[kwlug-disc] Storing loads of passwords

Paul Nijjar paul_nijjar at yahoo.ca
Fri Sep 3 21:45:04 EDT 2010


This message from Eric got discarded. Ironically, I don't have my
password list handy, so I am not going to troubleshoot right now. 

- Paul

----- Forwarded message from kwlug-disc-bounces at kwlug.org -----


On Fri, Sep 3, 2010 at 7:38 PM, Johnny Ferguson <hyperflexed at gmail.com> wrote:
> Looking for a solution to easily store passwords in a secure manner. My
> current system involves a program called gpass
> (http://projects.netlab.jp/gpass/)
>
> My problem with it is that it stores all the encrypted passwords in one big
> glob, so I have a hard time sharing passwords between more than one machine.
> If I were to disconnect the machines and add one unique password to each
> then reconnect them, one machine would add its new password to the other
> machine, but the other machine would lose its new password because the
> storage is just a big glob.
>
> I'd prefer something which stores passwords as single files (much like
> tomboy notes does with notes), yet still uses only a single master password
> to unlock access to all the passwords.
>
> I've thought of running this system from a usb key, but I wouldn't want to
> be out of commission if I lost the key.
>
> Any advice in this area would be appreciated. I'm sure we all deal with
> having to keep track of at least 20-30 hard-to-remember and constantly
> changing passwords, but I'm certain there must be a better way.

LastPass. Full stop.

I was going to develop a solution myself involving a webservice and
GPG... but I never got around to it because I discovered LastPass.  It
*will* handle merging of password changes on different machines, even
though it handles everything as one encrypted blob.  It encrypts using
AES 256.  It will also do form filling, store notes, etc.

It work best as a plugin for browsers, but it also has standalone GUI
versions, and versions for your smartphone (if you pay $12/yr for
LastPass Pro).  You can even to two-factor authentication with a
YubiKey if you're really paranoid.  I haven't seen a commandline
version... but you could probably write one if you really needed it
(the protocol is open)

If you're concerned about its security, Security Now episode 256 and
257 deal with it (256 is the fundamentals, and 257 is Q&A).  You can
grab it here: http://twit.tv/sn256

I haven't found a downside yet, even though I've only been using it
for a few weeks (since Security Now #256).  I highly recommend it.  I
may not be there Monday (out during the day, may not make it back in
time), but if I am I can show it.

Cheers,

Eric



----- End forwarded message -----

-- 
http://pnijjar.freeshell.org





More information about the kwlug-disc mailing list