Securely store passwords

Hi,

I would like to hear what kind of solutions users of this forums are using to store passwords.

Since today it is almost impossible to remember all Usernames and Passwords, so the best way probably is to store them to some database which is secured.

- folivora
 
A plain text file on a cyphered partition or usb key. Cannot be automated (which in most cases is good) and requires a manual search with a text editor, but it works for me (~ 50 usernames/passwords).
 
Textfile... lol (textfile backups, swap files, hdd files, swap....., unencrypted sectors on HDD [when you decrypt file])

I use KeePassX
 
I will try keepassx even if it seems to me like kwallet and other products alike. Anyway, keep in mind that sooner or later you will have to decrypt some information, either on disk or in memory, and so you will access to it as a plain stream.
 
graudeejs said:
Textfile... lol (textfile backups, swap files, hdd files, swap....., unencrypted sectors on HDD [when you decrypt file])

I use KeePassX
Oh, didn't I mention the encrypted hard drive? But actually I memorize most of my passwords, especially system passwords and encryption passwords. If these passwords are extremely valuable I rather write them on a sheet of paper and put it in a secure place.
 
KWallet, since I use KDE all day long, and all the apps I use integrate with it (including Google Chrome).
 
Thank you all.

Keepass seems to be quite nice, since it has good "multi-os" support. Decided to use it.

Cheers.

-folivora
 
phoenix said:
KWallet, since I use KDE all day long, and all the apps I use integrate with it (including Google Chrome).

Is this something that can be done with Firefox 8 as well, or is it exclusive to Chrome?
 
Firefox has it's own internal password manager that's not compatible with anything other than itself. :( The only "bright" spot is that you can use the internal Firefox Sync or Xmarks add-on (much better) to sync the passwords to other systems.

Chromium/Google Chrome include support for KWallet.
 
I'm another KeePass user (not the "X" version). Compared to some of the other pw management systems, it has one problem which is that it is not very good at leeping your passwords synchronised across different machiens, that is unlesss you host your pw database file on a server and only use the one file to store all your passwords and keep them synched across machines (which you can do, using FTP or HTTP). Before I did that I would end up with multiple data base files from different machines, and keeping track of which db file had the current pw for an account was a nightmare.
 
I use security/bcrypt to encrypt passwords and save everything to a couple different USB sticks. I copy any new passwords into the specific Directory on USB then use the same sticks to repopulate all 7 laptops.
 
Let me be the punk in this thread and be a little provocative ;) Imagine my $HOME will be hacked.

Password for my mail account? I don't type it in - and as far I can see: Also most other users store it inside their mail clients configuration. Our hacker can easily go through those mails, and use the "password forgotten" option!
Here we could already stop thinking, but anyway:

A password used for online shopping? Think over how many shops really have a clue of data handling, and you seldom will use accounts on their platforms - but order as guest wherever possible. Maybe your choosing even a different dealer to get rid of being forced to use an account.

Passwords for my servers? I wouldn't go with a password based login on a server. But my certificates our hacker now also has.

Online banking? Shouldn't nowadays be possible with just a mail address and a password.

So it doesn't matter if my passwords are encrypted or not, a plain text file does it. Anything you can reach by your computer is as safe as the weakest part of it. If a hacker has reached my $HOME there will be no difference if I'm using something like keepass: I've got to assume that none of my passwords is save anymore. And that file wouldn't be my basic problem…

Does really someone think a hacker would say "holy crap, this dude uses keepass, so I have no chance"? My passwords are stored inside a database. It will take some time for someone else to figure out how things of that database match together (and it's not named like "db4pw" etc.), but: Unencrypted.

But I've got something like keepass: It's my $HOME on my computer. And that account already has a master password! But I wouldn't feel well if I would use f.e. Windows and have no clue, if my data is stored also on some cloud machines (after all, they always say they have to check all this out for my safety).
 
Back
Top