm a serious text/unix geek, so it's probably not the right solution for most people. Caelyx 20:04, 16 December 2005 (EST)
Try Clipperz, an online password manager, free and with several uncommon features:
Direct login - Users can save the details of their online accounts into Clipperz and quickly enable the “direct login†functionality: just one click to authenticate and access the online service without typing any username and password.
Offline copy - Users can dump their encrypted data from Clipperz servers to a local hard disk and create a read-only version of Clipperz to be used offline. The read-only version is as secure as the read-and-write one and will not expose users’ data to higher risks since they both share the same code and security architecture.
Sharing - A public key infrastructure is transparently embedded within Clipperz. Users can define “trusted contacts†and policies for sharing secrets with them. Trust mechanism from the real world could be moved within Clipperz without bothering with certificates and authorities.
As a "unix geek" I use the PalmOS-compatible GNU Keyring. There's a GUI for JPilot, as well as a command line interface, the latter being, regrettably, read-only.
I would very much like to see some sort of web-based password manager that allowed doing encryption/decryption at the local level. I can't trust Clipperz; that requires entrusting my passwords with people I don't know. I don't share passwords with people I *do* know; I certainly won't share them with people I don't know.
At work, we use GPG to manage the "big password file;" having a web app that would allow local decryption using one's own PGP/GPG key would be *very* slick, as that would allow encrypting individual password entries, and eliminating the GPG vulnerability of the whole file getting somehow corrupted (more likely to happen intentionally).
If I weren't committed to Keyring, I'd consider Counterpane's Password Safe; note that there are ports to Unix/Qt, Unix/Tcl/Tk, Unix/CLI. If there were a PalmOS client, I'd be on it like a shot.
Christohper Browne 2007-05-15
