The Right Password Manager

posted in: Other, Technicalities | 0

A guy got hacked recently. He calls the incident »epic« which may well be true from his personal point of view. Also, the apple/amazon shortcomings in handling his sensible information are downright preposterous, but there were a couple of mistakes at his end that made the scope wider than it had to be and the effect far more devestating than necessary.

For instance he did show an epic laxness concerning his personal data by not obeying Schofield’s 2nd law of computing. It states »data doesn’t really exist unless you have at least two copies of it.« I do obey this law by using backintime and I recommend you use something similar.

The guy also daisy-chained password-resets and email-accounts, offering a single point of entry to his digital everything. This got me thinking about my own passwords. They are generally very strong and I have a lot of different passwords. Sometimes too many different ones, so I keep forgetting which ones I used where. But sometimes not enough different ones, as some applications share some passwords. This needs to change, so it is time for a password manager.

[update 30.8.2012] I installed KeePassX a while ago and am quite happy. I thought I had found the perfect combination when Nic mentioned the open source self hosted oneCloud, but I failed. Looking for another solution, I went for ubuntu one.

Ubuntu one does not support android 1.6 any more, but ES File manager does. And it also does support ubuntu one.

[update 26.9.2019] Bill of Pixel Privacy sent me an article on passwords which has a lot of interesting facts and figures. So if you think all this doesn’t concern you, you might want to check it out: https://pixelprivacy.com/resources/reusing-passwords/

[/update]

What are the options?

  • Passwordmaker
  • KeepassX
    for *nix-based systems
    + independent from KeePass but they share a db-format, so you can port stuff
    + GNU & Open Source
  • KeePass
    ? Any connection to KeepassX?
    + Has a portable version
    + independent from KeePassX, but uses same db-format, so you can port your stuff
    needs wine or windows
  • WebKeePass
    Java-port of KeePass
  • Revelation
  • Mitto
    + apparently self-hosted
  • Pasaffe
    + DB is Passwordsafe 3.0 compatible
  • Passwordgorilla
  • Passwordsafe
    + DB compatible with pasaffe
     

At askubuntu the majority recommends KeePassX. On stackexchange WebApps there is a thread on self hosted variants.

What are my requirements?

* sufficient cryptographic algorithm – SHA1 or MD5 won’t do.

* accessible from on the road

* Open Source

 

[update 21.8.2012]

I am trying KeePassX at the moment. I like the interface and have already forgotten most passwords – so what I don’t like is I started relying heavily on a piece of software. Anyway, there are at least two Android clients that can read KeePassX’ data base:

  • KeePassDroid
    + requires Android 1.5 und up
    + syncs to drop box
    + good reviews
    + free
    + large user base
  • Walletx Password Manager
    + syncs to dropbox
    requires Android 2.2 and up
    not so good reviews
    small user base

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.