Recipe 6.15 Keeping Track of Passwords

6.15.1 Problem

You have to remember a zillion different usernames, passwords, and SSH passphrases for various remote hosts and web sites.

6.15.2 Solution

Store them in a file encrypted with GnuPG. Maintain it with Emacs and crypt++.el [Recipe 7.23] or with vim. [Recipe 7.24] Create handy scripts to extract and print passwords as you need them.

6.15.3 Discussion

A possible file format is:

login<tab>password<tab>comment

Protect the file from access by other users:

$ chmod 600 $HOME/lib/passwords.gpg

Then create a script, say, $HOME/bin/mypass, to extract passwords based on grep patterns:

#!/bin/bash PWFILE=$HOME/lib/passwords.gpg /usr/bin/gpg -d $PWFILE | /bin/grep -i $@ $ mypass yahoo Enter passphrase: ******** karma24    s3kr1TT       My Yahoo password billybob   4J%ich3!UKMr  Bill's Yahoo password

Now you can type or copy/paste the username and password as needed. When finished, clear your window scroll history (or close the window entirely) and clear your clipboard if it contained the password.

Admittedly, this technique will not satisfy every security expert. If the password file gets stolen, it could conceivably be cracked and all your passwords compromised en masse. Nevertheless, the method is convenient and in use at major corporations. If you are concerned about higher security, keep the password file on a computer that has no network connection. If this is not possible, at least keep the computer behind a firewall. For very high security installations, also physically isolate the computer in a locked room and distribute door keys only to trusted individuals.

6.15.4 See Also

gpg(1).