Sat, 06 May 06

Storing passwords online

I regularly access the Internet from three different locations. Quite often, I will log into my bank account or other sites that have complicated login procedures (i.e. require more than just username and password) from each of these sites. I’m not good at remembering this stuff so used to have it stored in some software called eWallet on the Pc. This was fine when I was on one computer most of the time but as soon as I started using multiple computers, including a Mac, it became problematic.

To get around the multiple computer problem, I ditched eWallet and now store all my info online, in a self-hosted slightly customised version of instiki. To achieve this in what I hope is some kind of secure way, I encrypt each set of data using gpg. I then store this data in its own wiki page. The wiki itself has very basic password protection and is not hosted over ssl but I’m thinking that because the decryption takes place on the client I should be ok. Granted, it means that my secret key is on three computers and could therefore be compromised but I hope this is unlikely…

The (hopefully) constant availability of my data outweighs the slight pain caused by having to decrypt the data each time.

I’m genuinely not sure if this is a great idea or not regards security so maybe someone cleverer than I could advise if you come across this…