A password manager for Org.
It is safer to keep a different password for each website that requires a password. That way, if a website gets compromised, then all your other logins are safe. With the astronomical amount of websites that are accessed by a standard person, it is impossible to remember all your passwords. A password manager provides a "one password to rule them all" approach. In this case, an Org file is protected with the-one password (the only one to remember) and contains all the other passwords (and secrets). The entries in that file can be for example of the form:
* My favorite lol-cat website
:PROPERTIES:
:URL: http://www.myfavoritelolcat.com
:USERNAME: jorge
:PASSWORD: 123456
:END:
Some notes about the website that will help to find the entry
fast with a C-s.
But you can keep more than that, for example:
* Cards
** My main credit card
:PROPERTIES:
:NAMEONCARD: Jorge Alfaro-Murillo
:NUMBER: 1234000000005678
:EXPIRES: 11/19
:PIN: 1234
:CVR: 777
:END:
** My main debit card
:PROPERTIES:
:NAMEONCARD: Jorge Alfaro-Murillo
:NUMBER: 4321000000005678
:EXPIRES: 12/19
:PIN: 1234
:CVR: 888
:END:
Or having shared properties for several entries:
* Gmail
:PROPERTIES:
:URL: https://www.gmail.com
:END:
** Main account
:PROPERTIES:
:USERNAME: jorge
:PASSWORD: 12345
:END:
** Spam account
:PROPERTIES:
:USERNAME: jorge.spam
:PASSWORD: 54321
:END:
org-passwords gives a mode derived from Org to consult the database file and copy passwords, and functions for generating the passwords. In particular, for passwords that you DO need to remember (but might forget so still want to include in the database) it can create passwords of the correcthorsebatterystaple-type.
Start out by defining your passwords file and a dictionary file, for example:
(require 'org-passwords)
(setq org-passwords-file "~/documents/passwords.gpg")
(setq org-passwords-random-words-dictionary "/etc/dictionaries-common/words")
The last line points to the dictionary (a file in which each line is a word), the one given above is standard for GNU/Linux systems.
The first line of the 'org-passwords-file' should be:
# -*- mode: org-passwords -*-
so that the file loads with 'org-passwords-mode' as major mode.
To consult your database of passwords use
M-x org-passwords
This opens the 'org-passwords-file' in Read-Only mode (to not mess with it if you are just consulting the file), and sets a timer of one minute after which the buffer of the file is automatically killed. The timer can be adjusted with the variable 'org-passwords-time-opened'. If you plan to browse for a long time and do want the timer use C-u before calling org-passwords. If you want to edit the file as well (that is just open it normally) use C-u C-u before calling org-passwords.
After having the buffer open, do a C-s to find your entry, and copy the password to the system clipboard (or pasteboard in Mac):
M-x org-passwords-copy-password
This copies the password, but does not add it to the kill-ring, that way your password is not compromised if later a bad guy that knows what C-y M-y does, grabs your computer.
If you also forget what your user name is, there is also:
M-x org-passwords-copy-username
And very useful for opening the website directly in the browser (in case there is one):
M-x org-passwords-open-url
Note that by default Org does not show the PROPERTIES, so you (or the person peeking at your computer) never have to see the actual password.
If you want to be able to display less sensitive properties while still hiding passwords, you could also use different drawers to store them:
* Cards
** My main credit card
:PROPERTIES:
:NAMEONCARD: Jorge Alfaro-Murillo
:NUMBER: 1234000000005678
:EXPIRES: 11/19
:CVR: 777
:END:
:HIDDEN:
:PIN: 1234
:END:
You also need to define this new drawer at the top of the file:
#+drawers: PROPERTIES HIDDEN
To generate a random string of numbers, lowercase letters and uppercase letters use:
M-x org-passwords-generate-password
To generate a a random string of numbers, lowercase letters, uppercase letters and symbols use:
C-u M-x org-passwords-generate-password
Both commands will ask for a length of the password. The latter is, of course, safer but it is common for websites to not allow symbols in a password.
To concatenate random words from the dictionary defined by 'org-passwords-random-words-dictionary' use:
M-x org-passwords-random-words
It will ask for the number of words wanted. Each word will be separated by the string defined in 'org-passwords-random-words-separator', which by default is "-".
The following does the same, but makes substitutions in the password:
C-u M-x org-passwords-random-words
The substitutions are made according to the variable 'org-passwords-random-words-substitutions', which is an alist where the keys are the strings to substitute and the associated values are the strings to substitute to. The default is:
(("a" . "@") ("e" . "3") ("o" . "0"))
So the password "correcthorsebatterystaple" would be instead returned as "c0rr3cth0rs3b@tt3ryst@pl3". Note: that is just an idea, you are encouraged to change the variable, for example you could do something like:
(setq org-passwords-random-words-substitutions
'(("for" . "4") ("s" . "5")))
It is also useful to set up keybindings for the functions 'org-passwords-copy-username' and 'org-passwords-copy-password' in the 'org-passwords-mode', to easily make the passwords and usernames available to the facility for pasting text. You can set for example:
(eval-after-load "org-passwords"
'(progn
(define-key org-passwords-mode-map
(kbd "C-c u")
'org-passwords-copy-username)
(define-key org-passwords-mode-map
(kbd "C-c p")
'org-passwords-copy-password)
(define-key org-passwords-mode-map
(kbd "C-c o")
'(lambda ()
(interactive)
(org-passwords-copy-password)
(org-passwords-open-url)))))
You might also want to add a global key to call 'org-passwords':
(global-set-key (kbd "C-c q") 'org-passwords)
To enter new passwords, you can use 'org-capture' and a minimal template like:
("p" "password" entry (file "~/documents/passwords.gpg")
"* %^{Title}\n %^{URL}p %^{USERNAME}p %^{PASSWORD}p")
When asked for the password you can then call either 'org-passwords-generate-password' or 'org-passwords-random-words'.
Be sure to enable recursive minibuffers to call those functions from the minibuffer:
(setq enable-recursive-minibuffers t)
Of course, keep your main password file encrypted. In emacs it is enough to for the file to have the file end in .gpg, emacs will tell you what to do when saving it. Keep this file in an encrypted drive, do not write the password to your main password file in a post-it and paste it your desk, do not use "password" or "12345" as your password, etc.
Copyright (C) 2014 Jorge A. Alfaro-Murillo
Author: Jorge A. Alfaro-Murillo jorge.alfaro-murillo@yale.edu
Keywords: password, passwords
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with GNU Emacs. If not, see http://www.gnu.org/licenses/.