On 6/7/2012 12:52 PM, Ryan Frantz wrote: > I wrote a blog entry about this a few years back. I tested a number of > solutions such as KeePass and ended up settling on a home grown > solution where I store my passwords in a simple text file, encrypted > with GPG, and stored on an IronKey. If I can't remember a password, I > just look it up. I only _truly_ need to remember 2 > passphrases/passwords: one for my IronKey and one for my GPG key.
Sounds solid. Where's the blog entry? Add in a bucket to store your keys, like in a a FUSE mounted cloud volume, and you'll have something like what the supported password managers like 1password and KeePass are up to only with a bigger userbase, active development, and it's not gone if you lose your Ironkey. > To be fair, I am playing the ultimate paranoid in that I'm not > trusting a program (online or standalone) to manage my passwords for > me. Without extensive testing and validation, how am I to know that I > can fully trust one of those programs not to leak my information, > intentionally, or otherwise. Remember when there used to be independent testing labs and tons of people who would do this? Now no one seems to unless they're buying it. I started using a password manager (and some other things) because I figured I should follow some of the advice I give to others to better understand their user experience. There were some surprises. I suggest trying it part time or something. -i _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
