Web lists-archives.com

Re: Update: Re: Password Manager opinions and recommendations




On Mon 26 Mar 2018 at 21:02:48 -0400, rhkramer@xxxxxxxxx wrote:

> Thanks to all who replied! 
> 
> I thought I'd summarize where I am:
> 
> I like three of the suggestions (from what I've seen / investigated (slightly) 
> so far, but with some comments:
> 
>    * pass: appeals to me a lot--the one problem for me (for which I believe 
> I've found the solution) is that it stores the encrypted password files in my 
> /home.  I have what might be called a "religious" aversion to storing what I 
> consider "real" user data in /home.  I've looked at the source code, and I see 
> where $HOME is used to create that directory.  If I use pass, I will, at the 
> very least, modify that in my own copy, but also write to the author and 
> suggest that he allow a command line parameter (or config file) change the 
> location of the directory.
> 
>    * I like the approach that http://masterpasswordapp.com/ takes to create 
> passwords and, iiuc, recreate them each time they are needed rather than 
> storing them anywhere.  I'll read up a little more on that.
> 
>    * I haven't spent much time on keepass--maybe in the next day or so
> 
>    * I also like the approach suggested by Abdullah Ramazanoglu (and the 
> somewhat similar Diceware), but I almost didn't find the emails from Abdullah--
> for some reason my email client did not receive them--I've done a search of 
> all the local email files (on my computer) (including trash, which I have not 
> emptied in the last several days), and I've searched the Google email spam, 
> trash, and all folders.  I'll be digging into this and possibly seek help in a 
> new thread.

Not so long ago we had this message on -user:

  https://lists.debian.org/debian-user/2017/08/msg01260.html

During the course of the conversation I changed my mind on the
usefulness of my password policy and, like you, investigated
password managers. I eventually settled on masterpasswordapp
because the re-creation aspect appealed to me, it was actively
maintained, the author's well-thought arguments were convincing
and (insofar as I could judge) it is secure.

But it did take some time to come to a decision and both the other
two you have been recommended were on my list. The last thing you
want to be doing is changing a password manager every few months,
so it is worthwhile taking the time to explore them in your use
context.

Unfortunately, masterpasswordapp is not in Debian but it is not
difficult to build.

-- 
Brian.
 appealed