KeePass or equivalent app

Talk about internet security, computer security, personal security, your social security number...
Post Reply
User avatar
computerfreaker
Senior Member
Posts: 220
Joined: Wed Sep 16, 2009 10:03 pm
Location: USA

KeePass or equivalent app

Post by computerfreaker »

I'm wondering if it's a good idea to use KeePass or an equivalent app for storing passwords...
I currently use the same password for a lot of things (to avoid trying to remember 5 million passwords... ok, not quite that many, but you get the idea :lol: ), but I was browsing through this forum and noticed a lot of posts saying "that's a bad idea". However, I don't really relish the idea of storing my passwords on the computer... at least my brain can't be cracked, but a computer file sure can...
So, do you think it's a better idea to mentally store passwords and use the same pwd for several places, or is it a better idea to use KeePass or some other secure-password-storage app?

Thanks! :)
With great power comes great responsibility.
Learn something new every day, and the rest will take care of itself.
Life is a journey, not a destination. Enjoy the trip!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13
Grumpy Old Lady
Senior Member
Posts: 240
Joined: Fri Jul 03, 2009 7:20 am

Re: KeePass or equivalent app

Post by Grumpy Old Lady »

Summary of my opinion: passwords aren't worth a cent if they aren't transmitted securely and if they are worth a cent I don't input them manually.
It follows from this that I choose the most convenient way to manage passwords for insecure transmission, and the most secure way to manage them for secure transmission.
It so happens that the Fx Master Password - Tools|Options|Security>Passwords - satisfies both those requirements for me.
An exception is many financial sites which enforce keyboard or pointer password input. Good luck there if your site doesn't provide two-factor authentication and you don't know exactly what processes your operating system is running from one second to the next :-)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
User avatar
computerfreaker
Senior Member
Posts: 220
Joined: Wed Sep 16, 2009 10:03 pm
Location: USA

Re: KeePass or equivalent app

Post by computerfreaker »

Grumpy Old Lady wrote:Summary of my opinion: passwords aren't worth a cent if they aren't transmitted securely and if they are worth a cent I don't input them manually.
It follows from this that I choose the most convenient way to manage passwords for insecure transmission, and the most secure way to manage them for secure transmission.
It so happens that the Fx Master Password - Tools|Options|Security>Passwords - satisfies both those requirements for me.
I thought the Fx Master Password thing wasn't secure... am I wrong/did that change/did someone's advice screw me? :? :?:
Grumpy Old Lady wrote:An exception is many financial sites which enforce keyboard or pointer password input. Good luck there if your site doesn't provide two-factor authentication and you don't know exactly what processes your operating system is running from one second to the next :-)
Well, fortunately for me I don't go to any financial sites... just my school site and half-a-dozen forums... :)
With great power comes great responsibility.
Learn something new every day, and the rest will take care of itself.
Life is a journey, not a destination. Enjoy the trip!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13
Alan Baxter
Ambassador
Posts: 1586
Joined: Fri Mar 20, 2009 4:47 am
Location: Colorado, USA

Re: KeePass or equivalent app

Post by Alan Baxter »

computerfreaker wrote:I thought the Fx Master Password thing wasn't secure... am I wrong/did that change/did someone's advice screw me?
The Fx Master Password is and was just fine. If someone said that it wasn't, they were mistaken. Write your passwords down too and keep them in a safe place, just in case Fx becomes corrupted somehow and you can't access them that way. That's not likely, but it's prudent to have a copy of them.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: KeePass or equivalent app

Post by therube »

KeePass or equivalent app are fine for storing passwords.
I typically do not "auto-enter" any passwords, but rather manually type them in. (Not for any of the reasons mentioned above, it is just what I do.)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.23) Gecko/20090825 SeaMonkey/1.1.18
User avatar
computerfreaker
Senior Member
Posts: 220
Joined: Wed Sep 16, 2009 10:03 pm
Location: USA

Re: KeePass or equivalent app

Post by computerfreaker »

Alan Baxter wrote:The Fx Master Password is and was just fine. If someone said that it wasn't, they were mistaken. Write your passwords down too and keep them in a safe place, just in case Fx becomes corrupted somehow and you can't access them that way. That's not likely, but it's prudent to have a copy of them.
therube wrote:KeePass or equivalent app are fine for storing passwords.
Thanks for the tip! I guess I will change half-a-dozen passwords, store them in KeePass, and use the Fx password manager to log me into various sites...
(btw, one last question... I'm an admin on 2 different sites. Do you think I should save the passwords for those sites, or is that begging for a compromised admin account?)
therube wrote:I typically do not "auto-enter" any passwords, but rather manually type them in. (Not for any of the reasons mentioned above, it is just what I do.)
Ditto. :)
With great power comes great responsibility.
Learn something new every day, and the rest will take care of itself.
Life is a journey, not a destination. Enjoy the trip!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: KeePass or equivalent app

Post by Tom T. »

Alan Baxter wrote:The Fx Master Password is and was just fine. If someone said that it wasn't, they were mistaken. Write your passwords down too and keep them in a safe place, just in case Fx becomes corrupted somehow and you can't access them that way. That's not likely, but it's prudent to have a copy of them.
I like Password Safe, with encryption designed by cryptoguru Bruce Schneier. This addresses Alan's issue of Fx becoming corrupted, as PWS stores in a completely separate file on your hard drive (in its own Programs folder in Win, e. g.), securely encrypted. You can back up the pw database easily and frequently to any USB drive, CD/DVD, whatever, and it still remains secure. Mine's presently a little over 8 Kb, fully encrypted and all -- *that's* a quick back-up. Whole puter crashes? No problem. After re-install, just re-install PWS with the same pw database from your backup. Take the portable version with you and use it on other machines, without leaving tracks. Auto-type safely, with strong passwords like cY(,:\(cY9sz[iJ]lpX2n9OnNwp=680 that you wouldn't, and couldn't, type. ... and yes, I do write them somewhere very safe (far away from the computer, in case it's stolen), as a multiple-redundancy thing.

As for safety of Fx pwd mgr, I respect Alan's opinions greatly -- on this and on everything else. In my own humble opinion, I go with the philosophy of "Do one thing, and do it well." (This is why Giorgio has said that, for example, he won't combine cookie management with NS.) A browser has many things to do, and is constantly exposed to the Internet. Security vulnerabilities are discovered regularly. Asking the browser to store your pws, and to keep them secure, and to guarantee that no flaw will be discovered in the future, is asking too much. Get one tool designed to do one job very, very well. IMHO. YMMV.
Last edited by Tom T. on Fri Sep 18, 2009 4:55 am, edited 1 time in total.
Reason: ad size of PWS database
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US at an expert level; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 diehard
Alan Baxter
Ambassador
Posts: 1586
Joined: Fri Mar 20, 2009 4:47 am
Location: Colorado, USA

Re: KeePass or equivalent app

Post by Alan Baxter »

He's alive! :D
Tom T. wrote:A browser has many things to do, and is constantly exposed to the Internet. Security vulnerabilities are discovered regularly. Asking the browser to store your pws, and to keep them secure, and to guarantee that no flaw will be discovered in the future, is asking too much. Get one tool designed to do one job very, very well. IMHO. YMMV.
Thank you for pointing out how an external PW manager may be more convenient and secure, Tom. I appreciate the information.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: KeePass or equivalent app

Post by Tom T. »

Alan Baxter wrote:He's alive! :D
It's certainly nice to be missed! :)

Alive and well, thank you, but preoccupied with Real World and Real Job issues, alas, plus another interest or two outside of the digital world. I *do* remember, Alan, that you assured me that being a Mod did not involve any particular time commitment, a concern I expressed due to the highly-variable demands described above. I certainly consider supporting NS and its users most worthwhile, and don't we all regret that there aren't 30 hours in a day (except in octal, of course!) ;)

Back on topic: Alan, IIRC, you tried my recommendation of Sandboxie, and came to like it. Would you give PWS a similar eval? It's not even a nagware model: absolutely, totally free, no strings attached, no crippleware. Your investigations into new sw are always diligent and thorough, and your opinions are highly respected here. It isn't *directly* connected to our main function of supporting NS and FG, but we do have this "Security" sub-forum, and all the script-blocking in the world is useless if your pws are stolen, right? :ugeek:

If you ever have the chance to evaluate it, I'd be very interested in your opinion. And it's one less thing to go wrong with the browser, or for the browser people to have to worry about. (I've *never* stored pws in a browser, even as an IE noob.)

IIRC, it was Mark Twain who said, "The reports of my death are greatly exaggerated." (His obituary had been published mistakenly by the New York Times.) Cheers, and thanks for your exhilaration at my appearance!
Image
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US at an expert level; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 diehard
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: KeePass or equivalent app

Post by GµårÐïåñ »

Its always good to see you my friend.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: KeePass or equivalent app

Post by Tom T. »

Thanks G, back at ya.
Have you looked into Password Safe? If so, your opinion? If not, perhaps a look -- when you have a break from your 3, 796 other projects? ;)
Cheers!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US at an expert level; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 diehard
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: KeePass or equivalent app

Post by GµårÐïåñ »

My dear friend, as I have said in the past a long while ago when we discussed it, I have not used it and have no opinion, as I use RoboForm personally.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
Post Reply