• Archives

  • Categories:

Password Management?

Between work, play, and community involvement, I’ve now officially passed the threshold of reasonable password management. I’m constantly checking my brain, irclogs, stashed emails and scraps of paper to find various passwords. It’s a mess, and in a lot of cases causes me to drag my feet on tasks because I have to search for the password.

My first thought to get this under control is a simple gpg wallet, since I want command line accessibility (no GUI!), simple backups to a flash drive, encryption and password protection.

Any other suggestions? What do you use?

20 Comments

  • shermann

    Keepass is one of my favorite…works on linux, windows and imho mac, too.

    and apt-get install keepass works out of the box :)

    \sh

  • troll

    SmartCard. Take a look at opensc and openct projects. It combines two factor authentication (“what you have”+”what you know”), is able to integrate with nearly everything (kerberos, openssl, gpg, apache for web site login, s/mime email systems, …), and is tamperproof (self-destructs when tampered with). Also fits your wallet as it is credit card sized.

    On top of that you get full blown PKI, I can send encrypted&signed email to some 5 million people already and they can receive them just fine. Without having to ever sign keys (it’s appalling when you see some nerds doing that) as all the up-to-date operating systems have the CA’s certificates and OCSP provider links already. :-)

  • shermann

    Oh…
    there is also a commandline tool available
    pwsafe..which does the same as keepass

  • jorge

    Try revelation, it’s in the repositories and can even generate throw-away passwords for you.

  • Craig Maloney

    I use a plugin under vim to allow vim to edit gpg files in place. From there, I have a password file with most of my passwords under it. It’s simple to move the files anywhere, using Unison, svn, or whatever other tools I choose.

    The script is called gnupg.vim.

    Hope this helps!

  • John

    If you are a ViM user, a quick and dirty way to do this is using the -x flag:

    vim -x passwords

    Vim will prompt you for a password and every time you open the file with vim, it will prompt you again and seamlessly decrypt and encrypt it.

  • Peter

    You should try Clipperz (https://www.clipperz.com/), a very secure free online password manager.

  • mish

    I would use something based on passwordsafe – a windows program originally developed by the legendary Bruce Schneier. The original is available on sourceforge, and has a java version that is meant to work on Linux (not tried it).

    There is more than one Linux implementation (and available in at least the ubuntu repositories). I use mypasswordsafe – a qt version. There is a command line version called pwsafe (mentioned above).

    They all use the same file format, so having saved your password on one platform, you can copy the (encrypted) file to other platforms and use the relevant app to access your passwords elsewhere.

  • Christophe

    I use keypass all the way! Works under linux and windows, and is also available as a portable app! Great stuff!

  • simca

    My most important passwords are written down into my (paper) notebook. That is the least vulnerable format of all. No hd crash, no unreadable backup discs…

  • Thomas King

    Hi all,
    I use MobileKnox and DesktopKnox to manage my passwords. MobileKnox runs on any J2ME-enabled cellphone and DesktopKnox runs on Windows, Linux, and Mac OS X. As I carry my cellphone anyway with me, so I have my passwords with me as well. Although it is possible to enter new entries to MobileKnox I mainly use DesktopKnox to alter account data. MobileKnox and DesktopKnox use an easy-to-setup synchronization procedure which keeps the data up-to-date. Furthermore, both programs use AES-256 to encrypt the data.

    Just give it a try: http://www.mobileknox.com

    Thomas

  • Tony Yarusso

    I’ve been using Revelation as well, but as noted, that’s a Gnome app, and therefore has a GUI. What I’d really like to see is something that had both CLI and GUI (Gnome) options, or two different applications that used the same storage format, so that I could access things either way. Let me know if you find anything like that that you like…you know where to find me. :)

  • Claudio Miranda

    I recommend using pgp to read and write password file. Command line driven, like this

    gpg -i -d -u my@token.com crypt_file.asc |grep -i mypassw

  • David

    Passwordsafe sounds like a Windows implementation of an essential tool. I have been wondering the same thing — and I’m using OS X for much of my work, so I need something that runs cross-platform.

    A quick Web search for the word ‘passwordsafe’ and the phrase ‘os x’ turned up Password Gorilla, which is pased on PasswordSafe. Password Gorilla is open source freeware, runs on Windows, OS X and *nix.

    It has a GUI — it’s written in TCL/TK. The GUI isn’t fancy or pretty, but for the price….

    URL: http://www.fpx.de/fp/Software/Gorilla/

  • ari

    keepassX (the native linux port of keepass, also runs in osx). super cool, brand new release last week, check it out.

    http://www.keepassx.org/

  • michael greb

    I use pwsafe from the command line. Keepass does look interesting though so I’m going to definetly have to check it out.

  • TerribleTrouble

    Keepass, as other users have mentioned, works on on the shockingly awful Windows Mobile Phones too, which until Opie gets going, is what we have to live with!

  • matthew

    I like Revelation, but KeePassX is also quite impressive. I have a blog post on this very topic, and the comments there may help in your decision as well.

    http://matthewhelmke.net/index.php/2008/01/22/29-how-do-i-remember-all-these-passwords

  • Jim

    +1 for keepassx. I use it at home and have the portable apps version for my, bleh, windows box at work. It took a while to load all the passwords and other info but once done it’s easy to use.

  • MLsite

    After reading your blog, I want to suggest a site called Mashedlife. http://Www.mashedlife.com is an online password manager. It does not require any plug-ins or downloads, so it runs completely off the browser. It works with any brower: PC, mac, and even iPhone. This site has lots of interesting features such as One-click log-in, Yubikey compatibility, Facebook application, and much more.

    The site is extremely secure with verifications from Trust-e and the Better Business Bureau. Also, all information on the site is kept private.

    For those of you who don’t know what the Yubikey is, it’s a USB device that generates a random 32 character password. This is used for super secure logins. Just plug it in, touch the button, and you have a virtually impossible to hack password. Its that simple.

    So, I urge you to give it a try and see how you like it.