Strategies to share passwords for multiple users such as husband wife? [closed]
I don't know if you will be able to get away not installing software if you want to be secure.
Personally, I use Dropbox + keepass. Keepass encrypts my username/password combinations, and dropbox syncs those changes on all my computers. I can even access it on my (Android) phone when I'm on the go. I really think it's the best trade off of all worlds - because even if someone did get a copy of that file - I trust keepass enough to where the bad guy wouldn't be able to get into it (at least easily).
If you are REALLY paranoid, you can use encFS to add a layer of encryption to your cloud drive (Windows - http://members.ferrara.linux.it/freddy77/encfs.html ). However, this could get complicated if you want to access your credentials while on the go.
I would be against "password hints" simply because personally I randomly generate my passwords (usually [some number of] characters containing some combination that I find easy to remember). For some things I have used the same password for years. But those services usually provide OTP password support (like gmail). Which, it is a pain sometimes, but you would be a fool to not take advantage of the security it provides.
If you are truly against using software, I would recommend self host with a basic-auth SSL enabled site. Assuming the file is in plain text - I wouldn't trust ANYONE with my credentials on a publicly accessible system. (I wouldn't even trust myself with said plain text file.) While your basic auth could be brute forced - I'm sure you could do some interesting counter-hacking techniques. And SSL would prevent some guy in the middle being able to read your data. A self-signed certificate could suffice, but you better make sure you trust the internet connection you are connected to.
Now that I'm thinking about it - you could do something even more interesting (and I would be interesting in putting a prototype together). This system in the backend would store a text file encrypted. When you pulled up via your web browser, it would prompt you for a messagebox for the "password" (or more simply key). Upon providing this key it will request via AJAX the file and attempt to decrypt using said key. This way - while it is sent "in the clear" a guy in the middle would only get the encrypted file and it would be decrypted on the fly. This should work on any browser (including mobile).
Select an account name that you will always use. Both of you agree on it.
The password is built like this:
Pick a "root" password for the first 8 characters. Three characters are lower case letters. Two characters are upper case letters. The remaining characters are numbers and symbols on the keyboard.
These 8 characters are always used in the password. Next, you decide where you are going to put three additional characters. Either at the beginning or the end of the eight you originally came up with. Once you know if they are going to be a prefix, or a postfix, you have to decide what they are.
This is based on the website or service you are connecting to. If you were connecting to AT&T's website, you would add att or ATT to your original 8 character password.
This way the two of you know the root password. You know what three characters are going to be added that are specific to what you are password protecting. You know where they are going to go. And every password you use is different, but easy to remember.
You also never have to say anything more than, "Hey I created a LinkedIn account today." You'll never have to write down a password, share the password (because you have a system that defines the password), and you can keep a list of account locations in cleartext.
I've been doing this for 15 years and NEVER had a security failure because of it. You can check my profile for my credentials if you're worried.
You can modify the system as needed. Always use a 3 instead of E (simple substitution). Always do the location based portion (the three letter prefix/postfix) backwards, or of varying capitalization.
I have over 200 accounts, NO PASSWORDS WRITTEN OR STORED ANYWHERE, and I have never forgotten one.