I spent the past several weeks designing & implementing my own password manager. For context on that, take a look at Password Managers. Under the heading Security, I noted that I would revisit this in-depth after working through the project. I’ve decided not to use my own online password manager. This post explains what I found & why I’ve decided that it’s not more secure for me. Introduction & Methodology To maintain unambiguous compliance with the Computer Fraud and Abuse Act (CFAA), I utilized only systems over which I had complete ownership & control.
I’m exploring password managers. I want to test my current opinion & biases against what actually works. To do this, I’m designing and implementing my own password manager. What exactly is a password manager? In its simplest online form, a password manager is a scheme that automatically retrieves & presents to its associated website a password to satisfy a login challenge. A typical implementation involves storage of passwords mapped to users maintained in a commercial service which itself requires an authenticated login to utilize.