User: Password:
|
|
Subscribe / Log in / New account

Enforcing password strength

Enforcing password strength

Posted Oct 13, 2011 3:44 UTC (Thu) by Baylink (guest, #755)
Parent article: Enforcing password strength

Reminder: Bruce Schneier wrote a password keeper as well; I don't remember what it's called just now.


(Log in to post comments)

Enforcing password strength

Posted Oct 13, 2011 5:08 UTC (Thu) by dv1m (guest, #58319) [Link]

Enforcing password strength

Posted Oct 13, 2011 13:34 UTC (Thu) by tsr2 (subscriber, #4293) [Link]

PasswordSafe appears to be Windows only. KeepassX is cross platform.

http://www.keepassx.org/

There's a quick intro to KeepassX at http://linuxgazette.net/174/youngman.html

Enforcing password strength

Posted Oct 13, 2011 16:30 UTC (Thu) by JohnMorris (subscriber, #73531) [Link]

There's a Linux clone at http://www.semanticgap.com/myps/. I've been using it for several years. Unfortunately it is getting quite old, and does not seem to be being maintained. I rebuild it from source each time I change Linux version, but it's getting messier each time, as the older libraries it wants fade into obscurity.

Enforcing password strength

Posted Oct 13, 2011 16:36 UTC (Thu) by jldugger (subscriber, #57576) [Link]

PasswordGorilla is a linux version of PassSafe. And still in active development!

Enforcing password strength

Posted Oct 13, 2011 16:48 UTC (Thu) by Baylink (guest, #755) [Link]

"is a linux version of" is a phrase that carries even less weight on this point than nearly any other time.

I suspect there are a fair number of people out there who haven't given much thought to *just how strong a basket* you want for your password safe...

KeePass, LastPass and two-factor authentication

Posted Oct 14, 2011 7:07 UTC (Fri) by Cato (subscriber, #7643) [Link]

KeePass (Windows only) and KeePassX are database compatible, and there are many KeePass clones on other platforms, e.g. KyPass for iPhone and others for Android.

When combined with something like Dropbox, it's quite easy to keep your password DB available on various devices, although you multiply the risk of a keylogger grabbing the KeePass password. (Dropbox has a pretty good Linux client that includes a CLI-only install for headless servers (just use lynx on the server), and is very quick at syncing small files.

I also use LastPass for less critical passwords, and by generating a strong random password for every site, the main risk is that the main password is stolen. LastPass supports Yubikey, a low-cost USB token with AES encryption, which emulates a keyboard - so a keylogger attack would have to steal the LastPass password and my token. There's still a risk of LastPass-specific targetted malware, so client systems need to be kept updated and secure. Free as in beer on Linux, Windows, Mac, etc, with paid-for apps on iPhone and Android.

Duo Security is an interesting option to secure your own systems' SSH, web apps, VPNs, etc - they use phone calls, SMS or push notifications to smartphones as a second factor, and can be integrated with PAM. Free for up to 5 users or open source projects.

KeePass, LastPass and two-factor authentication

Posted Oct 17, 2011 13:17 UTC (Mon) by sorpigal (subscriber, #36106) [Link]

I use PassPack myself, but LastPass is also a good choice. It's too bad there isn't an open source version of this kind of thing so that I can self host; trusting a third party's security and honesty doesn't sit well with me.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds