

Show HN: passwd.io - a no frills no setup password store - ManuelKiessling
https://www.passwd.io

======
karl_gluck
Hey, that's a lot like what I built--and from the comments so far, the gripes
about having to trust that the files are not modified would also apply to
Cryptasia (<http://www.cryptasia.com>).

Having to trust that the site won't be hacked is an interesting problem--I
suppose both our projects could be made more Trustworthy if users had a
separate service that ensures that files served by the website don't change...
a Chrome extension might be an interesting way to do this validation. Sounds
like another weekend task :)

Anyway, cool project!

~~~
ManuelKiessling
Indeed, looks like we found a problem worth solving :)

Edit: cryptasia is a really clever idea, kudos!

------
AndyKelley
The obvious problem with this is that the user has to trust passwd.io. Even
upon auditing the website's code, it could change the next time the page is
accessed. Not only does the user have to trust passwd.io, they have to trust
that passwd.io doesn't get hacked. This is a fundamental problem with a web-
based solution.

~~~
ManuelKiessling
Yes, that's true. I've thought about that a lot. Maybe the solution is
something like a third party monitoring the client side code or something.

------
mhellmic
What if you rely on the service to know all your password and you only know
your key to the service .. and then somebody manages to take over your account
(getting access to your mail address) and to delete all your data?

That would be not as bad as him knowing your passwords, but still
inconvenient.

~~~
ManuelKiessling
This might sound stupid, but the most straightforward solution I can think of
is to back up the passwords locally every now and then.

Some background: I wrote this to scratch my own itch. I have really secure
passwords, and different ones for every site I use. I keep those in a
Truecrypt container, which is stored on my Dropbox.

That's secure, but it's not convenient. I simply can't securely access my
passwords while on the road, e.g. from a friends computer or from my iPhone. I
would always have to install Truecrypt and get the image file from Dropbox
etc.

I wanted something with a true zero setup. I can still back up the passwords
to my Dropbox Truecrypt image once per week.

------
ManuelKiessling
I'm still not sure if this idea is any good. Let me know what you think.

