[ubuntu-za] Security - passwords
Karl Wortmann
karlwortmann at gmail.com
Wed Dec 3 08:51:18 UTC 2014
Here is an interesting project to watch, too:
http://hackaday.com/2014/10/13/mooltipass-installation-process-is-now-dead-simple/
On Dec 3, 2014 5:44 PM, "Raymond Barbour" <xraya4t at gmail.com> wrote:
> I've been using android app
> https://play.google.com/store/apps/details?id=org.awallet.free as I
> always have my phone with me. I picked this because the only permission it
> has is to read and write to sd card. So even if it was stealing passwords
> it doesn't have the permission to send them anywhere. Google doesn't show
> you by default when an app has internet access, you need to specifically
> open the permissions in the play store. So if you are security paranoid
> (which my brother is) then this app is for you. It just means that you
> manually need to export your passwords (encrypted or csv) to back them up
> and transfer them separately from the app.
>
> On Tue, 02 Dec 2014, 18:34 Henk Joubert <jouberthenk at gmail.com> wrote:
>
>> Hi Leon
>>
>> I use keepassx and dropbox to sync the database file to my mobile.
>> Assuming I don't lock myself out of dropbox or my encrypted database (which
>> is replicated on multiple machines) I don't have problems.
>>
>> The problem with a sheme based system like hashpass or cryptnos is that
>> it works great up until you run into arbitrary password requirements. Must
>> be 8 to 12 characters and contain a heiroglyph sound familiar? Now you're
>> back to keeping a note somewhere about what 'trick' you used to coerce your
>> scheme into fitting. Also some services will change name (and domain) which
>> is commonly used as a source to generate your passwords.
>>
>> One caveat with keeping keepass synced over dropbox is that it's rather
>> painful to add new credentials on a mobile device. Much better to only use
>> mobile in an emergency lookup situation.
>>
>>
>>
>> On 2 December 2014 at 17:41, Leon Gert Marincowitz <
>> lmarincowitz at gmail.com> wrote:
>>
>>> Hi all
>>>
>>> Sometime this year I moved all my passwords to keypassx. Which is great
>>> when I'm on my Ubuntu laptop. Not so great when on my android-having to
>>> Bluetooth the encrypted file to myself.
>>>
>>> But late last week I had a security crises where I couldn't get into a
>>> crucial account as I had forgot to send myself the updated file.
>>>
>>> Now I'm thinking that a physical file is perhaps not the best way to
>>> manage passwords across multiple devices.
>>>
>>> So, here's a quick poll on what does everyone consider to be the best
>>> security as in password management.
>>>
>>> Does anyone use password manages such as last pass or the like,
>>> keypassx, or something new I've found recently called hash passwords.
>>>
>>> Anyone has experience in this regard or would like to share their
>>> thoughts?
>>>
>>> Regards
>>>
>>> Leon G. Marincowitz
>>>
>>> Apologies for brevity, sent from smartphone
>>>
>>> --
>>> ubuntu-za mailing list
>>> ubuntu-za at lists.ubuntu.com
>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>
>>>
>>
>>
>> --
>> Henk Joubert
>> BSc Computer Science (Hons) | University of Cape Town 2012
>> jouberthenk at gmail.com | 0836382339
>> --
>> ubuntu-za mailing list
>> ubuntu-za at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>
>
> --
> ubuntu-za mailing list
> ubuntu-za at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-za/attachments/20141203/8c7f3a64/attachment.html>
More information about the ubuntu-za
mailing list