I hate passwords. They are a PITA to manage. But I know how important they are, and I realize we must have them. So I use fairly hard ones – never the same ones across sites, etc. Of course, this makes remembering the password you need right now almost impossible. Sure, I’ve tried a variety of password helping hacks – but most of them are machine (or at least O/S) specific, or require me remembering something I just can’t seem to remember when I really need to.
I’ve used password managers – generally they just annoy me. I have fingerprint scanners, and they are great as long as you don’t lose the database they keep.
So for years I had this little green book that had about 150 pages of login/password information. Dating all the way back to my eWorld account information.
Finally, after 15 years or so, and at least 15 moves, I lost the book. Not as in, “I don’t know where it is” lost, but as in, “I know exactly where the remains of it are”.
So a few days ago I decided that what I really wanted was a secure online, replicated database. So I started to write one. I did most of it with Ruby on Rails and had something very functional in a few hours. Since I already have a MySQL database for my blog, and it’s replicated across servers (and via RAID) I decided that it just made a lot of sense to use it.
It worked well, and I realized that I trusted the security enough to use it across the Local Area Network in the house, but not enough to use it over the Internet. And I wanted to.
I started looking into mcrypt, and how to configure it with Apache and alter my code to work with it and suddenly I thought, “I need a secure, encrypted Wiki”. I don’t care that a Wiki isn’t structured – I do care if it is searchable. I’ve done local search code before. So now I have a secure, and searchable Wiki, with encryption, sitting behind my firewall.
When I get a new email with login/password info I just cut and paste it into the Wiki. Two seconds and I am done. Even better, the Wiki lets me embed hyperlinks to the site, which is really useful. For sites I interact with a lot (like my online banking) I created a unique Wiki page, and I paste everything important from them into that page. Same thing for my brokerage accounts.
Sure, I could trust GMAIL to remember all of this for me (assuming I wanted GMAIL to know/remember that much about me!). This way I control my own data – and yes, this makes me responsible for it. And I kind of like it that way. I would like to be able to write some code that took any GMAIL tagged “MYPWD” and auto-posted it to my Wiki. Maybe I’ll try and do that later.
The right tool for the job had already been invented – I just needed to think a little differently about what I needed vs. what I thought I needed/wanted. And a personally hosted Wiki, if done securely, is a damn good Password Management tool. At least for me 🙂