Re: Password Manager opinions and recommendations
On Sun 25 Mar 2018 at 11:52:13 -0400, rhkramer@gmail.com wrote:
> I started reading up on password managers in order to consider using one.
>
> Up until now, I've made up passwords myself, and stored them in an encrypted
> file. Some of the drawbacks include:
>
> * I keep the passwords on the short side
The PIN for my credit card has only four digits.
> * I don't change the passwords as often as I should
There isn't and never has been a need to do this. Passwords don't
deteriorate with age.
> * I sometimes use the same password on more than one site
Tut, tut.
> All of the above because it is not convenient enough for me to do better.
>
> My head is just not "into" reading about password managers--it just seems to
> be too boring to really get into, so, I thought I'd try posting here to get
> opinions and recommendations from the list. (I am continuing my effort to
> read--maybe I'll get a renewed burst of enthusiasm after I send this ;-)
>
> Here are some of what I think are my criteria for a password manager:
>
> * encrypted storage on my own machines (no storage "in the cloud")
Definitely done by
http://masterpasswordapp.com/
It is designed that way.
> * ability to transfer to other devices, including Android tablets and
> phones--either all the passwords or just one for some special logon on a
> machine I don't normally use. Currently I do almost everything (that requires
> a password) on one of my desktop computers. I have a laptop that I use very
> occasionally. Occasionally I've had to go to a library (or similar) to use a
> Windows machine. I do have an Android tablet and phone, and, in general, I
> don't use that for confidential type stuff (no banking, for example), but that
> could change if either I feel very secure or in some sort of extreme
> emergency.
I don't use such such exotic devices but see how
http://masterpasswordapp.com/
suits.
> * (a repeat of part of the previous bullet) a means to easily take an
> individual password to another machine for occasional use of another machine
http://masterpasswordapp.com/
has only one password; you can take it anywhere you want.
> * a means to recover all the passwords if the password manager becomes
> defunct (and this also implies backup and restore capabilities)
Not too sure about this but, provided you have the app, you have the
ability to (re)generate all your passwords.
> * a means to automatically generate secure passwords
That's
http://masterpasswordapp.com/
> * a means to automatically update passwords on the target websites (to
> facilitate regular / frequent password changes)--this is probably a stretch--I
> mean something that would work its way through the various screens and prompts
> to change a password with a minimum of manual intervention by me
See above. A waste time.
> As an alternative to a password manager, I may create my own memorizable
> password generator "algorithm" that I can mostly use "in my head". For
> instance, it could be something like this:
Don't bother.
http://masterpasswordapp.com/
got there before you. And does it better than you and I could ever do.
> * think up a multiword phrase, possibly with a mnemonic connection to the
> target website (or, have a means to extract them from a book, e.g., the 3rd
> sentence of the 5th chapter of War and Peace--or maybe the first sentence in
> the book that contains the word bank would become the passphrase for my bank).
> * have a consistent substitution algorithm, which might do things like
> this:
> * capitalize the nth letter of each word (or the nth letter of the first
> word, the (n+1)th letter of the 2nd word, ...
> * substitute (or insert) a punctuation mark for (like above) the mth
> letter of each word (or the mth letter of the first word, the (m+1)th letter of
> the 2nd word, ... --the puntuation might be selected in, for example, keyboard
> order (or reverse keyboard order) across the numeric keys (e.g., !@#$%^&*()
> (although maybe some of those might be invalid in (some?) passwords)
> * some other similar generation rules
>
> Obviously, having "published" these ideas, my actual implementation will be
> somewhat different ;-)
masterpasswordapp is a deterministic password generator. Such things
sometimes get a bad press. In this case, much of the criticism is
unjustified. Documentation and support for it is excellent.
--
Brian. (Who doesn't have any commercial connection with
masterpasswordapp.com/)
Reply to: