Spring Sale! Save 30% on all books w/ code: PLANET24
Web Dev + WordPress + Security

Roll Your Own Simple Password Manager on macOS

Password Manager I’ve tried 1Password and Dashlane, and several other popular password managers for both Mac and PC. It always seems to be the same thing: things start off great and then go downhill from there. For example, I was loving 1Password, and then it locked me out of my password file/account. Likewise for a couple of years Dashlane was great, but then they started making drastic changes like moving from standalone app to browser extension Web-based UI. The confusion involved with that change is what prompted me to finally figure out another, simpler solution for storing and managing passwords and other sensitive information. Turns out you can get security and freedom via DIY.

You don’t need an app to secure your passwords.

Contents

I don’t want “cloud based”

Unsatisfied with the costly, confusing, and bloated 1Password and Dashlane, I spent some time researching options for alternative password manager apps. Unfortunately everything I found for macOS is cloud-based. And I’m here like “no thank you” — I no longer trust any third-party service with my passwords. So that rules out most of the big ones:

  • 1Password
  • Dashlane
  • NordPass
  • LastPass
  • RememBear
  • Keeper
  • Sticky Password

I did find Keepass which looks like a good stand-alone non-cloud based password solution. But they are not developing for macOS only PC/Windows (see update below). All other apps that I could find insist on making things as convoluted and opaque as possible, requiring you to provide your “master password” right up front, before even opening the door you have to give it all up. It’s just not for me, not for my passwords.

For managing passwords, blind trust is never the solution.

Update: After writing this post, I discovered KeePassXC, which is developed for macOS, Windows, and Linux. I am experimenting with this app currently. So far it looks like it checks all the boxes for a solid, non-cloud password manager solution.

I don’t need no fancy features

Beyond the whole cloud-based trust issue, it seems all the current password apps are super bloated with all sorts of useless features. Features that I never have needed or even thought about even once in 20 years working online. Stuff like:

  • Login sharing
  • Dark web monitoring
  • Resource monitoring
  • Version history
  • Categories and tags
  • Store one-time (2FA) codes
  • “Achievements” to teach best practices
  • Support for face and fingerprint ID
  • Protect your vault with biometrics
  • Build Trusted Contacts
  • Import passwords
  • Receipts Storage
  • Massive UIs
  • Favorites

And on and on they go. I imagine adding tons of features is necessary to stay competitive with all the other password managers. That is good news for people who want stuff like “Achievements”, “Trusted Contacts”, and “Version history”. Yeeesh. I’m sure there are folks out there that gobble it all up, but I am not one of them.

Keep it simple stupid

For my own workflow, I use none of it. I work close to metal at all times. So my required features for optimal password management are fundamental and simple:

  • 100% Trust
  • 100% Privacy (not cloud-based)
  • 100% Full control
  • Strong data encryption
  • Lightweight (no bloated features)
  • Portability
  • Extensibility
  • Easy data backups
  • Searchable data
  • Flexible organization
  • Consistency
  • Reliability
  • Simple to use
  • Affordable

Is there an app out there that meets these basic requirements? If so, I have been unable to find it. So after getting frustrated by all the bloated cloud-based “do-it-all” password apps, I decided to just roll my own. Like how we did things before the concept of “cloud” anything pushed onto the scene.

Roll your own password manager

Here is my solution for a simple, lightweight, bloat-free, non-cloud based password manager that meets all of the requirements outlined above. Basically what we are doing here is creating an encrypted folder to store all of our password data. Simple, concise, and effective.

Note: As mentioned, this tutorial is for Mac users. Similar results most likely are possible on other operating systems like Linux and PC/Windows.

Step 1: Create a folder and some files

Create a parent folder and add a few blank plain-text files. Everything contained in the parent folder will be encrypted and used to store your passwords. You can add more files at any time, rename things, whatever you need. Here is a screenshot:

Folder and some plain text files on macOSCreate a folder and add some text files to store your passwords

Step 2: Encrypt the folder with Disk Utility

Open the macOS program called Disk Utility. It is located in your Applications folder under a subfolder named “Utilities”. From the menu, select “New Image” ▸ “Image from Folder..” and choose the “My Password” folder you want to encrypt.

Note: Instead of digging around in your Applications folder, you can open Spotlight (press ⌘ + space, or click the magnifying glass icon on the upper-right corner of the menu bar), then type “Disk Utility” and press Enter.

Here are some screenshots to help visualize so far:

macOS Disk Utility - MenumacOS Disk Utility ▸ Menu ▸ New Image ▸ Image from Folder..
macOS Disk Utility - Select FileAfter clicking “Image from Folder”, select the “My Password” folder you created in step 1

After selecting your password folder, a new dialog will ask for some details. By default, it looks like this:

macOS Disk Utility - Default SettingsShowing the default options when you first select your password folder

Here is a rundown of the recommended options:

  • Save As — This should be the name of your password folder
  • Tags — Doesn’t matter, enter some tags if you want, or leave blank
  • Where — Choose where to save the file, can always move it later
  • Encryption — Choose either 128-bit or 256-bit (recommended)
  • Image Format — Select “read/write”, so you can make changes to your files

When you choose the Encryption, a new dialog will ask for your password. This will be the “Master Password” for your password folder. So choose something super strong and random, just like you would for any other password app. Here it is asking for your password:

macOS Disk Utility - Enter PasswordUpon selecting an Encryption option, a dialog asks for your password
Important: Make sure you remember your password. If you forget it, there will be no way to open your newly encrypted password file. So make sure to “keep it secret, keep it safe”.

After entering your password (twice), everything should be ready to go. Here is how it should look at this point:

macOS Disk Utility - ConfiguredDisk Utility dialog configured and ready to go

So when everything is ready, click the “Save” button to create your encrypted password file. After Disk Utility completes the job, it will display the results as shown here:

macOS Disk Utility - CompleteAfter Disk Utility completes the job, it will display the results

If all goes well, the result should be “Successful”. If it is not successful, you will need to do some troubleshooting to try and resolve whatever issue is happening.

Note: If after clicking Save, it seems like the process is taking a long time or is stuck, be patient. Also keep in mind that, if you have added any large files to the password folder, it will take more time to encrypt.
Tip: When entering your password to mount the encrypted password file, if you check the box that says, “Remember password in my keychain”, macOS will store your password in the keychain file. The upside to this, is that you won’t need to enter your password to unlock the encrypted password file. The downside is potential exposure/risk: anyone who has access to your keychain will be able to access your password file by simply clicking on it.

Lastly, click the “Done” button to close the dialog and complete the task. You now have a strongly encrypted password file, located in whatever location you specified during configuration. Now you can add your passwords and organize them however you want. You can add any type of file, organize things as you like, and make backups easily by simple copy/paste.

Wrap up

I’ve been using my DIY password manager for several months now, and absolutely love the fine-grained control and freedom it brings. Felt SO good finally ditching Dashlane. No more recurring payments. No more confusing changes. No more “trusting” some third-party corporation with my sensitive data. Indeed, I now enjoy all of the benefits outlined above, with none of the unwanted bloat.

To be fair, there are some potential downsides to rolling your own password manager. The biggie for most: manually managing your passwords requires more time and effort than going with an automated app. So it’s a trade-off between time/effort and ultimate control and privacy. Other than that, it’s all good.

If you have any related/useful experience, tips, etc., please share in the comments. There are lots of folks out there looking for simple non-third-party solutions for managing their passwords. Cheers people.

About the Author
Jeff Starr = Web Developer. Book Author. Secretly Important.
Blackhole Pro: Trap bad bots in a virtual black hole.

13 responses to “Roll Your Own Simple Password Manager on macOS”

  1. Or you can use KeePassXC + Syncthing (or Synctrayzor if you’re on Windows), you’ll have strong password management plus synchronization across your devices, works flawlessly.

  2. I was to recommend KeePassXC but you already find it. Another option based on KeePass is https://keeweb.info. And https://www.lesspass.com is another interesting solution.

  3. Jeff Starr 2021/10/19 3:50 pm

    Thanks Orlando and ilija for the tips.

  4. Why not just use your Mac’s built-in keychain? It keeps everything encrypted, doesn’t have a bunch of flashy features, and you don’t have to turn on cloud syncing if you don’t want it.

    • Jeff Starr 2021/10/20 9:42 am

      Several reasons:

      • Portability — as explained in the article, I don’t trust cloud services with my passwords
      • Flexibility — I store more than just passwords, text, notes, anything that’s required
      • Trust — I don’t trust the keychain, mostly due to serious issues with it years ago

      Although I agree, even keychain without cloud is better than most of the paid alternatives.

  5. Years ago I switched from LastPass to Pass on my Linux box. I never changed it during these years. Btw, KeepassXC is a good choice and supports tokens like YubiKey.

  6. Steve Wolfson 2021/10/20 2:23 pm

    I use KeePass on Windows 10. I keep the db in my One Drive folder. It is password encrypted so even though in the cloud, you have to know the lengthy password to access the data. I use KeePassXC on a MacBook, where I am sharing the same db through One Drive, and I use an excellent IOS app StrongBox to use the same KeePass db on my phone and tablet. KeePass syncs all changes made on any of these platforms back to my KeePass file on my Windows PC. I pay $10 a year for Strongbox, the rest is open source.

  7. For users who need to have passwords in the cloud, my advice is Bitwarden, an open source password manager.

  8. Haha .. good to know I’m not the only person on the webs to follow down THAT path :)

    Here, its Linux + encryption, but aside that – identical approach :)

    cu, w0lf.

  9. Jim S Smith 2021/12/31 9:27 am

    I would think a good Java-developer would have a good answer to this problem – especially “portability” across different machines.

    Plus,

    The Java encryption libraries have come a long way.

    I just use a removable pendrive to store my text-file-based credentials. There is NO WAY I am going to remember those passwords! (I use the on-line WordPress “Secret Salts API” to generate my passwords anyway.)

    Could probably search out projects on GitHub?

    J.S.Smith

Comments are closed for this post. Something to add? Let me know.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
SAC Pro: Unlimited chats.
Thoughts
I live right next door to the absolute loudest car in town. And the owner loves to drive it.
8G Firewall now out of beta testing, ready for use on production sites.
It's all about that ad revenue baby.
Note to self: encrypting 500 GB of data on my iMac takes around 8 hours.
Getting back into things after a bit of a break. Currently 7° F outside. Chillz.
2024 is going to make 2020 look like a vacation. Prepare accordingly.
First snow of the year :)
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.