Web lists-archives.com

Re: Update: Re: Password Manager opinions and recommendations




On Mon, 26 Mar 2018 21:02:48 -0400
rhkramer@xxxxxxxxx wrote:

> Thanks to all who replied! 
> 
> I thought I'd summarize where I am:
> 
> I like three of the suggestions (from what I've seen / investigated
> (slightly) so far, but with some comments:
> 
>    * pass: appeals to me a lot--the one problem for me (for which I
> believe I've found the solution) is that it stores the encrypted
> password files in my /home.  I have what might be called a
> "religious" aversion to storing what I consider "real" user data
> in /home.  I've looked at the source code, and I see where $HOME is
> used to create that directory.  If I use pass, I will, at the very
> least, modify that in my own copy, but also write to the author and
> suggest that he allow a command line parameter (or config file)
> change the location of the directory.
> 
>    * I like the approach that http://masterpasswordapp.com/ takes to
> create passwords and, iiuc, recreate them each time they are needed
> rather than storing them anywhere.  I'll read up a little more on
> that.
> 
>    * I haven't spent much time on keepass--maybe in the next day or so
> 
>    * I also like the approach suggested by Abdullah Ramazanoglu (and
> the somewhat similar Diceware), but I almost didn't find the emails
> from Abdullah-- for some reason my email client did not receive
> them--I've done a search of all the local email files (on my
> computer) (including trash, which I have not emptied in the last
> several days), and I've searched the Google email spam, trash, and
> all folders.  I'll be digging into this and possibly seek help in a
> new thread.
> 

Something I haven't seen mentioned: KeePassX does a kind of poor man's
two-factor authentication, allowing the use of both a password and an
arbitrary file in its encryption. So it's possible to store the file on
your computer(s) and carry the database itself on a USB key, meaning
that if either is lost or stolen, there is a bit less urgency in
changing all of your passwords. A couple of offline backups of both, of
course, should also be kept.

-- 
Joe