Re: Password Manager opinions and recommendations
On Sun, 25 Mar 2018 11:52:13 -0400 rhkramer@gmail.com said:
> I started reading up on password managers in order to consider using
> one.
>
> Up until now, I've made up passwords myself, and stored them in an
> encrypted file. Some of the drawbacks include:
>
> * I keep the passwords on the short side
> * I don't change the passwords as often as I should
> * I sometimes use the same password on more than one site
>
> All of the above because it is not convenient enough for me to do
> better.
A redacted and grouped output of "apt-cache search password manager" on
Buster:
"pass" family:
pass - lightweight directory-based password manager
qtpass - GUI for password manager pass
pass-extension-otp - pass extension for managing one-time-password
tokens webext-browserpass - web extension for the password manager pass
"kwalletmanager" family:
kwalletmanager - secure password wallet manager
xul-ext-kwallet5 - kwallet integration for firefox
"passwordsafe":
passwordsafe - Simple & Secure Password Management
passwordsafe-common - architecture independent files for Password Safe
"keepass" family:
keepassx - Cross Platform Password Manager
keepassxc - Cross Platform Password Manager
kpcli - command line interface to KeePassX password manager databases
(I don't know the difference between keepassx and keepassxc - their
detailed description is ditto word for word.)
"keepass" continued:
keepass2 - Password manager
keepass2-doc - Password manager - Documentation
(seems to be an offspring of keepass family)
Others:
cpm - Curses based password manager using PGP-encryption
gringotts - secure password and data storage manager
impass - Simple and secure password management and retrieval system
xul-ext-password-editor - edit password manager entries in Mozilla
applications password-gorilla - cross-platform password manager
pypass - lightweight directory-based password manager in python
> My head is just not "into" reading about password managers--it just
> seems to be too boring to really get into, so, I thought I'd try
> posting here to get opinions and recommendations from the list. (I
> am continuing my effort to read--maybe I'll get a renewed burst of
> enthusiasm after I send this ;-)
For me, I use none of the above. I generate a hundred or so random
alphanumeric strings and save them in a plain text file as an "instant
password source". I then consume them one by one whenever I need a new
password. I keep all my actual passwords with other relevant info in an
html file (a huge table) and keep them all in a high-security
environment. I just copy-paste a password from that html table whenever
I need it (it is open all the time in a background browser tab). Never
share that file between devices. That means I concentrate all my
security sensitive procedures on a single machine.
I do KISS. The more it is "featureful" (aka complicated) the more there
is a chance of password leak (bugs, momentary carelessness, more attack
vectors, etc.)
Regards
--
Abdullah Ramazanoglu
Reply to: