[Discuss] Password managers

Bill Cattey wdc at mit.edu
Wed May 6 13:57:57 EDT 2020 

I use KeePass as a password generator and safe.  It has Mac, Linux, 
Android, iOS ports that I have used. Specifically I use the KeePassXC 
port on my Linux laptops and Mac desktop, MiniKeePass on my iPad and 
KeePassDroid on my Android Phone. KeePass itself is Windows only. I've 
not actually run that port.  Below I talk about "KeePass" as a generic 
across all ports.

* It is a "keep passwords in a database encrypted with a master 
password" approach.  The db is local to your device.  You copy it around 
by hand, or you keep it somewhere in the cloud where you download it to 
your device.

* KeePass is open source so you can validate what it's doing.

* It enables you to manage passwords by category.  You can also keep 
additional information.  For example, as mentioned by others on this 
list, your "Secret Questions" should be stuff you make up for every 
site, not true facts that enable the bad guys an easier time stealing 
your identity. KeePass lets you manage that stuff too.

* It offers you lots of options for generating passwords.

Looking at the Android Play Store, I see that KeePassDroid isn't there 
any more.
And now I see that I have both KeePassDroid and Keepass2Android on my phone.
I actually think I was supposed to start using the latter. (There was a 
v2 database with improvements.)

Looking at the Apple App Store, I see that MiniKeePass is still there, 
and that there's an App called "KeePass" that reviewers say "Isn't the 
real KeePass."  :-(

One final point:

I manage my KeePass database BY HAND.  The master DB is on my Mac 
desktop, and I connect my phone or my iPad or do scp from another 
desktop.  I don't trust the cloud to hold my password file, but I 
recognize that lack of trust is emotional not fact-based.

Hope this contributes to the discussion of different approaches.

-Bill Cattey


Jerry Feldman wrote on 5/5/20 5:56 PM:
> I use lastpass. It works on all platforms. Individual passwords are
> encrypted as is the master password. The only problem I had was when I
> forgot the exact spelling of my master pass phrase. Since my desktop system
> was logged in I was able to set another pass phrase.
>
> --
> Jerry Feldman <gaf.linux at gmail.com>
> Boston Linux and Unix http://www.blu.org
> PGP key id: 6F6BB6E7
> PGP Key fingerprint: 0EDC 2FF5 53A6 8EED 84D1  3050 5715 B88D 6F6
> B B6E7
>
> On Tue, May 5, 2020, 5:50 PM Jerry Natowitz <j.natowitz at gmail.com> wrote:
>
>> I've decided it is time to start using strong unique passwords on all
>> sites.  What products will work on Linux/gnu, Linux/Android, and Windows
>> 10?  Is the integration to the O/S, the window manager, or the web
>> browser?  Looking for something that will work transparently across all
>> the mentioned platforms, and possibly also Mac/iPhone.
>>
>> --
>>          Jerry Natowitz
>> ===>    j.natowitz (at) gmail.com
>>
>> _______________________________________________
>> Discuss mailing list
>> Discuss at lists.blu.org
>> http://lists.blu.org/mailman/listinfo/discuss
>>
> _______________________________________________
> Discuss mailing list
> Discuss at lists.blu.org
> http://lists.blu.org/mailman/listinfo/discuss

More information about the Discuss mailing list