

Ask HN: What password management system do you use? - switz

I'm trying to start using random passwords for [almost] everything to be more secure. What do you use to manage your passwords?<p>(I'm on a Mac, but all suggestions are welcome)
======
vermasque
For my personal stuff, I've done pretty well with Keepass + Dropbox. I wrote a
blog post about it some time back :
[http://vermasque.blogspot.com/2011/04/simple-effective-
passw...](http://vermasque.blogspot.com/2011/04/simple-effective-password-
management.html)

On my Macbook at work, I just use the system keychain. It's simpler as I don't
use my work passwords beyond that machine.

------
Macphisto
For browser-based authentication I use lastpass.

For servers, encryption keys, or really anything I want to keep safe but
available to myself, I use Emacs, Org-Mode with org-crypt, and Dropbox. Any
Org-Mode header tagged with :crypt: will be encrypted against my gnupg key.

------
benologist
1password, it's great with dropbox but if you get the feeling you're buying
the same program over and over again, it's because you are - mac, windows,
ios, android at least is free.

------
davidandgoliath
Keepass / KeepassX. The latter would work for you.

I bring around my database on a usb key and to add another layer of security
have a key required to open the database itself.

------
blakdawg
lastpass.com

------
dieselweasel
TL;DR: KeePass with Subversion.

In my previous position as a systems administrator, I shared responsibility
for approximately 120 Unix and Windows servers. We used KeePass to house a
master password list which was then stored in a Subversion repository.

We used KeePass because it would run on all three desktop environments used in
our shop (Windows, Mac, Linux). The single password database was protected
with a very long passphrase known by us five systems administrators and our
manager.

We used Subversion to manage updates, distribution and backups of the password
database.

The only caveat I can think of is that you have to have some sort of update
policy for what versions of the password file is authoritative or the
database(s) can get out of sync.

Our solution was to simply say the last commit into Subversion was
authoritative and it was your responsibility to make sure the copy on your
local machine was up-to-date before you started modifying it with new
information. This effectively eliminated having personalized copies on your
desktop because no one wanted to have to retype all the passwords if their
version wasn’t authoritative.

