A different password approach

nevj · February 29, 2024, 10:03pm

That does sound easier.
Any system can fail, there has to be redundancy for protection

ernie · March 1, 2024, 4:53am

To solve that issue, export your passwords to local storage (ideally encrypted) periodically. I do that as one of my monthly digital systems maintenance routines. Essentially, I export the contents of my password vault as a single file, then I use 7-zip to make it a password protected, encrypted, compressed archive file. I keep three months worth (three zip files) in a single folder (all with the same password). This way, if anything bad ever happens to my password vault, I haven’t lost any of my passwords, and I can import my most recent list to a new account/different provider.

I hope this is helpful,

Ernie

Sheila_Flanagan · March 1, 2024, 10:58pm

This is what I do. I always think, what if I didn’t have internet, what if the password site failed, etc. so I make exporting the vault (which includes passwords and notes I need for remembering my mom’s passwords, her network details, etc.) a monthly part of maintenance…just like backing up the computer. It is not only in .json format but text as well.

As for the extensions, I have two (as in two password managers)…redundant, I know, but safer.

Then I have them on an encrypted flash drive to carry with me. Again, what if I had to use public wifi for internet?

Plus, Lord knows if something happened to me, my husband would be having my daughters go to each site and create new passwords just to see important stuff that is password protected.

Sheila

Karena1 · March 3, 2024, 4:09am

I use KeePass: it is open-source, cross-platform (including Android - I don’t know about iPhone), installable or portable, takes an optional keyfile, and can be stored either locally or in the cloud. You can also print out a plain-text list, if you wish to do so. I keep my master in my Dropbox (it automatically encrypts the file) and I copy this regularly to my pc, a flash drive (portable!), and my phone.

I like this option because it allows me to generate ridiculously long passwords which I can then either copy-and-paste or auto-type - passwords that are way longer than would be practical to type manually (especially on a phone keyboard!). I know 2 passwords: the logon to my pc, and the logon to my password manager.

Also, it’s super-easy to change a password - if you have a breach with your algorithm, you would have to modify your pattern to change your password, then you will have to remember that, too. Also, not all websites accept the same input - one website that forbids a specific special character, for example, would force you to leave it off of your algorithm, or have different algorithms for different sites. And if you have a nice super-long output, you could be forced to modify that for a website that won’t accept the length. Basically, with a password manager you can individually tailor your passwords to the maximum complexity allowed by each of the sites that you’re logging into.

There are a lot of reputable password managers out there - I don’t know how they all operate, but if KeePass (the project) suddenly just shut down, my password manager would still function. My advice is to pick one and try it - honestly, it is much less complicated than trying to remember everything, or log it on paper. And if you do lose, say, a flash drive with your vault on it, it would be encrypted - unlike a book or a piece of paper.

nevj · March 3, 2024, 10:52am

Real honest assesment, thank you.
I like this idea

That provides the redundancy

But this worries me

I have been considering pass … the original Unix command line password
manager. That would surely not disappear.

Thank you for a very down to earth assesment.

nevj · March 3, 2024, 11:16am

I like that. Redundancy is almost the only way to have protection.

Tech_JA · March 3, 2024, 11:42am

Hi Neville,
just as a complement to the pass program…
The latest version of the program is from November 2022, version 1.7.4-6, and, apparently, it’s the one in the new Ubuntu 24.04 LTS.
However, I don’t mean that it’s not safe, on the contrary, Debian has the same version of pass in all 3 distros: Bookwork, testing and Sid.

Jorge

nevj · March 3, 2024, 12:55pm

There is an android version of pass called password-store and
its github site is active up to 2 weeks ago.
I cant find the Linux version on a github site… I guess it is embedded in the system source code .

The website is here

but it has no dates.

Tech_JA · March 3, 2024, 1:07pm

Neville,
For the website you mention, you can find the program and the date on this website:
https://git.zx2c4.com/password-store/

Jorge

Karena1 · March 3, 2024, 2:31pm

To be clear: I have no concerns whatsoever about KeePass shutting down - it is a very long-standing, stable project, with many contributors. I simply wished to address a concern that I have previously seen voiced: “if ‘such-and-such’ shuts down, can I still get my passwords?”

Frankly, I haven’t had much experience with password managers - KeePass was the first I picked after doing some research on them, and I’ve never felt the need to try any others. I wouldn’t be afraid to try any of the major ones, though.

Here are a couple of good links:

the articles and the comments give some more insight.

Let us know what you decide!

nevj · March 3, 2024, 9:59pm

Thanks,
The latest release is 3 years old, but there are commits up to
Dec 23… I conclude it is still actively maintained.