Password Managers

Passwords are the most annoying thing in the computers in my opinion.

They need to be complex, you can’t write them down, no one should be able to guess them.

What is the good solution to this really old problem? Well there are several.

First one is to use password managers. There are 2 kinds

local and cloud based

Cloud based password managers are ok, but you need to trust your passwords for someone else. You can store your passwords in the cloud and get add-ons to browser, which generate complex passwords and stores them to the cloud. There are also mobile versions of these so your passwords are synced between mobile and desktop. Cloud based managers are LastPass, 1Password, iCloud keychain just to name the few. If there is a breach in the service you have trusted your passwords, they might be compromised. This is the risk you have to take.

Local password managers are the ones where you have the database yourself. Most popular in this category is KeePass, KeePassX and KeePassXC. Managers allow more secure way to store your passwords, but there are difficulties how to share the database of the passwords between computers and devices.

One option is to use one of the storage services that are available. You can put the password database to synced folder and then the database is synced between devices, desktop and mobile. Because database is encrypted AES-256 encryption, service provider can’t read the file.

To help your life a little bit there is some add-ons to KeePass, which allows you to integrate the software to browser. This means that browser will automatically fill the login info for the web page.

KeePass, KeePassX and KeePassXC are licenced under GNU General Public License 2.0

Password manager I’m using now is quite intresting. It’s deterministic and doesn’t have any database to store. How does it work then? I’m using now MasterPasswordapp and it’s licenced under GNU General Public License 3.0

You give 2 things to your app. My case it’s my full name (not a secret, more like a username) and then your master password. Then you give some string to seed the password. The seed is usually the site name you have password for. You can give the seed like facebook.com and the result is something like t7’5G(XdNwblGjH5jgqk So that’s your password to facebook. It is calculated the same way if you provide these 3 things always the same way, Your name, password and site name. There is clients for iOS, Adnroid, Java, MacOS and web. So between desktop and phone you don’t need anything to sync. There is no database. Password is always generated on the fly.

I have also thought the hybrid model.
Passwords are stored in the encrypted database provided the local password software. The master password for the database is generated with the deterministic password manager. The most important password when using the password manager is the master password. If that is quessed, all your passwords are exposed.

I hope this writing has given some clarity about password managers, because you need one.

You can always ask me a question via OStaus network. My OStatus address is make@gnusocial.raitisoja.com and my profile is https://gnusocial.raitisoja.com/make

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.