LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 08-07-2011, 08:24 AM   #1
Sir Prised
Member
 
Registered: Sep 2009
Posts: 42

Rep: Reputation: 0
MyPasswords security ?


Hi

I've just installed this program, but can't rid myself of doubts about it's security. It has *very* few downloads/recommendations on Sourceforge, a few more on Softpedia, but still not a lot. It goes online both at Startup and when you enter the Master password, which the author - who seems genuine enough - puts down to checking for updates, but why twice ? Writing a bogus Password store has to be a very tempting proposition, so although it's been reviewed and recommended, is there an external way of ensuring that this is a bonafide program ? So far I haven't entered any of my financial details !

Cheers
 
Old 08-07-2011, 09:06 AM   #2
crts
Senior Member
 
Registered: Jan 2010
Posts: 1,970

Rep: Reputation: 709Reputation: 709Reputation: 709Reputation: 709Reputation: 709Reputation: 709Reputation: 709
Which program did you exactly install? If you do not know that program and if it does not have a lot of recommendations then why did you install? What features does it have so that you preferred it over other alternatives?
 
Old 08-07-2011, 12:01 PM   #3
Sir Prised
Member
 
Registered: Sep 2009
Posts: 42

Original Poster
Rep: Reputation: 0
Hi

The program is MyPasswords 2.6 obtainable from Softpedia here
http://preview.tinyurl.com/3q5zeyz
It's also available from Sourceforge.
It was reviewed here
http://preview.tinyurl.com/3m7rehr
and given 10/10. Even that sounded a little odd as they had a criticism of their use of a Masterpassword.
I picked it despite that, because initially it looked easy to install, which is was after a bit of earlier advice here.
I was using Revelation, but gave up on that, because it's not being supported.
What you you recommend? Presumably every program has to start off somewhere though!

Cheers
 
Old 08-09-2011, 02:17 AM   #4
Sir Prised
Member
 
Registered: Sep 2009
Posts: 42

Original Poster
Rep: Reputation: 0
Hi

Trying an alternative tack, is there a way of preventing the program going online i.e. using SElinux ?

Cheers
 
Old 08-09-2011, 02:44 AM   #5
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680
The program may save the encryped passwords online so they aren't lost after a reinstall, or to allow you to use multiple computers. If this is the case, it connects once to check for updates, and again to retrieve your encrypted passwords.

Since the source is available, you can audit the code and build it yourself.
 
Old 08-09-2011, 06:17 PM   #6
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3185Reputation: 3185Reputation: 3185Reputation: 3185Reputation: 3185Reputation: 3185Reputation: 3185Reputation: 3185Reputation: 3185Reputation: 3185Reputation: 3185
The notion that it doesn't encrypt its master password-store using some kind of password seems, well, curious.

I've used "Password Safe," which uses very nice ".pwsafe3" files and has apps for Windows and iPhone, and, I am sure, many others. Which is very nice because the files are easily transportable. I haven't had any need yet to explore this aspect of Linux utilities; I just use KDE's default thingy. (And on OS/X, the built-in "Keychain.")

All you really need from such a thing is a reasonably-encrypted, easy to use tool that's right at your fingertips by whatever means. If you do need to carry the same set of files around, as I described, then file-format compatibility is also important.
 
Old 08-10-2011, 09:22 AM   #7
Sir Prised
Member
 
Registered: Sep 2009
Posts: 42

Original Poster
Rep: Reputation: 0
Hi

Thanks for making the suggestion.

I'm not at all happy with the idea they're stored online, though I know a lot of people use that kind of storage.
I've been a bit more persistent and got Revelation working which does exactly what you say, simply store passwords in a convenient file which I can easily copy from one PC to another.
All in all, it's been a bit of a useful learning curve though.

Cheers
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Security Questions] Last Login, how good is this feature for security breach info? t3gah Linux - Security 2 06-14-2005 02:02 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 04:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration