November 2013 Project of the Month, PasswordSafe

I’ve been a long-time fan of PasswordSafe because it has a single function; password security. We’ve been hearing a lot about security of late, so it’s also a topical matter. Here is my interview with Rony Shapiro who is the admin for this very useful project:

d: Tell me about the PasswordSafe project please; what made you start this, and has your original vision been achieved?

PasswordSafe started off as a free closed-source utility from Bruce Schneier’s consulting firm.  Around 2001, Bruce decided to make the code open source, and chose a volunteer to set it up on SourceForge. Unfortunately, that person got caught up in the dotcom bust, and more or less abandoned the project.

I really wanted to work on this program to scratch my own itch. Specifically, (1) to support grouping entries into topics (such as banks, e-commerce, etc.) and to add a search function (e.g., to look for the entry that contains the word “robot”). Once I put out a version with these features, people started contributing ideas and code. The rest, as they say, is history.

Re “vision”: I dunno about that. It’s a large word. I hope to think that fewer people have had their accounts hacked because of PasswordSafe, but of course there’s no way to test this.

d: Who can benefit the most from PasswordSafe? Have you seen the current climate around personal privacy impact your project?

Any person who has more than one password to protect can benefit from PasswordSafe. Certainly the recent push of privacy-related issues to the headlines has made people more aware of this.

d: – What’s the best way to get the most out of using PasswordSafe?

The best way to get the most out of PasswordSafe is through liberal use of the Generate Password button: Create a separate entry for each site you use, and generate a random password for each. This ensures that (1) even if a single site is compromised, the attacker cannot use the password he’s recovered to access any of your other accounts, and (2) that any dictionary-based attack will fail, or knowing the names of your family members, pets, etc. will not help the attacker.

Another good idea is to use the Notes field to remember the fictitious answers you created for all those silly “security questions” (that should really be called insecurity questions, because they allow an attacker who found out a bit about you to reset your password…)

d: Why did you choose the Artistic 2.0 license

That was the license chosen by Bruce Schneier when he released the project.

d: Did you ever regret choosing this specific license?

I’ve had no problems at all with it.

d: – If you had the chance, what other license would you select and why?

Don’t think I’d choose differently if I had to start over.

d: What was the first big thing that happened for your project? What helped make that happen? What was the net result for that event?

Getting contributions from other people made the project much much better than anything I could have made from it by myself. I guess the first one that made me appreciate this was the autotype feature, added back in 2004. Unfortunately, I don’t have notes on who added it.

d: What is the next big thing for PasswordSafe?

I’ve started working an a new database format that should have some nice features.

d: – How long do you think that will take?

Probably a few months to a year’s worth of evenings and weekends  until something usable will come out of this.

d: If you had it to do over again, what would you do differently for PasswordSafe?

I’d probably take a go at working on it full-time and making a living off it (while keeping it open source, of course), instead of working on it strictly as a hobby.

d: – Any reason you can’t do that now?

I’ve decided to leave that as something to look forward to for my retirement :-)

d: Is there anything else I should know?

Of course: My deep gratitude to everyone who’s contributed to the project over the years, be it via code, translations, bug reports, suggestions, or plain old fashion donations. Special thanks to DK, who’s become a personal friend and companion as well as a coder, critic, and sounding board for my crazier ideas. And of course thanks to SourceForge, for years of hosting.

d: Excellent Rony. Thank you for your contributions to the Open Source community for all that you do.

10 Responses to “November 2013 Project of the Month, PasswordSafe”

  1. jdjow Nov 18, 2013 at 3:11 pm #

    One great thing about Password Safe is the myriad of compatible apps for other platforms and devices. If you use Dropbox, you can even share a safe between all computers and devices you use. One of those apps is pwSafe,which runs on Mac and iOS — http://j.mp/pwSafe & http://j.mp/pwSafeMac — and even syncs using Apple’s free iCloud service.

  2. rykel98 Nov 18, 2013 at 7:58 pm #

    Hi, I took an interest in this interview because I have been a Premium user of Lastpass for years. Lastpass is available on Windows, Linux, Android etc., gets upgraded freuently and the Company responds to trouble tickets promptly. How does PasswordSafe compare? Thanks.

  3. thomas waldmann Nov 18, 2013 at 10:13 pm #

    He’s “Bruce Schneier” (typo in interview). Congrats on PasswordSafe being POTM – good choice and well earned. If you don’t want closed source with questionable/unkown security, if you need platform support (like linux, android, windows, …), real open source development with public repo and issue tracking and good security, PasswordSafe is (IMHO) the best of the few password manager options you have.

  4. reuvenharrison Nov 19, 2013 at 2:06 am #

    Great tool! Thanks for all the hard work Rony, Bruce and all other contributors. Reuven

  5. Questionerone Nov 19, 2013 at 5:14 am #

    Is it true that Passwordsafe is readable and being monitored by NSA? If yes , you should mention it!!

  6. Susanfrazier7533 Nov 19, 2013 at 9:01 am #

    How can I share a single PW safe between computers?

  7. casi a prueba de balas Nov 21, 2013 at 10:00 pm #

    I’ve been using PasswordSafe for well over 10 years. IMHO it is the best! I love the keyboard shortcuts. Thanks for making my online life easier. I also use it to keep safe combinations and other details.

  8. SESESE Nov 25, 2013 at 3:00 pm #

    The far best functionality is AutoType. This was helping me a LOT! Thanks!

  9. JackGirardi Dec 7, 2013 at 2:26 pm #

    Just wanted to say a big thank you for scid vs, pc I have been looking for a program of any kind that you can analyze games with. Love your program and the fact you can download other engine for the analysis. Recently got a tablet and downloaded analyze this and bought the full version because it said you could down load other engines to it only to find out you only get an error reading this does not seem to be a uci engine. so It wouldn’t download them.  what a waste of $4.00. your program not only free but works as good as you advertise. thanks again.

  10. irctc login Dec 19, 2013 at 9:55 am #

    I have many passwords but i don’t know how to manage them