Passwords suck, and our password managers aren't much better.
- LastPass has good UX, but is non-free
- KeePass is free software, but doesn't integrate with browsers in and of itself
- 1Password is non-free and their browser integration is "thin"
- Keeper is non-free
I believe that the infosec community can do better. Here's a high-level overview of the features I would like to incorprorate into a community-built, free password manager:
- Integrates with Firefox (because Tor Browser Bundle) and Chrome
- Encrypted locally (never publish keys, only salts/IVs); store in the cloud (ref. TAILS implementation of Tahoe-LAFS for persistent storage?)
- Anonymous registration
- Use the browser's proxy settings (for Tor support)
- Sync/manage SSL Client certificates (something that nobody else does)
- Maybe also support Android/iOS browsers?
Before I spend too much effort flushing out the granular details, I'm curious what everyone else thinks about this idea.