Originally Posted by Phanx
I use PasswordSafe. Its storage is strictly local, it's open source, and it was originally written by Bruce Schneier. It's a Windows app, but there are also ports for many other platforms including Android and iOS. If you want to use it on multiple machines, either put your password file on a USB stick, or sync it; I now use SpiderOak for syncing due to their strong encryption and zero-knowledge policies (basically, everything is encrypted locally before it's uploaded, so they have no way to even know what you're uploading).
Since switching to this system, my passwords are all (well, at least the ones I've gotten around to changing) very long strings of random characters. I still let my browser remember passwords at home, though, because (a) I'm lazy, and (b) if someone has physical access to my computer there are far more embarrassing/incriminating things for them to get into than my GitHub account, and (c) if the NSA wants to look at my email or bank account, they don't need my password anyway. |
Why do you trust SpiderOak for not saving your password? The client that generates it is closed source so no way to know it for sure.