LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Cross Platform Password Managment (https://www.linuxquestions.org/questions/linux-security-4/cross-platform-password-managment-448218/)

njdube 05-24-2006 06:00 PM
Cross Platform Password Managment
 
My first goal is to find software that I can use on SUSE 10 to randomly generate long highly secure passwords. I want a differant password for EVERY THING.

What I need next is a secure but easy way to manage all these passwords on a USB flash drive in a way that can be used for any operating system. The bulk of my passwords will be used for websites.

Currently I use KDE Wallet to store them. The problem is that it only stores passwords on this one machine. And I need to take my passwords with me ever where I go. Which is what my key chain USB flash drive will be used for.

I'm looking for recommendations and ideas on how any of you manage your passwords and take them with you.

gilead 05-24-2006 06:44 PM
I generate my passwords manually based on phrases or songs I know. Then I randomly change letters to digits and mix between upper and lower case to make them harder to guess.

My password list is encrypted with gpg and kept on my USB flash-drive. GPG is installed on all of the boxes I use here (Linux and Windows) so I can just decrypt the password list when I need it.

I spend most of my time using the CLI here so I don't mind the typing that this requires. In other words, I don't know the equivalent gui tools for doing this... :)

camh 05-24-2006 07:20 PM
I keep them all in my head.

IMO, having a different password for everything is more insecure. The chance of forgetting one, or someone getting access to a USB key with them on it are far greater than by using a limited number of passwords and keeping them in your head.

I use kind of a tier based system, for example:

Tier 1: Low risk (eg. forums)

I have a few shorter 'stronger' passwords that I rotate or just pick randomly
(eg. p4ssw0rd)

Tier 2: Medium risk (eg. webmail)

Same deal, but add some special chars/mixed case (if supported).
(eg. P@ssw0rd)

Tier 3: High risk (eg. banking)

I generally use 'strong' passphrases for highly sensitive things.
(eg. myP@ssw0rdispassword)

My problem with encryption solutions is that, generally, you need to have the decryption software on the machine you are wishing to use, or have the ability to install it. This ultimately limits how portable your password list is.

Anyway, just my $.02


All times are GMT -5. The time now is 01:05 AM.