LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   MyPasswords security ? (https://www.linuxquestions.org/questions/linux-software-2/mypasswords-security-896031/)

Sir Prised 08-07-2011 07:24 AM
MyPasswords security ?
 
Hi

I've just installed this program, but can't rid myself of doubts about it's security. It has *very* few downloads/recommendations on Sourceforge, a few more on Softpedia, but still not a lot. It goes online both at Startup and when you enter the Master password, which the author - who seems genuine enough - puts down to checking for updates, but why twice ? Writing a bogus Password store has to be a very tempting proposition, so although it's been reviewed and recommended, is there an external way of ensuring that this is a bonafide program ? So far I haven't entered any of my financial details !

Cheers

crts 08-07-2011 08:06 AM
Which program did you exactly install? If you do not know that program and if it does not have a lot of recommendations then why did you install? What features does it have so that you preferred it over other alternatives?

Sir Prised 08-07-2011 11:01 AM
Hi

The program is MyPasswords 2.6 obtainable from Softpedia here
http://preview.tinyurl.com/3q5zeyz
It's also available from Sourceforge.
It was reviewed here
http://preview.tinyurl.com/3m7rehr
and given 10/10. Even that sounded a little odd as they had a criticism of their use of a Masterpassword.
I picked it despite that, because initially it looked easy to install, which is was after a bit of earlier advice here.
I was using Revelation, but gave up on that, because it's not being supported.
What you you recommend? Presumably every program has to start off somewhere though!

Cheers

Sir Prised 08-09-2011 01:17 AM
Hi

Trying an alternative tack, is there a way of preventing the program going online i.e. using SElinux ?

Cheers

jschiwal 08-09-2011 01:44 AM
The program may save the encryped passwords online so they aren't lost after a reinstall, or to allow you to use multiple computers. If this is the case, it connects once to check for updates, and again to retrieve your encrypted passwords.

Since the source is available, you can audit the code and build it yourself.

sundialsvcs 08-09-2011 05:17 PM
The notion that it doesn't encrypt its master password-store using some kind of password seems, well, curious.

I've used "Password Safe," which uses very nice ".pwsafe3" files and has apps for Windows and iPhone, and, I am sure, many others. Which is very nice because the files are easily transportable. I haven't had any need yet to explore this aspect of Linux utilities; I just use KDE's default thingy. (And on OS/X, the built-in "Keychain.")

All you really need from such a thing is a reasonably-encrypted, easy to use tool that's right at your fingertips by whatever means. If you do need to carry the same set of files around, as I described, then file-format compatibility is also important.

Sir Prised 08-10-2011 08:22 AM
Hi

Thanks for making the suggestion.

I'm not at all happy with the idea they're stored online, though I know a lot of people use that kind of storage.
I've been a bit more persistent and got Revelation working which does exactly what you say, simply store passwords in a convenient file which I can easily copy from one PC to another.
All in all, it's been a bit of a useful learning curve though.

Cheers


All times are GMT -5. The time now is 03:36 AM.