[ubuntu-za] Security - passwords
Raymond Barbour
xraya4t at gmail.com
Wed Dec 3 08:44:19 UTC 2014
I've been using android app
https://play.google.com/store/apps/details?id=org.awallet.free as I always
have my phone with me. I picked this because the only permission it has is
to read and write to sd card. So even if it was stealing passwords it
doesn't have the permission to send them anywhere. Google doesn't show you
by default when an app has internet access, you need to specifically open
the permissions in the play store. So if you are security paranoid (which
my brother is) then this app is for you. It just means that you manually
need to export your passwords (encrypted or csv) to back them up and
transfer them separately from the app.
On Tue, 02 Dec 2014, 18:34 Henk Joubert <jouberthenk at gmail.com> wrote:
> Hi Leon
>
> I use keepassx and dropbox to sync the database file to my mobile.
> Assuming I don't lock myself out of dropbox or my encrypted database (which
> is replicated on multiple machines) I don't have problems.
>
> The problem with a sheme based system like hashpass or cryptnos is that it
> works great up until you run into arbitrary password requirements. Must be
> 8 to 12 characters and contain a heiroglyph sound familiar? Now you're back
> to keeping a note somewhere about what 'trick' you used to coerce your
> scheme into fitting. Also some services will change name (and domain) which
> is commonly used as a source to generate your passwords.
>
> One caveat with keeping keepass synced over dropbox is that it's rather
> painful to add new credentials on a mobile device. Much better to only use
> mobile in an emergency lookup situation.
>
>
>
> On 2 December 2014 at 17:41, Leon Gert Marincowitz <lmarincowitz at gmail.com
> > wrote:
>
>> Hi all
>>
>> Sometime this year I moved all my passwords to keypassx. Which is great
>> when I'm on my Ubuntu laptop. Not so great when on my android-having to
>> Bluetooth the encrypted file to myself.
>>
>> But late last week I had a security crises where I couldn't get into a
>> crucial account as I had forgot to send myself the updated file.
>>
>> Now I'm thinking that a physical file is perhaps not the best way to
>> manage passwords across multiple devices.
>>
>> So, here's a quick poll on what does everyone consider to be the best
>> security as in password management.
>>
>> Does anyone use password manages such as last pass or the like, keypassx,
>> or something new I've found recently called hash passwords.
>>
>> Anyone has experience in this regard or would like to share their
>> thoughts?
>>
>> Regards
>>
>> Leon G. Marincowitz
>>
>> Apologies for brevity, sent from smartphone
>>
>> --
>> ubuntu-za mailing list
>> ubuntu-za at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>
>>
>
>
> --
> Henk Joubert
> BSc Computer Science (Hons) | University of Cape Town 2012
> jouberthenk at gmail.com | 0836382339
> --
> ubuntu-za mailing list
> ubuntu-za at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-za/attachments/20141203/265da7c6/attachment-0001.html>
More information about the ubuntu-za
mailing list