You are not logged in.

#26 2016-05-27 20:06:40

R00KIE
Forum Fellow
From: Between a computer and a chair
Registered: 2008-09-14
Posts: 4,734

Re: Is it recommended to use a password manager?

I'm using pwsafe (and keepassx for redundancy). It would be much nicer if websites (and browsers) started to support U2F. One could then use simpler easier to remember passwords and not lose in the security front I suppose.


R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K

Offline

#27 2016-05-29 17:15:15

mpan
Member
Registered: 2012-08-01
Posts: 1,188
Website

Re: Is it recommended to use a password manager?

I was trying pass earlier, but finally I’m with KeePassX. It’s autotype feature is very convenient: Ctrl+U, Ctrl+V, voila. The benefit is that the passphrase can’t leak through clipboard (it can, however, by a cursor in a wrong window).

LastPass? Since when giving your credentials to third party is considered an example of security?

What I truly miss is a common, libre protocol for changing passphrases in websites/services. Currently we’re forced to do this manually, which is both error-prone and PITA.


Sometimes I seem a bit harsh — don’t get offended too easily!

Offline

#28 2016-05-29 17:38:16

R00KIE
Forum Fellow
From: Between a computer and a chair
Registered: 2008-09-14
Posts: 4,734

Re: Is it recommended to use a password manager?

mpan wrote:

I was trying pass earlier, but finally I’m with KeePassX. It’s autotype feature is very convenient: Ctrl+U, Ctrl+V, voila. The benefit is that the passphrase can’t leak through clipboard (it can, however, by a cursor in a wrong window).

Have you tested while running tigervnc? For me, usernames and passwords are vacuumed by tigervnc when I try to use passwd, I suppose one should be aware that some programs might intercept more than they should.


R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K

Offline

#29 2016-05-30 11:23:00

mpan
Member
Registered: 2012-08-01
Posts: 1,188
Website

Re: Is it recommended to use a password manager?

If a program can access an X instance, it should be assumed that it can do anything in it. No need to suck in data sent by auto-type: any program can take control over KeePassX or another password manager, and just ask for the password. They will give it out with no resistance, assuming that the databases are already unlocked. You can try it yourself using even so simple tools like bash and xdotool.

The difference between a clipboard and other things is that various applications may have access to the clipboard but no direct access to X itself. Web apps, Flash animations, Java applets and virtualized guests with clipboard-sharing enabled are among the examples.


Sometimes I seem a bit harsh — don’t get offended too easily!

Offline

#30 2016-05-30 19:11:22

ngoonee
Forum Fellow
From: Between Thailand and Singapore
Registered: 2009-03-17
Posts: 7,354

Re: Is it recommended to use a password manager?

Was checking passwd out, but what I really like about keepass is the auto type, especially based on window titles. Doesn't look like there's anything similar for passwd?


Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.

Offline

#31 2016-07-01 02:03:38

BlueWhiteFox
Member
Registered: 2016-03-09
Posts: 6

Re: Is it recommended to use a password manager?

You already have a single point of failure. Your email. If someone gets in to that they can just reset all of your passwords.

Offline

#32 2016-07-01 23:10:05

ngoonee
Forum Fellow
From: Between Thailand and Singapore
Registered: 2009-03-17
Posts: 7,354

Re: Is it recommended to use a password manager?

BlueWhiteFox wrote:

You already have a single point of failure. Your email. If someone gets in to that they can just reset all of your passwords.

Which can quite easily be hardened using 2FA.


Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.

Offline

Board footer

Powered by FluxBB