LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


View Poll Results: Password management - how do you do it?
One password for everything 6 8.82%
I have a limited list of passwords from which I choose when need arises 44 64.71%
For each new occasion I generate a totally new password 13 19.12%
Other (please specify) 5 7.35%
Voters: 68. You may not vote on this poll

Reply
  Search this Thread
Old 07-15-2008, 06:37 PM   #16
KenJackson
Member
 
Registered: Jul 2006
Location: Maryland, USA
Distribution: Fedora and others
Posts: 755

Rep: Reputation: 144Reputation: 144

Quote:
Originally Posted by JZL240I-U View Post
But why do you call "grepacct linuxques"

Why don't you use Kwallet?
"linuxques" is just an example, which would happen to work for the LinuxQuestions.org website, on which we sit.

Why not use Kwallet? Why not use what I want? My system works perfectly for me.
 
Old 07-15-2008, 06:46 PM   #17
KenJackson
Member
 
Registered: Jul 2006
Location: Maryland, USA
Distribution: Fedora and others
Posts: 755

Rep: Reputation: 144Reputation: 144
Quote:
Originally Posted by mostlyharmless View Post
One rather annoying "feature" of what I believe to be a flawed security model are the work related passwords that have to be changed every 90 days. It invites weak passwords and writing them down..
Exactly! And on top of that, they always seem to expire when you want to "real quick just login" and do something simple.
 
Old 07-15-2008, 08:41 PM   #18
xri
Member
 
Registered: Aug 2002
Distribution: Slackware 14.2, Archlinux
Posts: 283
Blog Entries: 11

Rep: Reputation: 41
PassReminder, which works on Linux and Windows. However, after reading the previous posts I'm starting to think this might not be secure enough.
My passwords are combinations of a few basic strings, which I join according to the nature of the site/program/domain I am using.
 
Old 07-15-2008, 08:58 PM   #19
aus9
LQ Addict
 
Registered: Oct 2003
Location: Australia
Distribution: MX 18/ TC64
Posts: 5,301

Rep: Reputation: Disabled
BrianL

Can I have some of your brain cells pls...I live in Australia and mine have leaked out over the years.

To anyone

I use a acronym system....of some line or whatever eg

you may secretly like a line in a movie like

Give the bag to Bozo.

acronym it becomes gtbtb...add some extra characters and numbers.

It should not be something you repeat to people....like if I always say ....cheerio and may linux bless you (puke)...it can not be based on that...but something secret.....a man secret would do.

eg two.....iltksabb....without the extras

....

wait for it...

I love to kiss sexy aussie beach babes.
 
Old 07-15-2008, 09:17 PM   #20
pgroover
Member
 
Registered: Sep 2005
Location: Colorado
Distribution: Ubuntu
Posts: 56

Rep: Reputation: 16
Quote:
Originally Posted by aus9 View Post
I use a acronym system....of some line or whatever eg
I use something similar except that mine are derived from phrases that depict my mood at the time and then I exchange the letters for special characters/numbers. Not a bad system since I only have to remember a phrase, but the fun part comes in trying to remember which symbols I used...
 
Old 07-15-2008, 10:10 PM   #21
phantom_cyph
Senior Member
 
Registered: Feb 2007
Location: My HDD...
Distribution: WinXP for designing, Linux for life.
Posts: 2,329
Blog Entries: 1

Rep: Reputation: 47
I have a number of passwords I use, then I add on different extensions to them. Thus, I can keep them all in my head and very rarely do I forget one.
 
Old 07-16-2008, 01:59 AM   #22
digdogger
Member
 
Registered: Mar 2007
Distribution: CentOS
Posts: 32

Rep: Reputation: 2
I have a "standard" prefix to my password that I use in many places, then change either the beginning or end few characters depending upon what I am using it for.
 
Old 07-16-2008, 03:29 AM   #23
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 18.3+19.0, MX-18
Posts: 4,258

Rep: Reputation: Disabled
Quote:
Originally Posted by KenJackson View Post
"linuxques" is just an example, which would happen to work for the LinuxQuestions.org website, on which we sit.
I don't get the mechanism. How is that realized in your bash script, or is it intrinsic in the password file ... but I still don't get the connection .

Quote:
Originally Posted by KenJackson View Post
Why not use Kwallet? Why not use what I want? My system works perfectly for me.
My, aren't we touchy . I just asked out of curiosity, no criticism intended. After all, you took the pains to create your own solution, I just wanted to know what made you decline the use of a prefabbed one like Kwallet.
 
Old 07-16-2008, 05:19 AM   #24
KenJackson
Member
 
Registered: Jul 2006
Location: Maryland, USA
Distribution: Fedora and others
Posts: 755

Rep: Reputation: 144Reputation: 144
Quote:
Originally Posted by JZL240I-U View Post
I don't get the mechanism. How is that realized in your bash script, or is it intrinsic in the password file ... but I still don't get the connection .
The plaintext format of the encrypted file is something like this:

linuxquestions.org username password

So when my function unencrypts the file and greps it, the argument "linuxques" catches that line and spits it out, but is unlikely to match any other entry.

As a bonus, if I'm looking for some site I know I've been on but can't remember, I can grep for some small part of it and I get all the sites that match.
 
Old 07-16-2008, 05:29 AM   #25
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.2
Posts: 7,809
Blog Entries: 58

Rep: Reputation: Disabled
Quote:
Originally Posted by aus9 View Post
BrianL

Can I have some of your brain cells pls...I live in Australia and mine have leaked out over the years.
Sorry, none to spare. I could do with a few million more. Where can we get them?
 
Old 07-16-2008, 07:32 AM   #26
SCerovec
Senior Member
 
Registered: Oct 2006
Location: Cp6uja
Distribution: Slackware on x86 and arm
Posts: 1,595
Blog Entries: 2

Rep: Reputation: 391Reputation: 391Reputation: 391Reputation: 391

i use always the same pass pharse:
user: <user>
pass: error

imagine:
# decrypt <hash>:

<hash> = error

it's a killer for my bluez sig in my phone

just kidding:
i mostly use leet and "asciirilyca"
and _wrong_ words like "grandmar" and like
 
Old 07-16-2008, 08:14 AM   #27
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 18.3+19.0, MX-18
Posts: 4,258

Rep: Reputation: Disabled
Ah. Thanks for the explanation, KenJackson.
 
Old 07-17-2008, 03:06 AM   #28
alMubarmij
Member
 
Registered: Dec 2005
Posts: 140
Blog Entries: 1

Rep: Reputation: 16
The better you choose a new password for every thing.

Use this chart to remember:
http://PasswordChart.com

But you must choose a method.
 
Old 07-17-2008, 03:31 AM   #29
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 18.3+19.0, MX-18
Posts: 4,258

Rep: Reputation: Disabled
Funny site. Thanks alMubarmij .
 
Old 07-17-2008, 07:39 PM   #30
PatrickNew
Senior Member
 
Registered: Jan 2006
Location: Charleston, SC, USA
Distribution: Debian, Gentoo, Ubuntu, RHEL
Posts: 1,148
Blog Entries: 1

Rep: Reputation: 48
I keep a few in my head. I'm a big fan of passphrases - it gets me a long (and thus secure) phrase with minimal effort on my part. I realize that basing it upon dictionary words weakens it a bit, but not so much that being 2-3 longer won't compensate I don't think :-). The exception is my banking/credit card passwords. These are all at least 12 characters long and fully randomly generated for utmost security. No way I'm going to remember them. I used Password Gorilla for some time, mostly because it allowed me to (via ntfs-3g or extfs at my option) use the same password file between both sides of my XP/lenny dual boot. Recently, I moved off of Password Gorilla. It makes me slightly nervous that the last release was in '06, and it's holding my most sensitive data. Also, usage of the XP side of my dual boot atrophied so significantly that compatibility became a non-issue. When I'm on the go, I use whatever password manager is in the Maemo repos for my n800. Perhaps its from GPE?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
KDE password management - really could use help! 449 Linux - Newbie 2 02-02-2008 02:17 PM
thunderbird password management problem Garda Linux - Software 1 10-10-2005 11:53 PM
Looking for a web based password management system jfall Linux - Software 1 05-07-2005 07:41 AM
Secure Password Management win32sux General 0 04-30-2005 08:11 AM
password management software ttilt Linux - Software 8 12-28-2003 10:10 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration