Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd please sign up again. Thanks!

  1. Kennedy Projects is proud to maintain and host Linux.org. Please contact us for any Linux or hosting related services if you find yourself in a jam. - Rob / KennedyProjects.com
    Dismiss Notice

Favorite Password Manager

Discussion in 'Linux Security' started by atanere, Jun 10, 2017.

?

What Password Manager do you use?

  1. Pass

    3 vote(s)
    5.6%
  2. LastPass

    19 vote(s)
    35.2%
  3. KeePass

    9 vote(s)
    16.7%
  4. KeePassX

    5 vote(s)
    9.3%
  5. Password Safe

    4 vote(s)
    7.4%
  6. Universal Password Manager

    3 vote(s)
    5.6%
  7. Dashlane

    2 vote(s)
    3.7%
  8. Encryptr

    3 vote(s)
    5.6%
  9. EnPass

    4 vote(s)
    7.4%
  10. Password Gorilla

    2 vote(s)
    3.7%
  1. atanere

    atanere Moderator
    Gold Supporter

    Joined:
    Apr 6, 2017
    Messages:
    550
    Likes Received:
    429
    You can't have too much security these days. After years of using a little notebook to record much-too-simple passwords, I realized the time had finally come to choose a password manager. But there are many to choose from, even in the Linux world, and we all have different needs. For me, I did NOT want to sync passwords with my phone or the cloud, but I did need to share with my wife and her Windows computer.

    I chose the portable Windows edition of KeePass Password Safe. I keep the master copy on my Linux box, but I also keep 2 USB backups, one of which my wife uses to access the program. This Windows edition needs some Mono packages (not Wine) to run in Linux or Mac, but there are native Linux packages available for KeePass and also KeePassX (a variant of the original).

    So what do you use? Any special pros or cons that you've discovered? Any others not in the poll, please list in the comments. Thanks!


     
    FHStralow likes this.
  2. Rob

    Rob Administrator
    Staff Member

    Joined:
    Oct 27, 2011
    Messages:
    177
    Likes Received:
    505
    I voted keepassx but currently use 1password most of the time..
     
    FHStralow and atanere like this.
  3. JasKinasis

    JasKinasis Active Member

    Joined:
    Apr 25, 2017
    Messages:
    110
    Likes Received:
    172
    [​IMG]

    [​IMG]

    Heh heh, sorry - couldn't resist.
    I keep all of my passwords in my head..... If I ever forget them, that's what the 'reset password' link is for!
     
    FHStralow, atanere and Rob like this.
  4. atanere

    atanere Moderator
    Gold Supporter

    Joined:
    Apr 6, 2017
    Messages:
    550
    Likes Received:
    429
    Yes, 1password is another popular one. But I discovered the poll limits selections to 10. :D
     
    FHStralow likes this.
  5. atanere

    atanere Moderator
    Gold Supporter

    Joined:
    Apr 6, 2017
    Messages:
    550
    Likes Received:
    429
    My head doesn't work that well! :confused::eek::D But I've also read about the Diceware passphrase which looks like a very good way to create easy-to-remember but hard-to-break passphrases instead of the more typical passwords (uppercase, lowercase, numbers, special characters, etc). But even with Diceware, my problem remains and I have too many places I visit that need login credentials, and I don't want to re-use any, so I can't remember that many phrases. (And a password reset would also be as much or more trouble for me, I think.)
     
    FHStralow likes this.
  6. Rob

    Rob Administrator
    Staff Member

    Joined:
    Oct 27, 2011
    Messages:
    177
    Likes Received:
    505
    I'm actually looking to switch from 1password since they only have the web version for linux which is a pain.. handy in android though.
     
    FHStralow and atanere like this.
  7. iodisciple

    iodisciple New Member

    Joined:
    Sep 8, 2017
    Messages:
    23
    Likes Received:
    12
    I'm using lastpass but am really looking for a password manager that does the same as lastpass, but then on my own server. Also has to be multiplatform (Linux, Mac, Windows, iOS) or at least be accessible from more than one device.
     
    atanere likes this.
  8. Lazydog

    Lazydog Member

    Joined:
    Jul 27, 2017
    Messages:
    41
    Likes Received:
    43
    I use Lastpass also. If you ever find something that you can use local that keeps everything encrypted I'd be interested in hearing about it. ;)
     
    atanere likes this.
  9. atanere

    atanere Moderator
    Gold Supporter

    Joined:
    Apr 6, 2017
    Messages:
    550
    Likes Received:
    429
    I picked KeePass precisely because it is local-only and very simple. If I wanted to sync the database with other computers or phones via the cloud, I could use Dropbox or Google Drive to manually do it... but I don't want that "feature" anyway.

    KeePass is also open source and was subjected to an independent audit of their source code by the EU-FOSSA Project not long ago. I use version 2.x, but it was their 1.x version (still in current production) that was tested... with the results showing there were no critical or high-risk vulnerabilities found. That is no guarantee, but it makes me feel better about it, even using the 2.x version.
     
    PcBuilderEd and Lazydog like this.
  10. PcBuilderEd

    PcBuilderEd Member

    Joined:
    Jun 30, 2017
    Messages:
    78
    Likes Received:
    41
    Its Atnanare... he is IN my head... its getting uncomfortable.... I was just about to write a post asking for advice on what manager to use and...oh look, atanare has a post.... lol
    Ok though ive been debating between lastpass and keepass. One "expert" summed it up as if your uncomfortable having your info on the cloud use keepass. If you like having it on the cloud use lastpass. For me I like the idea of having everything on the cloud for convienienience, you can just download the plugin to wherever you are and your set. However that makes me skeptical as well. What im really debating is since it auto scans everything when you are entering in data then it might get my ssn and banking info. I would want something I could limit that. So if I could use lastpass and somehow have it not remember some things that would be great, but Im thinking that isnt possible....
     
    atanere likes this.
  11. atanere

    atanere Moderator
    Gold Supporter

    Joined:
    Apr 6, 2017
    Messages:
    550
    Likes Received:
    429
  12. Bayou Bengal

    Bayou Bengal Member

    Joined:
    Sep 14, 2017
    Messages:
    30
    Likes Received:
    26
    I was using Dashlane in Windows, and one day it popped up on Chromium when I entered a new password. So I guess it works in Linux. The Icon was in the upper right corner of Firefox, Chrome, and Chromium. I have since disabled it because it's a pain in the back side the way it constantly is asking for the Master Password. The manager in Chromium is what I use now.
     
  13. atanere

    atanere Moderator
    Gold Supporter

    Joined:
    Apr 6, 2017
    Messages:
    550
    Likes Received:
    429
    Hi again! I have always been skeptical of using any browser's password manager... or for that matter, any password manager that integrates with the browsers. Maybe my fear is unfounded and I am overly paranoid (yes, I am), but the browser itself is a focused attack target for many of the bad guys on the web. Now with the recent Equifax hack, I'm even more paranoid than usual. :eek::D

    On a more positive note, I did that "credit freeze" thing a couple of years ago after another major data breach, so that gives me some sense of security.... probably a false sense. :eek:
     
  14. Bayou Bengal

    Bayou Bengal Member

    Joined:
    Sep 14, 2017
    Messages:
    30
    Likes Received:
    26
    Yeah, I'm not comfortable with it either. I need to experiment some more with Dashlane, if it isn't satisfactory I need to find one that is. My memory is getting to the point where I can't remember a bunch of passwords anymore.
     
    atanere likes this.
  15. atanere

    atanere Moderator
    Gold Supporter

    Joined:
    Apr 6, 2017
    Messages:
    550
    Likes Received:
    429
    I resisted using a password manager for a long time, and I'm still a bit paranoid about it... it is a single-point-of-failure if the database is exposed (like in the cloud) and the master password is compromised. That is what led me to use a local-only manager rather than one that syncs to multiple computers and/or phones, tablets, etc. But everyone has different needs, so multiple devices are a must for some folks.

    My memory ain't what it used to be either. But using a password manager now lets me use some really strong passwords without the hassle of typing them. And I have WAY TOO MANY passwords these days. Yet I would rather stick with this system (that I can reset, if needed) rather than giving up a fingerprint or iris scan in most cases. I can't reset my fingerprint if it is ever compromised.
     
  16. PcBuilderEd

    PcBuilderEd Member

    Joined:
    Jun 30, 2017
    Messages:
    78
    Likes Received:
    41
    Quite a few lastpassers. Is it possible to block certain fields and numbers in last pass or is it always recording? Is keepass local only or can you put it on a USB?
     
  17. Bayou Bengal

    Bayou Bengal Member

    Joined:
    Sep 14, 2017
    Messages:
    30
    Likes Received:
    26
    Well, the government got my finger prints years ago, so if they've been hacked my finger prints have probably been stolen. :( The point you made about using a manager across multiple devices is what really worries me. Dashlane does that so my current passwords are in their cloud. I am currently considering a tablet to store them and never allowing the tablet to go online.
     
  18. atanere

    atanere Moderator
    Gold Supporter

    Joined:
    Apr 6, 2017
    Messages:
    550
    Likes Received:
    429
    KeePass, at its core, is a Windows program, and it does offer a portable USB installation too. I use that portable version in Linux by running it with Mono... this is one way for Linux and Mac too. One of its "features" is the ability to create plugins to add other functionalities. But for me (and my paranoia) I would rather not expand out from the core package and accept the risk of other developers tinkering with it and possibly breaking it unintentionally (or worse, altering it maliciously). Shame on me for being so untrusting, but the times are getting bad with too much criminal hacking going on.

    But using Mono is not the safest thing either. It is essentially a Linux version of Microsoft .NET, and I read that it is also susceptible to .NET vulnerabilities. Nothing is perfect, I guess. But I have wanted the USB portability to share KeePass with my wife on her Windows laptop.

    KeePassX is included in many Linux distros, but there is also a keepass2 included in the Synaptic Package Manager for Linux Mint (and others, I guess). KeePassX started as a plugin for Linux, but I think it is a fork now, although I am not sure. I am currently thinking of switching to keepass2 to run natively on Linux, and then just sharing the database with my wife.
     
    PcBuilderEd and Bayou Bengal like this.
  19. Bayou Bengal

    Bayou Bengal Member

    Joined:
    Sep 14, 2017
    Messages:
    30
    Likes Received:
    26
    Thanks for the heads up on Keepass 2, atanere! You may have just saved me the expense of buying a tablet! :)
     
    PcBuilderEd and atanere like this.
  20. iodisciple

    iodisciple New Member

    Joined:
    Sep 8, 2017
    Messages:
    23
    Likes Received:
    12
    Its not a high priority for me, but I will be setting something up on my own VPS with most probably Keypass and a sync tool on my iPhone / iPad. I'll report when I've got something useful ;)
     
    atanere likes this.

Share This Page