GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi friends,
I'm using on my Linux laptop, Linux workstation and Android phone, the same open source password managers: UPM synchronized via a own database file.
I have several sensitive information in to it, and I often wonder if it's safe, since I don't know the java code below...
I use LastPass. First, they treat Linux as a first class citizen. Second, they were tested by being actually being hacked multiple times, and customer's actual passwords were never taken because they followed secure practices. You can't ask for a better audit then that.
Consider placing a technical question into a more technical forum, this one generally is for non-technical questions and topics vary greatly I'd recommend Linux->General or Linux->Software. You can ask a mod to move it if you like by using the Report button. Might give your thread a bit more exposure for additional answers.
I recall there was a far older (couple of years) thread on this subject too.
I use LastPass. ... they were tested by being actually being hacked multiple times, and customer's actual passwords were never taken because they followed secure practices.
nice, but why put them on the cloud at all?
is anybody else using this UPM? Opinions?
looks very similar to keepassx, which i'm using.
For the same reason I put my money in banks instead of under the bed.
EDIT: okay, less snarky answer.
I think that this forum's distrust of clouds is similar to why people feel more secure in cars than in airplanes. Cars are objectively much more dangerous, but airplanes take away your control and put you in someone else's hands. Similarly, I can see why a forum full of Linux users (of all people) would want their important data in places that are controlled, exclusively, by themselves.
I consider this to be more or less unfounded. Plus, for access on more than one device, you need to put your passwords online somewhere. If you don't want to use something that's been set up for you, then you need to set it up yourself. Well, am I going to end up with something more secure if I do it myself, or if I hire (yes, hire; I pay LastPass) professional experts who do it for their livelihood?
Another lastpass user. It's extremely convenient since when I reimage, all I need to do is reinstall the plugin and all my passwords are back on the machine. The passwords aren't stored locally and so can't be hacked if my laptop is stolen (unless they hack my password for lastpass). And lastpass has been hacked several times, and no customer data has ever been lost, which makes me confident in their ability to keep my data without it being lost.
I used to use keepassx v2, which is very good (and I still have my password file on my backup drive in case I need it for something) and I used the dropbox application to keep my password file sync'd between machines much like UPM does (from what I read on their site).
For the same reason I put my money in banks instead of under the bed.
maybe snarky, but you put it well (and thanks for the explanation).
your explanation is the reason why i use (and pay) external mail services instead of running my own mail server, but surely a single password file for a single user is an infinitely simpler situation?
still i don't see why the solution outlined e.g. in the previous post would be less secure (esp. since you yourself admitted that lastpass have been hacked, but their password files were secure enough to withstand)?
less convenient, definitely (esp. browser integration sounds very tempting).
i guess it comes down to how safe the password databases themselves are; the rest is convenience.
and yes, sometimes i am the put-your-money-under-the-bed type; but i don't make a religion out of it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.