Password Manager

I spent many hours debating the best way to manage passwords. I almost went with LastPass or the like, but I’m not happy about the prospect of their systems being hacked. Also, I was able to configure a custom solution that mimics their system pretty well, sans the not so secure in-browser plugins.

There are a few moving parts to this system. First, there’s the JavaScript that encrypts and decrypts the password strings. This JS not only decrypts, but it also formats the data into a an easily readable form.

Once encrypted, a PHP file saves the strings to text files on the web server. A daily cron job checks for changes to these text files, and if there are updates, it archives the text files to a RAR with a date stamp. The RAR is backed up to a Windows desktop using a Windows batch file – this is probably overkill, since I also email the encrypted text to myself.

If there are updates to the text files, it also fetches the encrypted content from all the files, and puts it into an email as plain text and sends it to me. The encrypted text can be input to an HTML file on a public web server with the same JS as the PHP file on the internal server, so I decrypt from a remote location.

This setup took many hours. The JS encryption took about 20hrs; the backup system took another 20hrs; and the file check and email another 20hrs. In days, it took about a month and a half, since I can work on this only a few hours at a time – at best.