Reinventing the Wheel

I hate passwords.  They are a PITA to manage.  But I know how important they are, and I realize we must have them.  So I use fairly hard ones – never the same ones across sites, etc.  Of course, this makes remembering the password you need right now almost impossible. Sure, I’ve tried a variety of password helping hacks – but most of them are machine (or at least O/S) specific, or require me remembering something I just can’t seem to remember when I really need to.

I’ve used password managers – generally they just annoy me.  I have fingerprint scanners, and they are great as long as you don’t lose the database they keep.

So for years I had this little green book that had about 150 pages of login/password information.  Dating all the way back to my eWorld account information.

Finally, after 15 years or so, and at least 15 moves, I lost the book.  Not as in, “I don’t know where it is” lost, but as in, “I know exactly where the remains of it are”.

So a few days ago I decided that what I really wanted was a secure online, replicated database.  So I started to write one.  I did most of it with Ruby on Rails and had something very functional in a few hours.  Since I already have a MySQL database for my blog, and it’s replicated across servers (and via RAID) I decided that it just made a lot of sense to use it.

It worked well, and I realized that I trusted the security enough to use it across the Local Area Network in the house, but not enough to use it over the Internet.  And I wanted to.

I started looking into mcrypt, and how to configure it with Apache and alter my code to work with it and suddenly I thought, “I need a secure,  encrypted Wiki”.  I don’t care that a Wiki isn’t structured – I do care if it is searchable.  I’ve done local search code before.  So now I have a secure, and searchable Wiki, with encryption, sitting behind my firewall.

When I get a new email with login/password info I just cut and paste it into the Wiki.  Two seconds and I am done. Even better, the Wiki lets me embed hyperlinks to the site, which is really useful.  For sites I interact with a lot (like my online banking) I created a unique Wiki page, and I paste everything important from them into that page.  Same thing for my brokerage accounts.

Sure, I could trust GMAIL to remember all of this for me (assuming I wanted GMAIL to know/remember that much about me!).  This way I control my own data – and yes, this makes me responsible for it.  And I kind of like it that way.  I would like to be able to write some code that took any GMAIL tagged “MYPWD” and auto-posted it to my Wiki.  Maybe I’ll try and do that later.

The right tool for the job had already been invented – I just needed to think a little differently about what I needed vs. what I thought I needed/wanted.  And a personally hosted Wiki, if done securely, is a damn good Password Management tool.  At least for me 🙂

Comments

  1. Actually, I am not worried about someone “stealing my key” – because to access the database from outside my house (meaning hard-wired to my LAN – no Wireless Access to this box) requires three login/password combinations. Only two are required if you are on the LAN. I *am* concerned about forgetting the passwords though.

    I remember when we got a new security system at the office with a keypad entry – we had 21 employees, and everyone had their own four digit code. I thought that was silly – because it drastically increased the odds of someone randomly entering a correct key. I would have preferred one four digit code that everyone knew. But I lost the argument.

    It’ll be interesting to see if anyone really solves this problem – Passport wasn’t the solution, and I doubt Open-ID will be.

  2. It’s an ages old problem.
    Do I keep ONE and the same key for all my doors or does every door have its own key.
    The thinking is: If I use only ONE master key, and I lose it, I’m foocked, so I’ll have seperate keys for every door instead.
    a. In the first case: if someone finds your master key, that doesn’t mean he knows all your doors!
    b. It’s not practical to carry (remember) all your keys with you, so you store all of them in a central place: of course, every key must be labeled which door it opens.

    Now, considering that the opening premise was your losing a key… What if you now lose the key to your key storage…(or someone steals it, after all THAT’s the key you always carry with you!) NOW you’re REALLY foocked… because they now have ALL the keys AND the doors!

    I’m not advocating one method over the other… but you have to think this through, and be smart about it. One database somewhere… hmmm… think again! There’re better ways…