Web lists-archives.com

Password Manager opinions and recommendations




I started reading up on password managers in order to consider using one.  

Up until now, I've made up passwords myself, and stored them in an encrypted 
file.  Some of the drawbacks include: 

   * I keep the passwords on the short side
   * I don't change the passwords as often as I should
   * I sometimes use the same password on more than one site

All of the above because it is not convenient enough for me to do better.

My head is just not "into" reading about password managers--it just seems to 
be too boring to really get into, so, I thought I'd try posting here to get 
opinions and recommendations from the list.  (I am continuing my effort to 
read--maybe I'll get a renewed burst of enthusiasm after I send this ;-)

Here are some of what I think are my criteria for a password manager:

   * encrypted storage on my own machines (no storage "in the cloud")
   * ability to transfer to other devices, including Android tablets and 
phones--either all the passwords or just one for some special logon on a 
machine I don't normally use.  Currently I do almost everything (that requires 
a password) on one of my desktop computers.  I have a laptop that I use very 
occasionally.  Occasionally I've had to go to a library (or similar) to use a 
Windows machine.  I do have an Android tablet and phone, and, in general, I 
don't use that for confidential type stuff (no banking, for example), but that 
could change if either I feel very secure or in some sort of extreme 
emergency.
   * (a repeat of part of the previous bullet) a means to easily take an 
individual password to another machine for occasional use of another machine 
   * a means to recover all the passwords if the password manager becomes 
defunct (and this also implies backup and restore capabilities)
   * a means to automatically generate secure passwords
   * a means to automatically update passwords on the target websites (to 
facilitate regular / frequent password changes)--this is probably a stretch--I 
mean something that would work its way through the various screens and prompts 
to change a password with a minimum of manual intervention by me

As an alternative to a password manager, I may create my own memorizable 
password generator "algorithm" that I can mostly use "in my head".  For 
instance, it could be something like this:
   * think up a multiword phrase, possibly with a mnemonic connection to the 
target website (or, have a means to extract them from a book, e.g., the 3rd 
sentence of the 5th chapter of War and Peace--or maybe the first sentence in 
the book that contains the word bank would become the passphrase for my bank).
   * have a consistent substitution algorithm, which might do things like 
this:
      * capitalize the nth letter of each word (or the nth letter of the first 
word, the (n+1)th letter of the 2nd word, ...
      * substitute (or insert) a punctuation mark for (like above) the mth 
letter of each word (or the mth letter of the first word, the (m+1)th letter of 
the 2nd word, ... --the puntuation might be selected in, for example, keyboard 
order (or reverse keyboard order) across the numeric keys (e.g., !@#$%^&*() 
(although maybe some of those might be invalid in (some?) passwords)
      * some other similar generation rules

Obviously, having "published" these ideas, my actual implementation will be 
somewhat different ;-)