There's always another way to skin any given cat. Now that you mention it... I get pretty bent out of shape about this... As is really bloody pissed.
ALPass does what 99.999% of people need/want.
I thought, here’s one I haven’t heard of, let alone tried. Oo. Roboform plus support and maybe even some integrity. Mm. Lots of yummy features. Excellent.
Then I saw the last line of text on the page.
ALPass requires Internet Explorer. It does not currently support Firefox, Opera, or other alternative web browsers.
Really? Even now?
Is there an emoticon for “disappointed”?
If you lose your ALPass master password, you're hosed. Completely hosed. Toast. Dead. Screwed.
I know people get worried about the cloud, but the same is supposed to be true of Lastpass. Lastpass have Firefox and Chrome versions, I even managed -- after a fashion, and before I finally abandoned it -- to use the published workarounds for Opera. They even have an Android variant -- although that’s outside the things that are available for free, and it wasn’t quite as functional as I’d like.
Keepass (I seem to recall) has a linux variant. For that matter, although we’re all wary of the company behind the product after lots of us (yes, me included) had our lifetime licenses summarily revoked, Roboform’s security and functionality was years ahead of everyone else.
If these products delivered what people wanted, everyone would have them already. Something. Any-bloody-thing. No, what people want is not to have to think about it, and to be able to use PASSWORD123 on every website, banking service, data repository and fire alarm they ever meet or, better yet, nothing at all, and still to be able to complain, loudly and bitterly, that they’ve been let down by IT when their security is breached by some script kiddie with nothing better to do for ten minutes.
THAT is what most people want. Clear text is just madness.
I think, if I’m honest, most people want to feel secure without having to take many actions to ensure their own security. I KNOW I take password security more seriously than almost every normal (ie non-techie, non-geek) person I’ve ever met, and even I have a few frequently-used passwords stored in a CHS database. But there are people (no names, no pack drill) I know who COMPLAIN when their (carefully chosen and configured) DNS service stops them from routing a url via one of the snoopiest websites known to man because it means they can’t always click on a link in an email to a “bargain” new shiny thing.
There IS an overkill issue. Throw enough computer power at any stored, encrypted password and it’ll -- eventually -- be hacked. We tell people this and then that they have to use passwords they’ll struggle to remember and the last bit -- there’s a thing they can use to remember their passwords for them -- doesn’t make them feel that there’s a solution to the problem, it makes them feel like they’re handing over even more control to the technology brigade. And we wonder why people write their passwords down?