I’ve been a long-time fan of PasswordSafe because it has a single function; password security. We’ve been hearing a lot about security of late, so it’s also a topical matter. Here is my interview with Rony Shapiro who is the admin for this very useful project:
d: Tell me about the PasswordSafe project please; what made you start this, and has your original vision been achieved?
PasswordSafe started off as a free closed-source utility from Bruce Schneier’s consulting firm. Around 2001, Bruce decided to make the code open source, and chose a volunteer to set it up on SourceForge. Unfortunately, that person got caught up in the dotcom bust, and more or less abandoned the project.
I really wanted to work on this program to scratch my own itch. Specifically, (1) to support grouping entries into topics (such as banks, e-commerce, etc.) and to add a search function (e.g., to look for the entry that contains the word “robot”). Once I put out a version with these features, people started contributing ideas and code. The rest, as they say, is history.
Re “vision”: I dunno about that. It’s a large word. I hope to think that fewer people have had their accounts hacked because of PasswordSafe, but of course there’s no way to test this.
d: Who can benefit the most from PasswordSafe? Have you seen the current climate around personal privacy impact your project?
Any person who has more than one password to protect can benefit from PasswordSafe. Certainly the recent push of privacy-related issues to the headlines has made people more aware of this.
d: – What’s the best way to get the most out of using PasswordSafe?
The best way to get the most out of PasswordSafe is through liberal use of the Generate Password button: Create a separate entry for each site you use, and generate a random password for each. This ensures that (1) even if a single site is compromised, the attacker cannot use the password he’s recovered to access any of your other accounts, and (2) that any dictionary-based attack will fail, or knowing the names of your family members, pets, etc. will not help the attacker.
Another good idea is to use the Notes field to remember the fictitious answers you created for all those silly “security questions” (that should really be called insecurity questions, because they allow an attacker who found out a bit about you to reset your password…)
d: Why did you choose the Artistic 2.0 license?
That was the license chosen by Bruce Schneier when he released the project.
d: Did you ever regret choosing this specific license?
I’ve had no problems at all with it.
d: – If you had the chance, what other license would you select and why?
Don’t think I’d choose differently if I had to start over.
d: What was the first big thing that happened for your project? What helped make that happen? What was the net result for that event?
Getting contributions from other people made the project much much better than anything I could have made from it by myself. I guess the first one that made me appreciate this was the autotype feature, added back in 2004. Unfortunately, I don’t have notes on who added it.
d: What is the next big thing for PasswordSafe?
I’ve started working an a new database format that should have some nice features.
d: – How long do you think that will take?
Probably a few months to a year’s worth of evenings and weekends until something usable will come out of this.
d: If you had it to do over again, what would you do differently for PasswordSafe?
I’d probably take a go at working on it full-time and making a living off it (while keeping it open source, of course), instead of working on it strictly as a hobby.
d: – Any reason you can’t do that now?
I’ve decided to leave that as something to look forward to for my retirement
d: Is there anything else I should know?
Of course: My deep gratitude to everyone who’s contributed to the project over the years, be it via code, translations, bug reports, suggestions, or plain old fashion donations. Special thanks to DK, who’s become a personal friend and companion as well as a coder, critic, and sounding board for my crazier ideas. And of course thanks to SourceForge, for years of hosting.
d: Excellent Rony. Thank you for your contributions to the Open Source community for all that you do.