From DJ Arnel G.\'s Flickr - Chuck! (http://flickr.com/photos/djarnelg/)

In my day to day life, I use 5 different computers and 2 PDAs.

I know. It’s ridiculous.

Heck, I even make fun of myself.

I’m trying to figure out how to manage the passwords that I need in such a way as to ensure that they are always available, yet maintain the break between what is mine and what is work’s.

Let’s talk password management for complicated people — after the break

Here’s what I’ve got:

Processing Devices

  • Home (OS X, WinXP, Ubuntu)
  • Work 1 (WinXP – local admin, BB)
  • Work 2 (WinXP – no priv, BB)

Authentication Credentials

  • Home Internal – approx 5
  • Home External – approx 10
  • Personal Web2.0 – approx 20
  • Other Family Related – approx 20
  • Work 1 Internal – approx 4
  • Work 1 External- approx 10
  • Work 1 Web2.0 – approx 10
  • Work 2 Internal – approx 10
  • Work 2 External- approx 5
  • Work 2 Web2.0 – approx 10

That’s about 104 pieces of authentication material. Some of it is mine, some of it is related to one of the two work places. And at any given point, I may need passwords from two or three of those lists simultaneously. And interestingly enough, there isn’t one solution that covers all of those potentials.

Looking at this from a user centric perspective, you’d rapidly begin to agree with Schneier — write em down and keep em with your wallet.

From a paranoid security wonk perspective, it’s time to start memorizing.

From a “goodness sakes, I need to get back to DOING my work” perspective, I need a solution.

There are tools available, even cross platform ones.

Except that none of the tools I’ve looked at support having a synchronized store that is protected in a meaningful way.

At this point, the best that I’ve managed is the one that is the most “sneaker-net”ish.

A TrueCrypt 5.1a volume stashed on a very small USB key on the same ring as my RSA SecurID fobs (I actually have the older SD600 type) that contains a plain text file for each authentication credential. I use Unison to manage the synchronization of the contents of the travelling TrueCrypt volume onto each of the stationary volumes.

What a pain in the proverbial.

So – how do the rest of you handle your authentication credentials? Where’s the brilliant answer?

Slap something in the comment field below and I’ll summarize for a later post.

Comments

  1. I have made a partly successful stab at this. I use Password Safe (http://passwordsafe.sourceforge.net/) using the zipped form, which can be installed on USB flash, and the now fairly old version for Pocket PC (WM5/6). I don’t have a PDA phone that can connect to thumb drive, so I must keep several versions of my password safe db around.

    As I noted this is not a complete solution, and I have to remember to keep the various versions of my password db up to date, with backups.

  2. I am fortunate to primarily use 1 laptop and 1 windows mobile device but I roam a bit an use machines that belong to family and affiliated institutions. My solution has been KeePass Password Safe. It is licensed under the GNU General Public License and has ports available for Windows, Linux, Mac OS X, Windows Mobile, and J2ME. I am using the older 1.x version for cross platform compatibility but there is a flashier version 2 in development (windows only for now). The database is encrypted with your choice of AES or Twofish encryption ciphers.

    KeePass does allow for import of passwords using various formats. I would imagine you could mung your text files into a format it would accept. I also suppose you could continue to use Unison to sync the KeePass password database file between the many machines you use.

    More KeePass info:

    http://keepass.info/
    http://en.wikipedia.org/wiki/KeePass

  3. I use whisper32 to store all my passwords on a portable HD. I have two different pw list files and encrypt the more important one with dscrypt for a little extra security. Dscrypt and whisper32 can both be run on portable devices.

  4. Shane, Andrew and Matt,

    Excellent comments all — I’ve tried all of those solutions at one point or another (note there is a Password Safe compatible client for OSX as well – Password Gorilla at http://www.fpx.de/fp/Software/Gorilla/)

    I just wish there was an all inclusive option that didn’t include my brain.

    Time for the implant.

    Oh and Andrew — it’s never too much 😀

  5. I use TrueCrypt, too. Have been using it for years. For the server farm, we use an LDAP variation. Most of the servers are UNIX and LINUX based, a few are “odd balls”, so many of the servers support LDAP.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.