Hacker News new | past | comments | ask | show | jobs | submit login

I do exactly that, using keepassX. Single use, complex passwords that I change every two months, stored in a shared encrypted database.

What exactly is hard about it?

keepassX seems to be a local application: how do you use it on mobile, or when you're not at home?

Also: if the database gets corrupted, you lose access to all services; if you have backups then it's a little less safe; if the main password for the database is strong you may forget it (or need to write it down somewhere outside the system); if it's not strong it's not safe.

There are mobile clients for KeePass databases. So you just need to keep a copy of your database on your phone. That's extremely easy to do with syncing data apps like SpiderOak.

Soooo you're still using a cloud service to sync your passwords, right?

I cannot say for Android, but if you keep kdbx file on a Dropbox, you can access it with iKeepass iOS app

Android clients exist for both keepass v1 and keepass v2 :)

why shouldnt the average user write down his/her master database password and store it in the kitchen drawer?

Does keepassX manage the password changing or is that something you schedule and do manually?

You still have to do it manually I think. Having a standardized API to change passwords (a "Rotate all my passwords" buttons) would be nice, but potentially a huge step forward in automating password attacks.

Thanks. I confirmed a Debian package. If I can sync devices I think I'm golden.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact