Clef is interesting, but I can’t find any source for it, so it is dead in the water. Unfortunate, because I think that is a good direction to go for passwords. And it is so simple, too: they could release their software and host it for 90% of the people who use it, until Google bought them (which would probably bump it up to 99% because of scale [for a few years, until Google tires of it and sunsets it]).

Where do the passwords live?

I want to stop using Basecamp, but it fulfills my simple use case of storing passwords for clients.

I use Basecamp, off and on. I normally use it really intensely for about 6 months, while working on a project, and then it just sits there. I like Basecamp as a product, but it is a closed, hosted software as a service, and that really bothers me in the downtime, since at that point I am just paying them to store a project archive for me.

As it happens, I’ve largely mitigated all the features of Basecamp:

  • Messaging – Turns out that none of my clients appreciate the ability to search through the message archive, and since I am normally looped into every message, I don’t miss anything.
  • Documentation – When I can, I use a wiki to document development stuff. This works for some projects, and not others; for those we defer to email.
  • Files – I use ownCloud, and my clients normally just email me files of a certain size. Annoying, and could use a different way.

There is one thing that I haven’t figured out, where Basecamp excels: passwords. Because I normally work alone, and even when I am heading a team I handle all the accounts and infrastructure myself, I am the only person with all the passwords. I create a document called Credentials in each project, and put all the login and passwords there.

The idea is that if one of my clients needs to, they can check that to get access. I used to warn against them doing that without talking to me, but I decided that it was a better plan to just make sure I always have offsite backups and let my emergency rates reinforce how dangerous playing with those accounts can be.

If I didn’t do this, the only place the passwords would live would be on a sticky note on someone’s monitor, or even worse, a text file on a laptop (in my case that is fine, since I use multiple forms of encryption, but I doubt this is common…).

Ideally I would have a secure website that I could dump this stuff on, that I could share with folks who need it. I don’t use private wikae, and while I think everyone should have an ownCloud account somewhere, that is not the fact of the matter.

Ideally I would host some lightweight project management software, but that is really an oxymorom; it ie either impossible, or humans have no quite figured out the right formula. So, where do I keep the passwords?