[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Password Manager opinions and recommendations

On 26/03/18 04:52, rhkramer@gmail.com wrote:
> I started reading up on password managers in order to consider using one.

I use the keepass family - KeePassX on Debian, KeePassDroid on Android.
I believe Windows and Mac versions are available as well.

>    * encrypted storage on my own machines (no storage "in the cloud")


>    * ability to transfer to other devices, including Android tablets and 
> phones--either all the passwords or just one for some special logon on a 
> machine I don't normally use.  Currently I do almost everything (that requires 
> a password) on one of my desktop computers.  I have a laptop that I use very 
> occasionally.  Occasionally I've had to go to a library (or similar) to use a 
> Windows machine.  I do have an Android tablet and phone, and, in general, I 
> don't use that for confidential type stuff (no banking, for example), but that 
> could change if either I feel very secure or in some sort of extreme 
> emergency.

I sync my database to my own NextCloud instance - in my case it's on a
VPS, which I guess is 'in the cloud', but I manage it myself. There are
NextCloud clients for all the above platforms as well.

>    * (a repeat of part of the previous bullet) a means to easily take an 
> individual password to another machine for occasional use of another machine

Not that I know of. But it's on my phone, which goes where I go. That
does mean I sometimes have to view the password and type it in, which is
a pain for a 16-character password full of symbols ...

>    * a means to recover all the passwords if the password manager becomes 
> defunct (and this also implies backup and restore capabilities)

It's free software, so you can keep copies of it. It can export to XML
(IIRC) too.

>    * a means to automatically generate secure passwords

Yes. Well, I assume they're secure; I'm no cryptographer.

>    * a means to automatically update passwords on the target websites (to 
> facilitate regular / frequent password changes)--this is probably a stretch--I 
> mean something that would work its way through the various screens and prompts 
> to change a password with a minimum of manual intervention by me

Difficult. That would have to be scripted for each website etc, wouldn't it?


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: