[ubuntu-za] Security - passwords

Neil Oosthuizen nlsthzn at gmail.com
Wed Dec 3 09:04:09 UTC 2014


"Here is an interesting project to watch, too:
http://hackaday.com/2014/10/13/mooltipass-installation-process-is-now-dead-simple/
"

The thing I like most about this project is the name :D




On 3 December 2014 at 12:51, Karl Wortmann <karlwortmann at gmail.com> wrote:

> Here is an interesting project to watch, too:
>
> http://hackaday.com/2014/10/13/mooltipass-installation-process-is-now-dead-simple/
> On Dec 3, 2014 5:44 PM, "Raymond Barbour" <xraya4t at gmail.com> wrote:
>
>> I've been using android app
>> https://play.google.com/store/apps/details?id=org.awallet.free as I
>> always have my phone with me. I picked this because the only permission it
>> has is to read and write to sd card. So even if it was stealing passwords
>> it doesn't have the permission to send them anywhere. Google doesn't show
>> you by default when an app has internet access, you need to specifically
>> open the permissions in the play store. So if you are security paranoid
>> (which my brother is) then this app is for you. It just means that you
>> manually need to export your passwords (encrypted or csv) to back them up
>> and transfer them separately from the app.
>>
>> On Tue, 02 Dec 2014, 18:34 Henk Joubert <jouberthenk at gmail.com> wrote:
>>
>>> Hi Leon
>>>
>>> I use keepassx and dropbox to sync the database file to my mobile.
>>> Assuming I don't lock myself out of dropbox or my encrypted database (which
>>> is replicated on multiple machines) I don't have problems.
>>>
>>> The problem with a sheme based system like hashpass or cryptnos is that
>>> it works great up until you run into arbitrary password requirements. Must
>>> be 8 to 12 characters and contain a heiroglyph sound familiar? Now you're
>>> back to keeping a note somewhere about what 'trick' you used to coerce your
>>> scheme into fitting. Also some services will change name (and domain) which
>>> is commonly used as a source to generate your passwords.
>>>
>>> One caveat with keeping keepass synced over dropbox is that it's rather
>>> painful to add new credentials on a mobile device. Much better to only use
>>> mobile in an emergency lookup situation.
>>>
>>>
>>>
>>> On 2 December 2014 at 17:41, Leon Gert Marincowitz <
>>> lmarincowitz at gmail.com> wrote:
>>>
>>>> Hi all
>>>>
>>>> Sometime this year I moved all my passwords to keypassx. Which is great
>>>> when I'm on my Ubuntu laptop. Not so great when on my android-having to
>>>> Bluetooth the encrypted file to myself.
>>>>
>>>> But late last week I had a security crises where I couldn't get into a
>>>> crucial account as I had forgot to send myself the updated file.
>>>>
>>>> Now I'm thinking that a physical file is perhaps not the best way to
>>>> manage passwords across multiple devices.
>>>>
>>>> So, here's a quick poll on what does everyone consider to be the best
>>>> security as in password management.
>>>>
>>>> Does anyone use password manages such as last pass or the like,
>>>> keypassx, or something new I've found recently called hash passwords.
>>>>
>>>> Anyone has experience in this regard or would like to share their
>>>> thoughts?
>>>>
>>>> Regards
>>>>
>>>> Leon G. Marincowitz
>>>>
>>>> Apologies for brevity, sent from smartphone
>>>>
>>>> --
>>>> ubuntu-za mailing list
>>>> ubuntu-za at lists.ubuntu.com
>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>
>>>>
>>>
>>>
>>> --
>>> Henk Joubert
>>> BSc Computer Science (Hons) | University of Cape Town 2012
>>> jouberthenk at gmail.com | 0836382339
>>>  --
>>> ubuntu-za mailing list
>>> ubuntu-za at lists.ubuntu.com
>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>
>>
>> --
>> ubuntu-za mailing list
>> ubuntu-za at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>
>>
> --
> ubuntu-za mailing list
> ubuntu-za at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-za/attachments/20141203/70556f19/attachment.html>


More information about the ubuntu-za mailing list