Up until a few weeks ago I never used tools like password managers or digital keychains to keep track of my passwords, recovery codes etc. I’ve had a system in my head for each service and password where I consistently could (kind of) encrypt each password into a 16 character long string. All passwords were unique for private as well as work. However, it’s become harder and harder to maintain this system and keep track of everything. It’s also been a bit inconsistent because I’ve had to keep things such as two-factor authentication recovery codes on an encrypted external hard drive which isn’t easy to access when I need it. I needed a better system.
What do I expect from a password manager?
Since this tool will manage some of my most important digital keys, and make my life simpler at the same time, I have some expectations on it. It needs to…
- Be free software, so that I can audit and compile it myself
- Be written in a programming language that I know well enough to perform said audit
- Store all data encrypted, without sharing the private encryption keys
- Not rely on the web browser in any way, because browsers are inherently insecure
- Have clients available on all major platforms (phones and desktop versions of macOS, Linux and Windows)
- Be able to use a sync service my passwords between devices
- Provide the sync service as free software so that I can audit and host it myself
- Be able to store not only passwords, but other kinds of text information
Padlock.io ticks all the above boxes. I’ve been using it for a few weeks and can recommend that you give it a try!