| |||||||||||||
A Periodic Table of password managersA Periodic Table of password managersPosted Nov 11, 2011 8:16 UTC (Fri) by tpo (subscriber, #25713)Parent article: A Periodic Table of password managers
While it's useful to have an overwiew of existing password managers, the review is not really useful, at least not for me.
The article spends a lot of time looking at how each password manager encrypts its data. I couldn't care less. The only question that's important to me in that respect is: are the passwords processed and saved safely? That's it.
Usability, which determines, whether you use the programm or not, whether you use it safely, whether it is in your way or smoothely supports your usage pattern is completely untouched.
A few anecdotical examples:
* kwallet is practically unusable with keys only. You have to lift your hand and click and click and click... Considering that I have to enter passwords to all kinds of web applications all the time, selecting and pasting a username/password should be as quick and painless as possible, since entering passwords adds no value to the creative process.
* once upon a time kwallet was integrated with konqueror, which meant that it automatically detected when the page prompted you for a password and asked you whether it should automatically fill in the data. What a breeze. That feature was AFAIK dropped a long, long time ago in the name of syncing with Gnome (AFAIR) and never picked up again. Anyhow, kwallet has never supported neither firefox nor gnome...
* does the password manager work as an applet or does it clutter your desktop.
* what about supporting automatic password generation on demand? As allready said, there's no value in switching to the command line and typing mkpasswd or similar, then copying the password back etc.
* what about also generating some random email address and registering that with your mailserver for those thousands of web sites that also want your email address?
* Gnome keeps on asking me regularily "some application wants to access your keyring, please enter your password", without mentioning why, what application, what keyring or whatever (usually it's Network Manager AFAIK). This perverts the whole security concept if you don't have a clue who's asking why for your password and it should be trivial for an attacker to just launch the same dialog in the right instant and grab your master password.
* etc. etc. etc.
This critique here could come across too harsh. The point is that the article's focus is from a perspective that is only partly relevant and omits to discuss a central problem topic (the main reason why GUI apps exist actually).
(Log in to post comments)
A Periodic Table of password managers Posted Nov 11, 2011 20:24 UTC (Fri) by daglwn (subscriber, #65432) [Link]
I agree with everything here, especially this bit:
> Gnome keeps on asking me regularily "some application wants to access your
KWallet does the same thing. All that work to make things secure and then...this.
A Periodic Table of password managers Posted Nov 11, 2011 20:41 UTC (Fri) by asherringham (subscriber, #33251) [Link]
I agree as well. It's not often clear what's asking for the password in Gnome. In fact, sometimes it is not clear if the popup dialog is asking you for your own (sudo) password or the root password.
Kwallet + Firefox Posted Nov 15, 2011 19:06 UTC (Tue) by morhippo (subscriber, #334) [Link] Well, at least for older firefox versions there was this add-on which added kwallet firefox integration, seems not to work with the latest versions though: https://addons.mozilla.org/de/firefox/addon/kde-wallet-password-integratio/
|
|||||||||||||