webpwman released
webpwman is an online password manager that I wrote in CherryPy, that can import from KDE pwmanager CSV exports, and run behind an SSL-enabled webserver (which also prevents MITM attacks). It asks 3 security questions, which it randomly rotates on every correct login and asks for a master password which is used to decrypt the password from a json file. The idea being, that if you're on a compromised public terminal, then the bad guys should only get the passwords you viewed that session.
It needs no database engine and supports only a single user, as I don't want to endorse storing your passwords with third parties, although I need such a tool as I can't remember my randomly generated passwords when out and about.
I'd like to take this moment to congratulate the CherryPy team - I really like it, but your deployment documentation wasn't thorough enough for me, and I had to do a lot of googling to get it to sit behind another web server.
Overall I've tried to keep it simple, and I'd appreciate any feedback, criticism or feature requests, especially regarding vunerabilities, as this is my first CherryPy project. Download and install webpwman here »
comments