Online Password Manager

Posted on 2009-12-17
Last Modified: 2013-11-13
I want to make an online password manager for my own use. The risk I am taking it because it is not possible for me to take a laptop with internet everywhere. With over hundreds of website I've subscribed into, it is becoming messy for me to live with so many usernames and passwords.

What would be the right approach?

(1) Which language/framework to use? Ruby or PHP.
(2) Which Open-Source crypto library and pseudo-random generator?
(3) What other security considerations?
(4) Is PostgreSQL the right-choice?

I want to release it as an open-source.
Question by:rpkhare
    LVL 14

    Expert Comment

    I'm lazy, but there's already password managers out there.

    source for more:
    LVL 10

    Accepted Solution

    ruby and ruby on rails is probably the easiest choice.

    It'll handle the encryption and security like a dream.. as for the database engine, I think its up to you!

    The database/database server is only as secure as you make it, you can ip lock the server and db access etc.

    LVL 1

    Assisted Solution

    If you want an "Online" password manager, then LastPass is a great choice.

    Not only they have an excellent track record and are recommended by Mozilla but they also, give superb secondary security options like using a Yubikey or a USB drive as a secondary verification device along with your password to sign in.

    So even if your Master password is compromised, the hacker cant login to your password database without getting their hands on your yubi key or USB drive, which almost makes it foolproof and secure!

    Would like to hear your thoughts on this! Good Luck!
    LVL 8

    Author Comment

    One such application, Clipperz, is lacking funds to grow. How healthy is the financial status of LastPass?<input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden">
    LVL 12

    Assisted Solution

    In addition to Clipperz (which you mentioned), I found the following open-source web based password managers:
     - pasonda:
    It is written in PHP, and released under a BSD license.  However, it's last release was in 2002, so it is clearly not under active development.

     - w3pw:

    Also written in PHP, it is released under the GPL.  It's most recent release was just last August, so it's development is more active.

     - Web KeePass:

    This is a web-based version of the Windows version recommended above.  It is written in Java, and the installer uses (or assumes, not sure which) Tomcat and MySQL.  It's last release was less than a month ago.

    If you are more interested in installing and using this from your own servers, then w3pw and Web KeePass are probably the best options.  Both of these are also likely to accept development contributions from outsiders (although that is just a guess, not speaking from personal experience with either project).  And if you _really_ want to build your own from scratch (or nearly so), either one of these could give you a working example to port to Ruby on Rails.  ("Port" being used loosely, as a direct port is very unlikely to map directly to a Rails-imposed architecture.)  Note that I have not researched any reported vulnerabilities with any of these projects, nor conducted any security review of the code.  So you may want to do that yourself before proceeding with a porting project.
    LVL 8

    Author Closing Comment


    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    In this era, as you know, cybercrime and other sorts of frauds using the internet has increased day by day. We should protect our information assets and confidential information from getting exploiting by the attacker or intruders. Most of the fraud…
    By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
    The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
    The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now