Password Managers

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
6,649
Reaction score
5,545
Credits
43,119
1. Show us what you have got and why you chose it
Is it free?...or does it cost?
Is it straightforward to install, does it generate passwords for you
Does it automatically either put the password in for you, or have the password easily and quickly accessible from the browser you are in ?

2. Is it reliable?

3. Is it cross platform?

4. Is it secure.....Why?....what makes it so secure?

5. easy to install, easy to import passwords etc from previous passport manager used ?

6. Easy to maintain?...is any maintenance necessary?

7. Does it sync accurately between pc and mobile and/or other device

When passwords are sent to your Bank (or other financial institution) how safe is the transmission of those passwords....are they encrypted using your choice of password manager.....or are they sent as plain text

Keep your answers neat rather than rambling
 
Last edited:


MatsuShimizu

Well-Known Member
Joined
Jan 14, 2021
Messages
403
Reaction score
583
Credits
8,788
I am using KeepassXC, Bitwarden to store passwords. Both are free and open-source. I use paper sometimes to write master password hints or 2FA backup codes. KeepassXC to store anything related to banking. As for less important logins, I use Bitwarden.

On Ubuntu, both of them are available with AppImage program, Ubuntu Software Center, PPA (KeepassXC) and deb file (Bitwarden).

Both KeepassXC and Bitwarden are encrypted with standard 256-bit AES.
As for Bitwarden, yes the password is encrypted/hashed locally on my PC before being sent to the server.
You can test it at home if you want from a Chrome/Brave browser by following the video below. The same instruction is also available here on Reddit:

From the Bitwarden encryption article page:
Bitwarden uses AES-CBC 256-bit encryption for your Vault data, and PBKDF2 SHA-256 to derive your encryption key.
You can also read the details in their whitepaper. https://bitwarden.com/help/article/bitwarden-security-white-paper/
What is AES 256 bit-encryption - This video explains in an easy-to-understand manner

SHA-256 Simplified: What Is It And Why It Is So Secure

Now, what is PBKDF-2? This video explains what it is
 
Last edited:

wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
8,951
Reaction score
7,922
Credits
37,703
Brian I am moving this to Security. :)

@MatsuShimizu take note :)

Wiz
 

craigevil

Well-Known Member
Joined
Feb 24, 2021
Messages
433
Reaction score
433
Credits
2,975
I use the Bitwarden extension in my browsers. and the Bitwarden app on my Android devices.
It is open source and free to use. They do have a Premium that you can addon but it is only $10/yr.
With the premium you can use a hardware key like Nitro or Yubikey.
I used Chrome for years, when I switched to using Bitwarden I copied all of my passwords from Chrome then I deleted all of them from Chrome.
For 2fa I just use the Google Authenticator. I would use something else but I haven't found a way to import all of my accounts to a different app.
 

Tolkem

Well-Known Member
Joined
Jan 6, 2019
Messages
1,526
Reaction score
1,252
Credits
11,142
I use KeepassXC to store my "not so important" login data for the websites I use/visit the most as well as the built-in the browsers(Firefox and Chromium) My banking stuff is all in paper. I like KeepassXC since it stores everything locally.
 

stan

Well-Known Member
Joined
Mar 19, 2018
Messages
1,004
Reaction score
1,134
Credits
9,370
There is no one-size-fits-all to password managers. What is a "Pro" for one is a "Con" for another... such as cloud storage and synchronization. Some users demand it, and I won't use a product that supports it. Clearly a night and day difference of opinion.

This 4-yr old article lists 9 password managers that have been hacked. This article (with a 2021 update) lists 14 or 15 that have been hacked, including KeePass. I should clarify that KeePass was not technically "hacked," but it's noted that it is vulnerable to a special malware hacking tool, called KeeFarce, that can scoop up your entire vault and save it as plain text for the hacker to retrieve it. In spite of this threat, KeePass is what I use.

While KeeFarce specifically targeted KeePass, the concept is a simple one to which everyone is vulnerable... that is, if you allow malware to infect your system, all bets are off. If your password manager is open on your system, it is unlocked so that you can see your usernames and passwords, or change them, or add new ones. If your computer has been compromised, the bad guys can likely see your information too.

All the hype about the "strong encryption" used by password managers seems (to me) to be about protecting that cloud storage and synchronization feature... the feature I refuse to use. Of course it applies to protecting the local vault storage also. Whether you use a browser extension, or whether you manually copy/paste your username/password into a bank login screen, you are pasting as plain text. The password input boxes often provide a little "eye" icon that you can click on to see your password instead of stars or dots that mask it (from people looking over your shoulder).

Your bank does not use or understand each and every password manager, nor do they use each and every encryption algorithm that is available. What protects your bank transaction is not your password manager... it is TLS (Transport Layer Security). TLS, now at version 1.3, typically relies on trusted certificate authorities and is the successor to SSL (Secure Sockets Layer). TLS is the cryptographic protocol behind your HTTPS secure connection to your bank. This is the encryption that protects you, and it is also not flawless. This is one of the prime reasons you should always use the latest version of your preferred web browser. But you can only hope that your bank (and others you trust with TLS) will also do their part to apply patches and updates to keep their servers secure.
 
Last edited:
D

Deleted member 108694

Guest
I use Password Dragon which is java based with BlowfishJ encryption, but I use it only for remembering and storing passwords - I do not allow it to access websites or anything else simply use it for storage of passwords in case I forget it. I always type in password and have the browser set to never store it or remember them.
 

MatsuShimizu

Well-Known Member
Joined
Jan 14, 2021
Messages
403
Reaction score
583
Credits
8,788
KeeFarce, that can scoop up your entire vault and save it as plain text for the hacker to retrieve it.
Just to clear things up. KeeFarce works on Windows and can hack Windows users only. Since we are on Linux, we should be fine. Yes, it can hack Keepass just like being described by @stan. This is how it works:

For those who are looking for Google Authenticator alternatives, these are the list
On Desktop: Authy, KeepassXC. Authy will sync your accounts online and you can restore them as long as you have your phone number. KeepassXC can be backed up into a USB drive and you can restore your accounts later on.
On Android: Authy, Aegis. All these apps allow backups. Authy will backup your 2FA accounts online, while as for Aegis, you can export them into a .json file and backup.
Learn more about Authy backup here.
Learn more about KeepassXC 2FA TOTP here.

AES vs Blowfish for file encryption. Which one?
 
Last edited:
OP
Condobloke

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
6,649
Reaction score
5,545
Credits
43,119
Blowfish....by Bruce Schneier.....no effective cryptanalysis of it has been found to date.
He designed it in 1993
 

MatsuShimizu

Well-Known Member
Joined
Jan 14, 2021
Messages
403
Reaction score
583
Credits
8,788
Sorry for digging an old thread. But I found 2 new Linux password managers.

1. AuthPass password manager:
This one has the potential to replace KeepassXC. But I will stay with KeepassXC for a while.

Advantages over Keepass/KeepassXC:
- Encrypt and upload to the cloud.
- Integration with Dropbox, Google Drive, WebDAV.
- Upload the password to Authpass.App.
- Cross platform and available on F-Droid/Android too.

Pros:
It has most, if not all the functions of KeepassXC.
- You can choose to use it offline only.
- Or, if you want to upload online, it will encrypt your passwords locally before uploading to Dropbox.
- It uses KDBX just like Keepass. So if you have a Keepass database, you can open with this program.
- It comes with 2FA TOTP just like Keepass.
- Beautiful interface.
- You can add and arrange groups and select icons for Groups/Entries. Double-click on the entry to change the icon.
- You can unlock the database with a key file. But I don't see any option to choose or create a key file when creating the database for the first time.

Cons:
No password strength meter. KeepassXC has this function.

Full review:

Installation:
Code:
sudo add-apt-repository ppa:codeux.design/authpass
sudo apt-get update
sudo apt-get install authpass

Documentation and link to support forum: https://authpass.app/docs/

Github page: https://github.com/authpass/authpass/releases/tag/v1.9.22.

Screenshot:
authpas.png


2. Buttercup Password Manager.
The pros:

- Open-source.
- Beautiful interface.
- Integration with Dropbox, Google Drive, WebDAV.
- Can import from other password managers like Keepass, Bitwarden, Lastpass, 1Password.
- Cross-platform.

Cons:
- No 2FA TOTP function. KeepassXC has this. The same goes for Bitwarden Premium.
Download the .appimage file from the Github page here: https://github.com/buttercup/buttercup-desktop/releases/tag/v2.10.0

Homepage: https://buttercup.pw/

Full review:
 
Last edited:

dcbrown73

Well-Known Member
Joined
Jul 14, 2021
Messages
365
Reaction score
342
Credits
3,224
I use BitWarden. I used to use LastPass, but I started working with LogMeIn the company that owns LastPass. Not really a fan of them and when they decided to forced you to start paying for LastPass. I switched to BitWarden and then freely paid BitWarden.

LastPass' integration is more polished than BitWarden, but it is what it is.
 

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
10,155
Reaction score
8,721
Credits
84,086
Sorry for digging an old thread.

This is exactly the type of old thread to dig up. It helps to keep the information in one place, where people searching can find it.
 

MihaiXSS

New Member
Joined
Sep 24, 2021
Messages
20
Reaction score
6
Credits
127
1. Show us what you have got and why you chose it
Is it free?...or does it cost?
Is it straightforward to install, does it generate passwords for you
Does it automatically either put the password in for you, or have the password easily and quickly accessible from the browser you are in ?

2. Is it reliable?

3. Is it cross platform?

4. Is it secure.....Why?....what makes it so secure?

5. easy to install, easy to import passwords etc from previous passport manager used ?

6. Easy to maintain?...is any maintenance necessary?

7. Does it sync accurately between pc and mobile and/or other device

When passwords are sent to your Bank (or other financial institution) how safe is the transmission of those passwords....are they encrypted using your choice of password manager.....or are they sent as plain text

Keep your answers neat rather than rambling

U can use https://passwordsgenerator.net/ and then save them on text file this could be a another method
 

Sudo It

Active Member
Joined
May 21, 2021
Messages
173
Reaction score
122
Credits
1,328
Sorry for digging an old thread. But I found 2 new Linux password managers.

1. AuthPass password manager:
This one has the potential to replace KeepassXC. But I will stay with KeepassXC for a while.

Advantages over Keepass/KeepassXC:
- Encrypt and upload to the cloud.
- Integration with Dropbox, Google Drive, WebDAV.
- Upload the password to Authpass.App.
- Cross platform and available on F-Droid/Android too.

Pros:
It has most, if not all the functions of KeepassXC.
- You can choose to use it offline only.
- Or, if you want to upload online, it will encrypt your passwords locally before uploading to Dropbox.
- It uses KDBX just like Keepass. So if you have a Keepass database, you can open with this program.
- It comes with 2FA TOTP just like Keepass.
- Beautiful interface.
- You can add and arrange groups and select icons for Groups/Entries. Double-click on the entry to change the icon.
- You can unlock the database with a key file. But I don't see any option to choose or create a key file when creating the database for the first time.

Cons:
No password strength meter. KeepassXC has this function.

Full review:

Installation:
Code:
sudo add-apt-repository ppa:codeux.design/authpass
sudo apt-get update
sudo apt-get install authpass

Documentation and link to support forum: https://authpass.app/docs/

Github page: https://github.com/authpass/authpass/releases/tag/v1.9.22.

Screenshot:
authpas.png


2. Buttercup Password Manager.
The pros:

- Open-source.
- Beautiful interface.
- Integration with Dropbox, Google Drive, WebDAV.
- Can import from other password managers like Keepass, Bitwarden, Lastpass, 1Password.
- Cross-platform.

Cons:
- No 2FA TOTP function. KeepassXC has this. The same goes for Bitwarden Premium.
Download the .appimage file from the Github page here: https://github.com/buttercup/buttercup-desktop/releases/tag/v2.10.0

Homepage: https://buttercup.pw/

Full review:
I've been using keepassxc for a long time and it's the best PW manager I could find. never can trust about online services when it comes to sensitive information
 

BoringZombie

Active Member
Joined
Apr 1, 2021
Messages
365
Reaction score
185
Credits
2,510
I use KeePassXC on an encrypted rugged flash drive. And I keep the password to KeePassXC and the key file on another encrypted rugged flash drive. Both flash drives are encrypted using VeraCrypt.
 

Members online


Top