Password fatigue solutions (was Single-signon)

Tom Metro tmetro-blu-5a1Jt6qxUNc at public.gmane.org
Wed Feb 10 14:55:00 EST 2010


David Rosenstrauch wrote:
> I would definitely recommend PasswordMaker here too.  Why save passwords 
> in a safe when you can just have an app that calculates a unique one for 
> each site?

A common password is used with PasswordMaker for all sites, right?

So someone targeting you, who knows you use PasswordMaker, just needs to 
work on guessing that password, and then they can unlock all sites you 
use it with.

With a password safe, each site has its own 20 character (or whatever 
the site allows) highly random password, that has no relation to any 
other site you use, and guessing the safe's master password is pointless 
without physical access to the safe's database.

Granted, a tool like PasswordMaker is intended for "low security" sites, 
but for those kinds of sites I'm comfortable letting my browser remember 
the password.

I'll stick with KeyPassX.

On this topic, though, I only recently ran across Ubuntu's "Password and 
Encryptions Keys" applet (under Applications -> Accessories; a.k.a. 
Seahorse[1]). In addition to being a GUI for generating and managing PGP 
and SSH keys, it appears to be a UI into the "key ring" infrastructure 
used by Ubuntu and intended for automated access by application. I see 
it lets you create a new key ring (your login is the primary key ring), 
but has no option to add passwords to it. It isn't clear whether it is 
usable as a manual password safe, and I don't know anything about how it 
stores the data.

Anyone tried using it for anything other than what Ubuntu forces you to 
use it for?

1. http://projects.gnome.org/seahorse/

  -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/





More information about the Discuss mailing list