Securely store passwords

folivora

Active Member

Reaction score: 3
Messages: 102

Hi,

I would like to hear what kind of solutions users of this forums are using to store passwords.

Since today it is almost impossible to remember all Usernames and Passwords, so the best way probably is to store them to some database which is secured.

- folivora
 

fluca1978

Aspiring Daemon

Reaction score: 71
Messages: 765

A plain text file on a cyphered partition or usb key. Cannot be automated (which in most cases is good) and requires a manual search with a text editor, but it works for me (~ 50 usernames/passwords).
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 11,972
Messages: 38,423

+1 on Keepass.
 

graudeejs

Son of Beastie

Reaction score: 706
Messages: 4,617

Textfile... lol (textfile backups, swap files, hdd files, swap....., unencrypted sectors on HDD [when you decrypt file])

I use KeePassX
 

fluca1978

Aspiring Daemon

Reaction score: 71
Messages: 765

I will try keepassx even if it seems to me like kwallet and other products alike. Anyway, keep in mind that sooner or later you will have to decrypt some information, either on disk or in memory, and so you will access to it as a plain stream.
 

funky

Member

Reaction score: 12
Messages: 41

graudeejs said:
Textfile... lol (textfile backups, swap files, hdd files, swap....., unencrypted sectors on HDD [when you decrypt file])

I use KeePassX
Oh, didn't I mention the encrypted hard drive? But actually I memorize most of my passwords, especially system passwords and encryption passwords. If these passwords are extremely valuable I rather write them on a sheet of paper and put it in a secure place.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 11,972
Messages: 38,423

fluca1978 said:
I will try keepassx even if it seems to me like kwallet and other products alike.
True, but unlike kwallet, Keepass also runs on Windows and OS-X.

http://keepass.info
 

fluca1978

Aspiring Daemon

Reaction score: 71
Messages: 765

SirDice said:
True, but unlike kwallet, Keepass also runs on Windows and OS-X.

http://keepass.info

That is why I was talking about a text file over an encrypted disk: it could be portable and used also for other things other than password storage.
 

phoenix

Administrator
Staff member
Administrator
Moderator

Reaction score: 1,288
Messages: 4,099

KWallet, since I use KDE all day long, and all the apps I use integrate with it (including Google Chrome).
 
OP
F

folivora

Active Member

Reaction score: 3
Messages: 102

Thank you all.

Keepass seems to be quite nice, since it has good "multi-os" support. Decided to use it.

Cheers.

-folivora
 

OH

Active Member

Reaction score: 33
Messages: 209

phoenix said:
KWallet, since I use KDE all day long, and all the apps I use integrate with it (including Google Chrome).

Is this something that can be done with Firefox 8 as well, or is it exclusive to Chrome?
 

phoenix

Administrator
Staff member
Administrator
Moderator

Reaction score: 1,288
Messages: 4,099

Firefox has it's own internal password manager that's not compatible with anything other than itself. :( The only "bright" spot is that you can use the internal Firefox Sync or Xmarks add-on (much better) to sync the passwords to other systems.

Chromium/Google Chrome include support for KWallet.
 

Mike G

New Member

Reaction score: 5
Messages: 9

I'm another KeePass user (not the "X" version). Compared to some of the other pw management systems, it has one problem which is that it is not very good at leeping your passwords synchronised across different machiens, that is unlesss you host your pw database file on a server and only use the one file to store all your passwords and keep them synched across machines (which you can do, using FTP or HTTP). Before I did that I would end up with multiple data base files from different machines, and keeping track of which db file had the current pw for an account was a nightmare.
 

Trihexagonal

Son of Beastie

Reaction score: 2,297
Messages: 2,866

I use security/bcrypt to encrypt passwords and save everything to a couple different USB sticks. I copy any new passwords into the specific Directory on USB then use the same sticks to repopulate all 7 laptops.
 

jmos

Well-Known Member

Reaction score: 186
Messages: 254

Let me be the punk in this thread and be a little provocative ;) Imagine my $HOME will be hacked.

Password for my mail account? I don't type it in - and as far I can see: Also most other users store it inside their mail clients configuration. Our hacker can easily go through those mails, and use the "password forgotten" option!
Here we could already stop thinking, but anyway:

A password used for online shopping? Think over how many shops really have a clue of data handling, and you seldom will use accounts on their platforms - but order as guest wherever possible. Maybe your choosing even a different dealer to get rid of being forced to use an account.

Passwords for my servers? I wouldn't go with a password based login on a server. But my certificates our hacker now also has.

Online banking? Shouldn't nowadays be possible with just a mail address and a password.

So it doesn't matter if my passwords are encrypted or not, a plain text file does it. Anything you can reach by your computer is as safe as the weakest part of it. If a hacker has reached my $HOME there will be no difference if I'm using something like keepass: I've got to assume that none of my passwords is save anymore. And that file wouldn't be my basic problem…

Does really someone think a hacker would say "holy crap, this dude uses keepass, so I have no chance"? My passwords are stored inside a database. It will take some time for someone else to figure out how things of that database match together (and it's not named like "db4pw" etc.), but: Unencrypted.

But I've got something like keepass: It's my $HOME on my computer. And that account already has a master password! But I wouldn't feel well if I would use f.e. Windows and have no clue, if my data is stored also on some cloud machines (after all, they always say they have to check all this out for my safety).
 
Top