KeePass or equivalent app
- computerfreaker
- Senior Member
- Posts: 220
- Joined: Wed Sep 16, 2009 10:03 pm
- Location: USA
KeePass or equivalent app
I'm wondering if it's a good idea to use KeePass or an equivalent app for storing passwords...
I currently use the same password for a lot of things (to avoid trying to remember 5 million passwords... ok, not quite that many, but you get the idea ), but I was browsing through this forum and noticed a lot of posts saying "that's a bad idea". However, I don't really relish the idea of storing my passwords on the computer... at least my brain can't be cracked, but a computer file sure can...
So, do you think it's a better idea to mentally store passwords and use the same pwd for several places, or is it a better idea to use KeePass or some other secure-password-storage app?
Thanks!
I currently use the same password for a lot of things (to avoid trying to remember 5 million passwords... ok, not quite that many, but you get the idea ), but I was browsing through this forum and noticed a lot of posts saying "that's a bad idea". However, I don't really relish the idea of storing my passwords on the computer... at least my brain can't be cracked, but a computer file sure can...
So, do you think it's a better idea to mentally store passwords and use the same pwd for several places, or is it a better idea to use KeePass or some other secure-password-storage app?
Thanks!
With great power comes great responsibility.
Learn something new every day, and the rest will take care of itself.
Life is a journey, not a destination. Enjoy the trip!
Learn something new every day, and the rest will take care of itself.
Life is a journey, not a destination. Enjoy the trip!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13
-
- Senior Member
- Posts: 240
- Joined: Fri Jul 03, 2009 7:20 am
Re: KeePass or equivalent app
Summary of my opinion: passwords aren't worth a cent if they aren't transmitted securely and if they are worth a cent I don't input them manually.
It follows from this that I choose the most convenient way to manage passwords for insecure transmission, and the most secure way to manage them for secure transmission.
It so happens that the Fx Master Password - Tools|Options|Security>Passwords - satisfies both those requirements for me.
An exception is many financial sites which enforce keyboard or pointer password input. Good luck there if your site doesn't provide two-factor authentication and you don't know exactly what processes your operating system is running from one second to the next :-)
It follows from this that I choose the most convenient way to manage passwords for insecure transmission, and the most secure way to manage them for secure transmission.
It so happens that the Fx Master Password - Tools|Options|Security>Passwords - satisfies both those requirements for me.
An exception is many financial sites which enforce keyboard or pointer password input. Good luck there if your site doesn't provide two-factor authentication and you don't know exactly what processes your operating system is running from one second to the next :-)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
- computerfreaker
- Senior Member
- Posts: 220
- Joined: Wed Sep 16, 2009 10:03 pm
- Location: USA
Re: KeePass or equivalent app
I thought the Fx Master Password thing wasn't secure... am I wrong/did that change/did someone's advice screw me?Grumpy Old Lady wrote:Summary of my opinion: passwords aren't worth a cent if they aren't transmitted securely and if they are worth a cent I don't input them manually.
It follows from this that I choose the most convenient way to manage passwords for insecure transmission, and the most secure way to manage them for secure transmission.
It so happens that the Fx Master Password - Tools|Options|Security>Passwords - satisfies both those requirements for me.
Well, fortunately for me I don't go to any financial sites... just my school site and half-a-dozen forums...Grumpy Old Lady wrote:An exception is many financial sites which enforce keyboard or pointer password input. Good luck there if your site doesn't provide two-factor authentication and you don't know exactly what processes your operating system is running from one second to the next
With great power comes great responsibility.
Learn something new every day, and the rest will take care of itself.
Life is a journey, not a destination. Enjoy the trip!
Learn something new every day, and the rest will take care of itself.
Life is a journey, not a destination. Enjoy the trip!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13
-
- Ambassador
- Posts: 1586
- Joined: Fri Mar 20, 2009 4:47 am
- Location: Colorado, USA
Re: KeePass or equivalent app
The Fx Master Password is and was just fine. If someone said that it wasn't, they were mistaken. Write your passwords down too and keep them in a safe place, just in case Fx becomes corrupted somehow and you can't access them that way. That's not likely, but it's prudent to have a copy of them.computerfreaker wrote:I thought the Fx Master Password thing wasn't secure... am I wrong/did that change/did someone's advice screw me?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
Re: KeePass or equivalent app
KeePass or equivalent app are fine for storing passwords.
I typically do not "auto-enter" any passwords, but rather manually type them in. (Not for any of the reasons mentioned above, it is just what I do.)
I typically do not "auto-enter" any passwords, but rather manually type them in. (Not for any of the reasons mentioned above, it is just what I do.)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.23) Gecko/20090825 SeaMonkey/1.1.18
- computerfreaker
- Senior Member
- Posts: 220
- Joined: Wed Sep 16, 2009 10:03 pm
- Location: USA
Re: KeePass or equivalent app
Alan Baxter wrote:The Fx Master Password is and was just fine. If someone said that it wasn't, they were mistaken. Write your passwords down too and keep them in a safe place, just in case Fx becomes corrupted somehow and you can't access them that way. That's not likely, but it's prudent to have a copy of them.
Thanks for the tip! I guess I will change half-a-dozen passwords, store them in KeePass, and use the Fx password manager to log me into various sites...therube wrote:KeePass or equivalent app are fine for storing passwords.
(btw, one last question... I'm an admin on 2 different sites. Do you think I should save the passwords for those sites, or is that begging for a compromised admin account?)
Ditto.therube wrote:I typically do not "auto-enter" any passwords, but rather manually type them in. (Not for any of the reasons mentioned above, it is just what I do.)
With great power comes great responsibility.
Learn something new every day, and the rest will take care of itself.
Life is a journey, not a destination. Enjoy the trip!
Learn something new every day, and the rest will take care of itself.
Life is a journey, not a destination. Enjoy the trip!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13
Re: KeePass or equivalent app
I like Password Safe, with encryption designed by cryptoguru Bruce Schneier. This addresses Alan's issue of Fx becoming corrupted, as PWS stores in a completely separate file on your hard drive (in its own Programs folder in Win, e. g.), securely encrypted. You can back up the pw database easily and frequently to any USB drive, CD/DVD, whatever, and it still remains secure. Mine's presently a little over 8 Kb, fully encrypted and all -- *that's* a quick back-up. Whole puter crashes? No problem. After re-install, just re-install PWS with the same pw database from your backup. Take the portable version with you and use it on other machines, without leaving tracks. Auto-type safely, with strong passwords like cY(,:\(cY9sz[iJ]lpX2n9OnNwp=680 that you wouldn't, and couldn't, type. ... and yes, I do write them somewhere very safe (far away from the computer, in case it's stolen), as a multiple-redundancy thing.Alan Baxter wrote:The Fx Master Password is and was just fine. If someone said that it wasn't, they were mistaken. Write your passwords down too and keep them in a safe place, just in case Fx becomes corrupted somehow and you can't access them that way. That's not likely, but it's prudent to have a copy of them.
As for safety of Fx pwd mgr, I respect Alan's opinions greatly -- on this and on everything else. In my own humble opinion, I go with the philosophy of "Do one thing, and do it well." (This is why Giorgio has said that, for example, he won't combine cookie management with NS.) A browser has many things to do, and is constantly exposed to the Internet. Security vulnerabilities are discovered regularly. Asking the browser to store your pws, and to keep them secure, and to guarantee that no flaw will be discovered in the future, is asking too much. Get one tool designed to do one job very, very well. IMHO. YMMV.
Last edited by Tom T. on Fri Sep 18, 2009 4:55 am, edited 1 time in total.
Reason: ad size of PWS database
Reason: ad size of PWS database
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US at an expert level; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 diehard
-
- Ambassador
- Posts: 1586
- Joined: Fri Mar 20, 2009 4:47 am
- Location: Colorado, USA
Re: KeePass or equivalent app
He's alive!
Thank you for pointing out how an external PW manager may be more convenient and secure, Tom. I appreciate the information.Tom T. wrote:A browser has many things to do, and is constantly exposed to the Internet. Security vulnerabilities are discovered regularly. Asking the browser to store your pws, and to keep them secure, and to guarantee that no flaw will be discovered in the future, is asking too much. Get one tool designed to do one job very, very well. IMHO. YMMV.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
Re: KeePass or equivalent app
It's certainly nice to be missed!Alan Baxter wrote:He's alive!
Alive and well, thank you, but preoccupied with Real World and Real Job issues, alas, plus another interest or two outside of the digital world. I *do* remember, Alan, that you assured me that being a Mod did not involve any particular time commitment, a concern I expressed due to the highly-variable demands described above. I certainly consider supporting NS and its users most worthwhile, and don't we all regret that there aren't 30 hours in a day (except in octal, of course!)
Back on topic: Alan, IIRC, you tried my recommendation of Sandboxie, and came to like it. Would you give PWS a similar eval? It's not even a nagware model: absolutely, totally free, no strings attached, no crippleware. Your investigations into new sw are always diligent and thorough, and your opinions are highly respected here. It isn't *directly* connected to our main function of supporting NS and FG, but we do have this "Security" sub-forum, and all the script-blocking in the world is useless if your pws are stolen, right?
If you ever have the chance to evaluate it, I'd be very interested in your opinion. And it's one less thing to go wrong with the browser, or for the browser people to have to worry about. (I've *never* stored pws in a browser, even as an IE noob.)
IIRC, it was Mark Twain who said, "The reports of my death are greatly exaggerated." (His obituary had been published mistakenly by the New York Times.) Cheers, and thanks for your exhilaration at my appearance!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US at an expert level; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 diehard
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: KeePass or equivalent app
Its always good to see you my friend.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
Re: KeePass or equivalent app
Thanks G, back at ya.
Have you looked into Password Safe? If so, your opinion? If not, perhaps a look -- when you have a break from your 3, 796 other projects?
Cheers!
Have you looked into Password Safe? If so, your opinion? If not, perhaps a look -- when you have a break from your 3, 796 other projects?
Cheers!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US at an expert level; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 diehard
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: KeePass or equivalent app
My dear friend, as I have said in the past a long while ago when we discussed it, I have not used it and have no opinion, as I use RoboForm personally.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3