The recent high-profile hacking of many sites has brought to my attention that I probably ought to change many of my passwords. While I don’t think any passwords of mine that I use in more than one place have been compromised, it’s only a matter of time, especially as like many people I tend to only use a few passwords and variants thereof, particularly on “low-security-needed” sites like message boards.
So, I want to go through everywhere that I use a password (a daunting task to try to figure out in and of itself), and do things “the best way”, of having my passwords actually be completely random strings, and having the list encrypted in some sort of password management program with only one secure master password needed to get to the list.
I’ve looked into some programs online, as there seem to be a variety of programs out there for this task, but I haven’t found anything that’s exactly what I’m looking for. It’s highly likely that exactly what I’m looking for doesn’t exist, but I figured I’d see if anyone knew of one that did.
My absurd list of probably contradictory requirements:
- Cross-platform, including Mac OS X, Linux, Windows, iPod Touch, and Android.
- Syncs between computers/devices automatically (sufficient to be able to use Dropbox for this).
- Easy to verify that all encryption/decryption happens on the client side, so that the only bits sent over the Internet have already been encrypted with the master password. Being open source is probably the only way to really fulfill this requirement.
- Able to export all data in case of needing to migrate to another program.
- Generation of ridiculously secure passwords for you, within whatever the constraints are of the system that the password is being set up for.
- Integration with Opera for login to web sites.
- Being able to add arbitrary text to store encrypted with everything else, that isn’t associated with a particular web site.
- Being able to add arbitrary text to store encrypted with a login for a particular web site (such as the answers to that web site’s multi-factor authentication).
- Being able to include Client SSL certificates or other X.509 certificates with their private keys.
- Being able to include private keys/files in other forms, such as Bitcoin wallets or GPG keys.
- Multi-factor authentication, without it being a huge pain every time I need to use a computer. (I said these requirements were contradictory, after all.)
- Some way for my wife/heirs to be able to easily access it if “something were to happen to me”.
It’s something I’ve been mulling over for a while, but it may be that I want so low-level control of the system that I really just want a TrueCrypt volume on DropBox or something and deal with it not having everything I want. But I figured I’d at least ask for the world in a public setting, and hope that somehow the world will provide me with everything I ask for.