On Sun, 25 Mar 2018 11:52:13 -0400 rhkra...@gmail.com said: > I started reading up on password managers in order to consider using > one. > > Up until now, I've made up passwords myself, and stored them in an > encrypted file. Some of the drawbacks include: > > * I keep the passwords on the short side > * I don't change the passwords as often as I should > * I sometimes use the same password on more than one site > > All of the above because it is not convenient enough for me to do > better.
A redacted and grouped output of "apt-cache search password manager" on Buster: "pass" family: pass - lightweight directory-based password manager qtpass - GUI for password manager pass pass-extension-otp - pass extension for managing one-time-password tokens webext-browserpass - web extension for the password manager pass "kwalletmanager" family: kwalletmanager - secure password wallet manager xul-ext-kwallet5 - kwallet integration for firefox "passwordsafe": passwordsafe - Simple & Secure Password Management passwordsafe-common - architecture independent files for Password Safe "keepass" family: keepassx - Cross Platform Password Manager keepassxc - Cross Platform Password Manager kpcli - command line interface to KeePassX password manager databases (I don't know the difference between keepassx and keepassxc - their detailed description is ditto word for word.) "keepass" continued: keepass2 - Password manager keepass2-doc - Password manager - Documentation (seems to be an offspring of keepass family) Others: cpm - Curses based password manager using PGP-encryption gringotts - secure password and data storage manager impass - Simple and secure password management and retrieval system xul-ext-password-editor - edit password manager entries in Mozilla applications password-gorilla - cross-platform password manager pypass - lightweight directory-based password manager in python > My head is just not "into" reading about password managers--it just > seems to be too boring to really get into, so, I thought I'd try > posting here to get opinions and recommendations from the list. (I > am continuing my effort to read--maybe I'll get a renewed burst of > enthusiasm after I send this ;-) For me, I use none of the above. I generate a hundred or so random alphanumeric strings and save them in a plain text file as an "instant password source". I then consume them one by one whenever I need a new password. I keep all my actual passwords with other relevant info in an html file (a huge table) and keep them all in a high-security environment. I just copy-paste a password from that html table whenever I need it (it is open all the time in a background browser tab). Never share that file between devices. That means I concentrate all my security sensitive procedures on a single machine. I do KISS. The more it is "featureful" (aka complicated) the more there is a chance of password leak (bugs, momentary carelessness, more attack vectors, etc.) Regards -- Abdullah Ramazanoglu
