Are Password Managers Really Worth It?

[buzzingrobot]

Given the current spate of password thefts, I'm wondering, again, if I should use a password manager.

I'm curious about opinions about them. Are they really secure? Every one I've looked at relies on a master password. That becomes your most important password, but it is also the only password you can't manage with the password manager. If that's compromised along with any device running your password manager, you are in trouble.

I'm also wondering about consistent use on multiple platforms. I use a Linux desktop, a Macbook, an iPhone, and an iPad. If I commit to a password manager, I want one that's available for all those devices and one that does not make me responsible for porting data from device to device. In other words, I want to set things up on one machine and have all my passwords available on all the other devices.

Finally, I've tried a couple of password managers in the past. I quit them because they became a hassle to use. E.g., entering the password in the wrong field.

So, what say you all? If you use a password manager, which onto and why? I

[Porcini M.]

I have a text file with all my passwords & other sensitive info in it. I have a button on my panel that invokes a script as root (using gksudo), which decrypts the text file & opens it in a text editor. When I'm done reading & potentially editing it, it re-encrypts it.

[sffvba[e0rt]

KeepassX and on Windows Keepass 1.x ... really needed as I have used it to create random passwords as complex as allowed for each and every log in I need to do into any service.

It has a fairly long pass phrase and also needs an additional file to unlock... I feel secure.



404

[sffvba[e0rt]

KeepassX and on Windows Keepass 1.x ... really needed as I have used it to create random passwords as complex as allowed for each and every log in I need to do into any service.

It has a fairly long pass phrase and also needs an additional file to unlock... I feel secure.



404

See I already posted in this thread many moons ago, so I will only add:

[Primefalcon]

I'll tell you what I do, first off I have an encfs volume in my dropbox (which is not needed but an extra layer of security is always nice...

I keep an gpg encrypted text file in this encfs volume, lets call it myPasswords.txt.gpg for arguments sake here....

And I have thi script in my bin folder

==viewPass==

Code:

#!/bin/bash
#for multiple search critera
if [ "$2" == "" ]; then
gpg --decrypt --no-use-agent $HOME/EncDropbox/myPasswords.txt.gpg | egrep -i "*$1*"; sleep 30s; cat /dev/null | xsel -psb; reset;. ~/.bashrc
else
gpg --decrypt --no-use-agent $HOME/EncDropbox/myPasswords.txt.gpg | egrep -i "*$1*" | egrep -i "*$2*"; sleep 30s; cat /dev/null | xsel -psb; reset;. ~/.bashrc
fi

this way no matter what machine I am on, if I need to know m pssword for Ubuntu forums.... I just open a terminal and type in

Code:

viewPass ubuntu forums

and it then prompts me to unlock my gpg key, afterwish it spits out my password and then after 30 seconds clears the terminal and wipes the clipboa...

This way I can have ridiculously long passwords with zero hassle and not having to rely on anyone elses security practices..... or lack thereof for my passwods...

and since it is inside an encfs volume if I want to decrypt the whole document to add passwords.... I can.... safetly

[Erik1984]

I use KeePassX. I have too many different accounts and definitely don't want the same weak (relatively short) password anywhere. As we all know from XKCD, special characters don't matter, passwords just need to be long. The easiest is just to let KeePass or another tool generate a random long string for you. KeePassX is also quite nice to operate, just click on the entry and CTRL+C to copy the password (it will only stay on the clipboard for a short time).

If you use multiple platforms maybe you should look at LastPass to manage your passwords through a web interface (of course usable on all platforms you mention). KeePassX (Linux, and also Mac AFAIK) and KeePass (Windows) are also compatible as long as you use the .kdb database format (KPX can't reed KP's kdb2 format).

[madverb]

Yes, they are. Just make sure the unlock password is nice and long. It means you can have randomly generated long passwords without having to remember them.
Now we just need to make sure all financial institutions and the like allow for long complex passwords and we are set. Some government sites in Australia don't allow for passwords longer than 8 characters. INSANITY.

[CharlesA]

Yes, they are. Just make sure the unlock password is nice and long. It means you can have randomly generated long passwords without having to remember them.
Now we just need to make sure all financial institutions and the like allow for long complex passwords and we are set. Some government sites in Australia don't allow for passwords longer than 8 characters. INSANITY.

+1. I have a few sites that can only take 8 character passwords with no special characters. It makes me sad. =/

I use KeePass, myself and it has worked well for me - I have it on a USB stick.

[scouser73]

Why not manage your passwords, create a list of Sites and associated passwords and have it on a flash drive.

I would suggest using a password generator when creating new passwords & making the passwords over twelve characters long



It's your stuff, you're in control of it so it's your job to make it the most secure it can be.

[Copper Bezel]

+1. I have a few sites that can only take 8 character passwords with no special characters. It makes me sad. =/

I ran into this lately with my school login. I was similarly disappointed.