Alright, I give up. For a very long time I’ve been wary of specialized, often proprietary programs for organizing my data. Keeping a sensible directory structure always seemed to be good enough, without having to worry about programs becoming obsolete, incompatible metadata formats, licensing changes, platform restrictions, data-corrupting bugs, and so on.
But, I’ve reached the breaking point. There are some things that have just become too unwieldy to manage with my ‘old school’ ways, or features I’m missing out on that I can’t easily replicate myself, so I guess it’s time to start giving these programs a chance.
And first up, of all things, is passwords…
I’m the paranoid sort that just has to have a different password for nearly everything, lest one slip wind up allowing half my life to be compromised. Unfortunately, the longer you use the Internet, the more passwords you need, be it for mailing lists, shops, forums, games, banking, support sites, web apps, and so on. I think I had just over a hundred different ones, at the last count.
I originally kept track of passwords by storing them in a simple text file on my Linux server, trusting in the standard Unix security to keep them safe. After a while though, I started worrying about what would happen if my system was stolen — even without the ‘secret’ bits needed for, say, full banking access, a person can do a lot of damage with your Paypal or eBay info. I created an encrypted filesystem via loopback and started keeping my passwords and other private data there instead.
Things stayed like that for quite a while, but having to manually mount that filesystem every time I booted the machine was annoying, and I started worrying about potential exposure through things like PHP hacks and privilege escalation exploits, since even though it’s encrypted on the physical disk, it’s still visible as plaintext through the filesystem interface, in the cache, etc. It also meant I depended on being able to reach my server in order to get at the list, but I was using my laptop more and more.
So instead, I’ve turned to password management applications. Fortunately, it looks like there’s a common “pwsafe.dat” format supported by multiple different applications (pwsafe on Linux, PasswordSafe on Windows, Password Gorilla on OS X and others, etc.), so I don’t have to worry about those previously mentioned concerns too much. I can also make copies of the database and keep them on my laptop and on a thumb drive, so I don’t need to rely on my server, and can merge the databases back together if I make changes on the road. Most of them will also help generate good, strong passwords with certain properties and a minimum amount of randomness.
I’m still slightly uneasy since the passphrase protecting the database could now be stolen by things like keyloggers, if I use it on an unfamiliar system. But, there are limits to how much protection is practical before you cross over into the realm of debilitating paranoia.
Adopting a new method of managing passwords was a lot easier, however, than my next task, cleaning up my music collection…