A while ago I developed a simple demo of an application able to log a user on to his several social homes. Feedback was poor, users are just not willing to save their passwords anywhere else but in their brains. This is funny since most users I talked to ( except some nerds ) stick to the one-password-per-life principle. Really. And since every major security measure applied is rendered completely useless if the user has a weak password, which is assumably mostly the case, it's time to think about an alternative. I won't, I tried, nobody liked it.

But the other problem is in enterprise or business environments. Imagine some people with the need to have access to certain management systems ( e.g. for remote servers ) sharing one account. While it would be totally usable to simply write down a password and hide it in the office, this is quite time-consuming, each time someone compromises your secret place, you have to reset passwords and find a new place, communicate this new location etc.

So an online solution should be the way to go. Public-Key Infrastructures fulfill the requirement of security sufficiently, yet the usability sucks. A simple desktop application retrieving encrypted passwords and deciphering them locally would be enough. Change a password and publish this change is as simple as changing the password, everyone else would get his new password automatically if he is in the group with access to that password, so password changes are not a problem.

Avoiding showing the password onscreen is as simple. Just put it in the clipboard, and happiness would spread. But where is this simple approach?