Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd, 2017 please sign up again. Thanks!

Favorite Password Manager

Discussion in 'Linux Security' started by atanere, Jun 10, 2017.

?

What Password Manager do you use?

  1. Pass

    3 vote(s)
    5.5%
  2. LastPass

    20 vote(s)
    36.4%
  3. KeePass

    9 vote(s)
    16.4%
  4. KeePassX

    5 vote(s)
    9.1%
  5. Password Safe

    4 vote(s)
    7.3%
  6. Universal Password Manager

    3 vote(s)
    5.5%
  7. Dashlane

    2 vote(s)
    3.6%
  8. Encryptr

    3 vote(s)
    5.5%
  9. EnPass

    4 vote(s)
    7.3%
  10. Password Gorilla

    2 vote(s)
    3.6%
  1. PcBuilderEd

    PcBuilderEd Member

    Joined:
    Jun 30, 2017
    Messages:
    78
    Likes Received:
    41
    So when using password managers do they automatically record data when you fill in fields or do you tell it to record and save some sites?


    (Log in to hide this advertisement)

     
  2. atanere

    atanere Moderator
    Gold Supporter

    Joined:
    Apr 6, 2017
    Messages:
    1,707
    Likes Received:
    1,807
    I don't know about the others, but KeePass doesn't have a "record" mode. It is basically just an encrypted database file... you need to create new entries (bank, school, Amazon, email, etc) and you enter the URL for the login page, the username, the password, and any relevant notes (like security questions). Its best to store https secure URL's if they are available.

    Inside the database, you can create categories/folder to help with management... like Banking, Shopping, Websites, etc. Or, if you prefer, you can keep a number of totally separate databases.... which will require a totally separate password to unlock each database too. I wouldn't personally make too many because of the difficulty in remember really strong passwords that you should use as a Master Password... but I can easily imagine a separate database for "Work" versus "Personal" for some users.

    Once you create some entries, the operation is simple: Click on an entry you wish to log in to, hit CNTL-U (for URL) and KeePass will open your default web browser and take you to the site. If the browser is already open, KeePass will open a new tab instead. Then there are 2 ways to use KeePass to enter your login info... 1) drag and drop the ******* info from the KeePass window into the page you want to log into.... or 2) Click the KeePass entry to be sure it is highlighted, hit CNTL-B to capture the username, then click into the web page username box and hit CNTL-V to paste. Go back to KeePass and this time use CNTL-C to capture the password, then click into the web page password box and again hit CNTL-V to paste. There is a security timer built in to KeePass so you have to do these copy/paste operations without a long delay.

    There is another feature called "auto type" but I do not use it. There is some risk associated with it from keyloggers.

    KeePass (and I'm sure the other products too) has a password generator to help you create difficult strong passwords. You can specify how many characters, upper/lower case, numbers, special characters... even high ANSI characters (which I would probably not recommend in most cases). As you build your database and find you are using passwords that are too short, or insecure.... you can use this generator tool to help you change to better passwords. You'll have to watch the sites you log into, and you'll find that some may only allow 8 characters, and some have other restrictions that you must comply with. The password generator helps you to set those criteria first so that you generate a usable password.

    DO NOT LOSE YOUR MASTER PASSWORD TO OPEN THE DATABASE. Other products may have some kind of "password recovery".... but KeePass does not. (I really wouldn't want a company to store my master password anyway!) You should use a strong master password, but if you forget it, there is no way for you to get anything out of the database. You should also make more than one backup of your database.... long story, but I corrupted my working copy and my backup when I first started using it, so I had to rebuild the entire database again from scratch. Not fun. Final comment... KeePass will also let you export your information to a CSV file that you can open with Libre Calc or some other spreadsheet program.... this is handy to clean up a little and print a hard copy of the usernames and passwords.... but of course it should be kept in a very secure location! But a hard print copy is a final backup for you also.

    Cheers!
     
    PcBuilderEd likes this.
  3. fodil boualem

    fodil boualem New Member

    Joined:
    Nov 10, 2017
    Messages:
    3
    Likes Received:
    2
    for me i choose my pass words from my books and using incomprehensible words for public ( specilised books in medecine physics and athers disciplins
     
    wizardfromoz likes this.
  4. fodil boualem

    fodil boualem New Member

    Joined:
    Nov 10, 2017
    Messages:
    3
    Likes Received:
    2
    my passwords are memorised in my physic books so i can't forgat them
     
    wizardfromoz likes this.
  5. mrcrossroads

    mrcrossroads Member

    Joined:
    Nov 23, 2017
    Messages:
    39
    Likes Received:
    43
    I've been using LastPass the last few years I've tried a few others a few times but none could win me over.
     
    atanere likes this.
  6. Autumn

    Autumn New Member

    Joined:
    Mar 11, 2018
    Messages:
    3
    Likes Received:
    8
    I have recently stumbled upon Avendesora and am quite impressed. It is a linux only command line application, which I happened to be looking for, but if you can live with those constraints it is otherwise quite powerful and efficient. I have been using it for several months now and am completely sold on it. It has most of the standard features, plus some really useful uncommon features. For example, you can use a single keystroke to sign into your accounts in your browser, but you can do the same with most applications, including your shell. It can also open your account in your browser from the command line, and it checks the URL to make sure you are not being phished. However, one of the nicest features is that you can have any number of secrets associated with an account. My brokerage gives me the opportunity of having different passwords for different actions (accessing website, changing settings, trading, extracting funds, etc.). It seemed like a nice security feature, but it was a nightmare until I started using Avendesora.

    Support for one-time passwords has just recently been added, so it can now replace Google Authenticator or Authy, and often with a single keystroke.
     
  7. VP9KS

    VP9KS Well-Known Member

    Joined:
    Apr 29, 2017
    Messages:
    327
    Likes Received:
    310
    Yeah, paranoia runs deep here alsoo_O. I keep my passwords in a spread sheet, on a computer which NEVER is network connected. It also has the drive in a caddie, which gets locked up when I leave the house. I have a printout, but it also stays in the safe. You just cannot be too careful nowadays. As far as using the cloud, no way! :eek: I don't want my data "out there" in cyberspace. Judging from the adds that I receive, the dataminers know too much about me already. If anyone breaches the cloud, the aromatic brown substance will really hit the rotating airfoil!:rolleyes::rolleyes:

    Happy Trails
    Paul
     
    atanere likes this.
  8. Autumn

    Autumn New Member

    Joined:
    Mar 11, 2018
    Messages:
    3
    Likes Received:
    8
    Yeah, me too. I am too impatient keep my passwords in cold storage, but I won't put them in any proprietary software, especially if there is a cloud component. I also won't put them on my phone. I need an open source operating system and an open source password manager. I spent some time looking at the Avendesora code, it seems pretty simple and clean. There are no unpleasant surprises there. And it is all based on GPG. All in all, a nice combination of security and convenience.
     
    atanere and wizardfromoz like this.
  9. wizardfromoz

    wizardfromoz Super Moderator
    Staff Member Gold Supporter

    Joined:
    Apr 30, 2017
    Messages:
    1,857
    Likes Received:
    1,845
    I like the sound of that Avendesora , and welcome to linux.org, @Autumn - it is Autumn here in Australia, currently. :)

    I have a very sophisticated method, not recommended for all. I don't have a password manager per se, just a text file that goes from computer to computer.

    Written in terms that no-one who is not my (late) Mother would understand, and does not include the name of my first pet. Nor "password".

    I have taught wife Elaine the code, in case I get run over by a Mack truck (possibly with her behind the wheel).

    Used since 2002, no breaches yet. Except for that AUD $2,000 I can't account for yet.

    Kidding.

    Cheers, and I'll check out that Avendesora - thanks for sharing :D

    Chris Turner
    wizardfromoz

    BTW Paul, if you would like an answer to "who is pinging me?", start a thread & I'll swing by :confused:
     
    VP9KS and atanere like this.
  10. VP9KS

    VP9KS Well-Known Member

    Joined:
    Apr 29, 2017
    Messages:
    327
    Likes Received:
    310
    So Wiz, that means that is SHOULD be getting warmer here, and yet my wife still complaining that it is too damn cold. WTH:confused:? Welcome to @Autumn, and @fodil boualem. :D Nice to have you join our merry band of misfits. Feel free to add your wisdom to the mix at any time.

    BTW, Wiz, I was referring to the snail mail ads. They seem to be determined to fill my recycle bin, and return to sender just does not work because the post office will just bring them back again. I don't understand how that works.:confused: So I just sanitize them first, and shred any address info that I have removed. Call me paranoid if you wish, but ......

    Happy Trails
    Paul
     
    wizardfromoz likes this.
  11. Autumn

    Autumn New Member

    Joined:
    Mar 11, 2018
    Messages:
    3
    Likes Received:
    8
    I was just listening to an interview of a Syrian war correspondent on public radio here in the US and the interviewer (Terry Gross) asked about how she protected her notes ...

    GROSS: How did you protect your notes? Because I'm sure you wanted to protect the confidence of people who were talking to you and not give anything away.
    ABOUZEID: That is my - of paramount concern - that protecting my sources is utmost in my mind all the time. Well, first of all, frankly, I don't think anybody can read my handwriting.

    They laughed, but I was stunned. She then described how she tries to hide them and use little tricks like @wizardfromoz to prevent people from using them if they were found.

    And I am thinking, "Wow, her need to conceal her notes is life and death, and my linux.org password is way more secure than her notes."

    It really seems like every journalist should be using Linux and GPG. It almost seems like a moral obligation. I wonder if there should be a special distribution just for journalists.
     
    VP9KS and wizardfromoz like this.
  12. wizardfromoz

    wizardfromoz Super Moderator
    Staff Member Gold Supporter

    Joined:
    Apr 30, 2017
    Messages:
    1,857
    Likes Received:
    1,845
    ... they could call it journux?

    But we had best not further hijack Stan's (@atanere 's) thread, folks. ;)

    It might be a good thread to start in https://www.linux.org/forums/general-linux.143/

    ... and call it something like Linux Wish List for Professionals

    (Wizard exits in a puff of smoke)
     
  13. Intun2it

    Intun2it New Member

    Joined:
    Sep 24, 2018
    Messages:
    1
    Likes Received:
    1
    I use Lastpass. There are one time passwords that you can generate that only work for one login and there are some multifactor features available as well. It may not be perfect, but it is definitely better than trying to keep passwords in a ratty old notebook (my previous method).
     
    wizardfromoz likes this.

Share This Page