Saturday, August 11, 2007

Password Managers

I'm convinced scientists will one day discover that the human brain has evolved a completely new area devoted to remembering PINs, user ids, passwords and all the other assorted digital data that is fast overwhelming our daily lives.

There have been corporate moves to rationalize the situation by introducing unified-login systems - like Microsoft .NET/Passport/Live ID - but well, look, that's already been rebranded at least once and do YOU use it more than strictly necessary? Read Why Does Microsoft Passport Suck?

Google is another example of how not manage logins. I love Google. I love what they've done for the web and the net. However, I'm concerned because they've become a corporate behemoth. History shows that it is pretty damn hard to stop massize growth in size and reach from having a weakening and corrupting influence. There simply aren't enough good people to go around, and managing things that big, with the humans available, is nigh on impossible. That's what limits both the size and effectiveness of good kibbutzes (PDF), and the success of communism. Just! Ask! Yahoo!

Not that I know a better way for Google to do it. But it's not easy. It's a pretty sobering thought that today's capitalism, despite all its drawbacks, may, given the humans we have to play with, in fact be the best option available.

Indeed, management can be such a challenge that I've gone a bit off-track. What was my point? Oh yeah - managing passwords.

In a series of articles, I'm going to detail my experiences trying to rationalize my own online user ids, passwords and any other online crap I need to organize.

It won't be easy. To return briefly to the Google and Yahoo! situation, if you use services like Gmail, Google AdSense, Google Analytics, Blogspot/Blogger, Yahoo! Mail, flickr, YouTube, etc., you will already be well-acquainted with the mess you can get into trying to stay conveniently logged-in to, or just trying to return to, some or all of those accounts on a regular basis. Throw in the short-comings of browser cookies, and it's a real headache.

Oh, and did I mention that, with advancing age, keeping those details in memory becomes ever more difficult/impossible?

If you're trying to develop even a basic online business based on blogging/advertising and/or other websites, you'll no doubt already have the following:

1. webmail accounts - at least a few (it's foolhardy to depend on just one)
2. blogging accounts - at least one with a major service
3. PayPal account
4. Google accounts - for Gmail, Ad Sense, Analytics, Blogger
5. eBay? - c'mon, who hasn't at least tried?
6. Amazon (all those little revenue shares add up)
7. Statsaholic - simpler and easier than Google Analytics (which does have its uses)
8. web hosting - perhaps more than one
9. DNS/domain registrar - usually more than one
10. logins for all the password protected directories you might have
11. logins for cPanel or similar for each web hosting account
12. PHPadmin logins for each hosting account

If you're even more experienced/into it, you'll no doubt have separate local and remote development servers, each one requiring multiple logins.

Oh yeah, and what about that great legacy of logins for all those services with which you've dabbled in the past and maybe still use about once every six months. Even if you don't still use them, you never know when they'll come in handy.

Lycos, Netscape, excite, financial data sites, product support/registration....

Then, there is all the online content/functionality that really needs logging in:

Digg, Slashdot, Metacafe, the New York Times, the Wall Street Journal, the Financial Times, Fark, b3ta....

The list goes on and on.

What we need is a password manager. One of the best-known is RoboForm/RoboPass. But to get all the functionality you need from RoboForm costs MONEY. And last time I checked, it didn't support Linux,

which adds the final requirement to the mix:

Can we get an open-source password manager that works, is as secure as we need, is portable and works on all the platforms we need?

In this series, I will detail my own experience researching, testing and using open-source password managers. I have already identified three candidates: KeePass, Oubliette and Password Gorilla.

If you have any other suggestions, feel free to comment.

and stay tuned....

No comments: