Friday, August 19, 2016

[glzluqcv] Desirable features of a password manager

Open source, so that anyone can audit the code and fix bugs.

User configurable password hashing function for the master password, whose difficulty can be set as high as the user desires, or increased as attackers' computer power grows.  Probably also the ability to choose the hashing algorithm, with ability to add new ones.

Endorsed by reputable people or organizations who have audited (or authored) the code.

Network access not required, to store passwords on an air gapped computer.

Optional network access for cloud synchronization, though that could be provided by a separate utility such as Dropbox.

Passwords stored encrypted with a master password.

Clients for all platforms.

Store arbitrary user-defined metadata with passwords.

Roll back the password database, though that could be provided by a separate backup or version control utility.

Integration with browser to automatically fill in the password field of login forms.

Generation of random passwords.

Multiple users and passwords for a site.

No comments :