Re: Update: Re: Password Manager opinions and recommendations
> Thanks to all who replied!
> I thought I'd summarize where I am:
> I like three of the suggestions (from what I've seen / investigated (slightly)
> so far, but with some comments:
> * pass: appeals to me a lot--the one problem for me (for which I believe
> I've found the solution) is that it stores the encrypted password files in my
> /home. I have what might be called a "religious" aversion to storing what I
> consider "real" user data in /home. I've looked at the source code, and I see
> where $HOME is used to create that directory. If I use pass, I will, at the
> very least, modify that in my own copy, but also write to the author and
> suggest that he allow a command line parameter (or config file) change the
> location of the directory.
Set the PASSWORD_STORE_DIR environment variable to point to your
location of choice. This is mentioned in the "Environment Variables"
section of the pass(1) manpage.
One thing I like about pass is its ability to encrypt using multiple
keys. This lets me use the repository both on my computer and my phone
without the private keys leaving either device.
> * I like the approach that http://masterpasswordapp.com/ takes to create
> passwords and, iiuc, recreate them each time they are needed rather than
> storing them anywhere. I'll read up a little more on that.
> * I haven't spent much time on keepass--maybe in the next day or so
> * I also like the approach suggested by Abdullah Ramazanoglu (and the
> somewhat similar Diceware), but I almost didn't find the emails from Abdullah--
> for some reason my email client did not receive them--I've done a search of
> all the local email files (on my computer) (including trash, which I have not
> emptied in the last several days), and I've searched the Google email spam,
> trash, and all folders. I'll be digging into this and possibly seek help in a
> new thread.