Password Manager in C# with Source Code

Remembering different passwords for zillions of web sites is a real problem. You can write them down on a piece of paper, but then someone locally can get hold of the paper. You can store them in a file, but if a hacker gets into your computer, they could grab that file. So this is a Password Manager that will help you remember these Password with Better Security.

If you use the same password for more than one web site and any one of them is hacked, you run the risk that someone will be able to use your password to break into your accounts on other sites. For that reason, you should always use a different password for every account and web site you use.

A Password Manager in C# Programming Language:

umm. Nice idea. Lets dig into it. This is a complicated example so I’m only going to describe the key points here. Sorry, I know I’m skipping over a lot of details. Hopefully you can understand how things work from this and then download the complete example to see the details.

When the program started, it asks a master password. The first time, it encrypts the password you enter and stores it for the next time you run the program. When the program runs later, it takes the password you enter at that time, encrypts it, and sees if it matches the encrypted password it has stored.The master password is very important because it secures all of your other passwords. Spend some extra time picking a master password that you can remember and that is as secure as possible.

Source Code:


The program has two commands: Changed Master Password and Exit. The Exit command ends the program. The Change Master Password displays a dialog where you can enter a new password. It doesn’t hide what you type with a password character and it doesn’t make you type it twice so be sure you remember what you type. (Feel free to change this is you like.)


The program provides two other useful features. If you click the space in a password row’s Copy column, the program copies the password to the clipboard so you can easily paste it into whatever web site is asking you for a password.

Because you’re using the password tracker, you don’t need to remember the passwords so they can be completely random and obscure. To get the best security, make passwords reasonably long. Many sites let you use 6 character passwords but there’s no reason not to use 8, 10, or even more characters if you’re allowed.


I think it is secure but for something as important as passwords you need to merely use this program as an example and use whatever techniques you think are best to implement your own password tracking application.


Note : This App is coded in Visual Studio 2012 so in order to open it you will need VS2012. File Size : 86KB.

I hope you understand this post. If you have any misconception, ask me.

8 thoughts on “Password Manager in C# with Source Code”

  1. its awesomest… Thank you for the auspicious writeup. It in fact was a amusement account it. Look advanced to more added agreeable from you! However, how can we communicate?


  2. On the one hand, good on you for releasing your source.
    On the other, that code (and the code of your other projects) has several obvious and easy-to-fix problems…
    Here is my "5 minute code review". I only just barely scratched the surface with this…
    You are including several files that you should not be: .suo, and .user files
    Underscores in your assembly name / namespace?
    Please stop using "frm" to prefix your forms. This is (sort of) hungarian notation, which itself is widely frowned upon. Even then, you're not doing hungarian properly as you are adding the prefix to a class – which is even more brain-addled than hungarian itself.
    Form1.cs needs a better name
    Resources.resx is superfluous
    App.Config is superfluous
    6 unused references
    use 'var'
    And I just did one file – Crypto.cs. I could do others… but perhaps this is a good starting point.
    line 2,3,5 superfluous using directives
    line 16 Rand field should be read-only
    line 74-77 loop can be a string.Join
    line 134-135 should be ? operator
    line 155-159, 173-177 redundant catch

  3. Hey! Code Reviews are usually my thing. >:)
    Here some more extensions:
    Don't use #regions – they indicate code smell (e.g. Crypto.cs). Regions simply mean you could have split up your class into more smaller classes. Relevant article:
    Please stick to the common .NET naming conventions – variables like plain_text should be named plainText (e.g. Crypto.cs, line 43). Like 99 % of all C# developer stick to this convention.
    Simple if/else can be much more readable replaced with the ternary operator ?:, like your code in *Crypto.cs, line 133). See code sample [1].
    Please use using() for resources that implement IDisposable, like out_stream in Crypto.cs, line 138. This makes clear that you close this resource within this method and that it does not leave the method.
    Don't catch Exceptions just to re-throw them (e.g. Crypto.cs, line 173).
    Newlines are your friends, they do not hurt you, use them! In Form1.cs, line 68 you have a lot of code that is really unreadable. You have a newline between the parameters, which is fine if you have a consistent limit of characters your lines should code wide, but clearly this is not the case here. What is much more worse is that you barely have any newlines between this code. The if and the break here can be overlooked really easily!
    You do not need to call int.ToString() when combining strings and integer (e.g. Form1.cs, line 164).
    Looking at the code I apparently can't uncheck any boxes. The code in frmNewPassword.cs, line 21 looks really messy. Here again, add some newlines between the methods. Also, you should simply rewrite the code like this: See code sample [2].
    Please please please don't save the window position and restore it (e.g. SettingStuff.cs, line 27). I often work on a notebook with an attached display. So if I open your application on my external display and close it there again, it will save the position on this external display. If this display is now unconnected (because I'm on the way), your application will open where…? Off my desktop! Great! Awesome! Please not! Just let Windows handle where to open your application, that is usually the best.
    Where are the unit tests? There are absolutely no tests that the code works as you intended to. This is crucial for security software! You should at least test your crypto stuff!
    Code sample [1]
    // Make the encryptor or decryptor.
    ICryptoTransform crypto_transform;
    if (encrypt) crypto_transform = aes_provider.CreateEncryptor(key, iv);
    else crypto_transform = aes_provider.CreateDecryptor(key, iv);

    ICryptoTransform crypto_transform =
    ? aes_provider.CreateEncryptor(key, iv)
    : aes_provider.CreateDecryptor(key, iv); // You could argue about where to put the newlines.
    Code sample [2] (Please ignore! See reply from /u/Galestar)
    /* Old */ if (chkRequireLowercase.Checked) chkAllowLowercase.Checked = true;
    /* New */ chkAllowLowercase.Checked = !chkAllowLowercase.Checked;
    // The ! operator will negate the value. So for true you get false, and for false you get true.
    // With this code you will just switch the value of Checked.
    On the good side: I think the usage of your comments is good.

    • I think your code sample at the end is incorrect. For one your have used chkAllowLowercase twice, and are basically negating it – rather than have it depend on the value of chkRequireLowercase.
      Also, it would only be correct if he had done something like:
      if (chkRequireLowercase.Checked) chkAllowLowercase.Checked = true;
      else chkAllowLowercase.Checked = false;
      However he does not actually set the value of chkAllowLowercase when RequireLowercase==false. I think this makes sense… when you indicate something is required then it must be allowed, but not necessarily the reverse.
      If he really wanted to do it without branching, he could do
      chkAllowLowercase.Checked |= chkRequireLowercase.Checked;
      For those new to |=, this is a boolean-or compound assignment, where
      a |= b;
      is equivalent to
      a = a || b;

  4. You have got some pretty good suggestions from other users overall. The only thing I want to add is: please do not store the master password!
    Even encrypted it is a bad security practice: you are much better off hashing it and storing the hash, which you can then compare to the hash of the password entered by the user.

Comments are closed.