When I switched from working at BrightTag to my short-lived position at Shift, I took the opportunity to completely change how I was using and saving passwords. For about 5 years, I was using a simple hidden, encrypted file on my home server to store a username/password and whatever other info was useful to have in such a file to keep track of all my accounts and banking info. It worked well enough, but still had several drawbacks, the biggest of which of course was needing a terminal, ssh, and enough of a keyboard to type my ridiculous passwords to access my server and aforementioned file any time I had to look up a password or store a new one. It also was not very secure nor was it stored in a reliable fashion - if something had happened to my server’s hard drive I would’ve been at the mercy of my not-so-frequent manual backup system.
I know that I wanted to stick to the important rule of never repeating your passwords while still keeping them long and strong, but I didn’t want to lose the ability to access them remotely in a secure fashion. I tried out a couple password managers but landed on and really grew to like KeePass (and its android cousin, KeePassDroid).
For a couple months now, any time I need to make a new account I use its built-in password generator which generates a very nice long, random password and store the other account details in a new entry in a neatly-organized folder system. I’ve been moving stuff from my file into it slowly, too. I’m only about 25% done (because the task of actually going through and moving all of them seems a lot less fun than writing new blog entries), but it’s working really well for me by always saving the kdbx file into my Copy and Dropbox folders. (If you don’t know about Copy, it’s just like Dropbox but they give you way more free space and a nicer set of tools for running it on a linux box).
As much as I like Copy however, the Dropbox android app does a better job of letting you open files with specific applications, and its OS integration means when you browse the KeePassDroid app looking for a database file, you can go into the Dropbox app to open the most recent copy of the file you saved.
So, TL;DR, here’s my setup;
1) On my desktop and laptops, read and write to the keepass file that’s in my Copy folder.
2) On my server, I have a cron which makes a backup of the file from the Copy folder into my Dropbox folder.
3) On my phone, I use the Dropbox app in conjunction with KeePassDroid to read my current passwords. It’s worth noting that the write support for kdbx files from KeePassDroid is experimental.
That’s it! It’s really simple enough that I feel a bit sillier for not doing it sooner. Now that I’m used to it it’s a lot nicer than reading that big file into VIM every time :)