[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
|
|
Subscribe / Log in / New account

A look at password managers

A look at password managers

Posted Feb 16, 2017 6:44 UTC (Thu) by brouhaha (guest, #1698)
Parent article: A look at password managers

One of my requirements is that my password store has to be cross-platform, including mobile devices. It appears to me that the best approach to that is to use password managers that implement the "Password Safe" (pwsafe.org) file format. I've tried several, mostly with poor results. I'm currently using the beta version of "passwordsafe" for Linux, which is the wxWidgets port of pwsafe. It seems to work pretty well.

I have not looked into whether it supports any form of browser integration, because I'd rather NOT have my browser have any knowledge of my password manager, which might make it easier for malicious Javascript code running in the browser to steal my other passwords (e.g., if a trojan asked for permission to access one of my passwords, but managed to read others).

to post comments

A look at password managers

Posted Feb 16, 2017 8:16 UTC (Thu) by spaetz (guest, #32870) [Link] (1 responses)

I have good success with keepassdroid/keepassx/keepass on android/linux/windows. The file is portable and you can sync with whatever tool works best for you. Both linux and windows support kind of an auto-entry without requiring browser support.

A look at password managers

Posted Feb 17, 2017 8:50 UTC (Fri) by hifi (guest, #109741) [Link]

This is my chosen solution as well. As someone else has mentioned in the comments I also use Google Drive as my "cloud" storage for the file itself.

What I chose to do was to limit myself into updating my chosen password files where I'm physically at when I mainly use them. Work is updated at work and home at home. The file on my home PC is the master file for personal passwords and the file on my work PC is the master file for work related passwords. I synchronize my personal file to Google Drive every time I make an update (at home) and synchronize the work file to OneDrive at work when I update it. After a week or so it became very infrequent when most of my passwords were in so it doesn't bother me at all.

This setup is fairly convenient with Keepass2Android on my phone (note: open source project as well) which has synchronization support for Google Drive so I always have access to my passwords from my phone as long as I push the updates to Google Drive.

Also, if my chosen cloud provider decides to lose my cloud stored file, I still have a copy on my disk (and phone) so it's nearly impossible to completely lose access to them. Since they are well encrypted with enough iterations I should be able to sleep safe in case my cloud provider turns evil and would try to crack it or accidentally leak it somewhere. Same thing if my phone gets stolen.

As a side note, KeePassX has excellent (global keyboard shortcut) auto-type feature on the Linux desktop which makes browser integration almost completely useless as it can type your passwords into forms based on the window title which has the web page title. It's also fairly secure as it doesn't type into hidden fields like integrated ones could.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds