Re: Update: Re: Password Manager opinions and recommendations
On Mon, 26 Mar 2018 21:02:48 -0400
rhkramer@gmail.com wrote:
> Thanks to all who replied!
>
> I thought I'd summarize where I am:
>
> I like three of the suggestions (from what I've seen / investigated
> (slightly) so far, but with some comments:
>
> * pass: appeals to me a lot--the one problem for me (for which I
> believe I've found the solution) is that it stores the encrypted
> password files in my /home. I have what might be called a
> "religious" aversion to storing what I consider "real" user data
> in /home. I've looked at the source code, and I see where $HOME is
> used to create that directory. If I use pass, I will, at the very
> least, modify that in my own copy, but also write to the author and
> suggest that he allow a command line parameter (or config file)
> change the location of the directory.
>
> * I like the approach that http://masterpasswordapp.com/ takes to
> create passwords and, iiuc, recreate them each time they are needed
> rather than storing them anywhere. I'll read up a little more on
> that.
>
> * I haven't spent much time on keepass--maybe in the next day or so
>
> * I also like the approach suggested by Abdullah Ramazanoglu (and
> the somewhat similar Diceware), but I almost didn't find the emails
> from Abdullah-- for some reason my email client did not receive
> them--I've done a search of all the local email files (on my
> computer) (including trash, which I have not emptied in the last
> several days), and I've searched the Google email spam, trash, and
> all folders. I'll be digging into this and possibly seek help in a
> new thread.
>
Something I haven't seen mentioned: KeePassX does a kind of poor man's
two-factor authentication, allowing the use of both a password and an
arbitrary file in its encryption. So it's possible to store the file on
your computer(s) and carry the database itself on a USB key, meaning
that if either is lost or stolen, there is a bit less urgency in
changing all of your passwords. A couple of offline backups of both, of
course, should also be kept.
--
Joe
Reply to: