Password Managers, Sigh

2012-10-01, Wellesley, MA

I’ve been using pwsafe on the command line for almost a year. I chose it because it:

is open source
has a small and portable implementation
uses an open data format
was originally implemented by a well-respected security developer
shares its data format with many other projects that are more active and have UIs that might appeal more to the mainstream. Regrettably, many are not open source. (sigh)

It’s less than ideal because it:

has only a command line interface that I can’t bring myself to impose on my wife
is unmaintained which suggests, among other things, that it’s not getting security updates
has fallen behind the pace of development of the original implementation, which is a Windows app with an awful UI
isn’t available to me everywhere. I don’t have it on my phone, nor from a friend’s computer.

There is an iPhone app, and it’s even open source, but it only supports the newer “v3” database format, whereas my command line tool only supports “v2”. There is a Mac app from the same developer, but it’s not open source yet, as far as I can tell.

1Password and LastPass are tempting. Of the two, I would prefer 1Password since it delegates syncing password data to a separate service that I can choose whereas LastPass uses its own sync service. But I continue to hold out hope for a better way than trusting a closed source, proprietary program that stores my data in a format only readable by one tool.

Thanks to Bruce Schneier for the original work, to Rony Shapiro for continuing to maintain the original Windows application, and to App77 for the iOS and Mac apps they’re developing.

I love that App77 is building on Bruce Schneier’s original work and taking big leaps forward relative to the original tool’s UX. I’m holding out hope that one of App77, AgileBits, or LastPass eventually opens the source for their complete application.

Know another password manager that fits my ideal? Or one I should keep an eye on?

As a footnote, I also looked at:

Mac OS X Keychain Access - Mac only, closed source
KeePass - Mac port was unstable
JavaScript Encryption Program - Not really a password manager, but if you squint your eyes you can see a glimmer of a pure client side browser app.

Thanks to Bradley Harris for pointing out some bad information in an earlier version of this post. And to Mark Merolli for reminding me about LastPass.