We live in a time when cleartext usernames and passwords are leaked on a daily basis. In the last couple of months my accounts got compromised on Gawker, Sony, and MtGox. I decided it’s time to start using the one-password-per-service technique. These are tools I found in my research.
I’m currently using SuperGenPass, but considering writing my own version that uses customizeable multipass sha512, more symbol breadth in passwords, and some other improvements.
@jondoda wrote his own simple algorithm for deriving a per-site password based from a master password. I’ve seen many variations of this, they’re all very simple: Given a service name and a master password, concatenate them and run a hash function on it a bunch of times, then base64-encode the result and truncate to the desired length. Jon even wrote an Android version.
1Password is the Lexus of password management tools. It costs $39.99 for an OSX and Windows desktop license and another $11.99 for a mobile app. It lives in one file encrypted by your master password, so it’s portable and many people use Dropbox to sync it across devices. No Linux support. (Via @wolever)
LastPass has a freemium pricing model. They support all desktop platforms (OSX, Linux, Windows), but mobile devices require their $12/yr Premium subscription which synchronizes your password database with their servers.
Official client is Windows-based but has ports to all desktop platforms (Linux, OSX, mobile). Self-contained binary and database, portable. Actively developed, has a healthy plugin community with extensions for major browsers. (Via @corbett_inc)
Very barebones, self contained binary, actively developed. (Via @seanpiled)
Even more barebones, text-based, no browser integration. (Via @jpetazzo)
Somewhat unrelated but cool project, useful for sharing passwords between teams. (Via @jpetazzo)
Written by Andrey Petrov on . Updated on .