Quantcast
Channel: CodeSection,代码区,Linux操作系统:Ubuntu_Centos_Debian - CodeSec
Viewing all articles
Browse latest Browse all 11063

Password Managers

$
0
0

Knowing that I’m a long way behind on my security practices , I asked some friends “What password manager do you use?” (with the proviso that I use linux and Android at home).

I’ve decided to give KeePass a go, but for full disclosure here’s all the responses I received:

ST: I like LastPass. They LastPass got hacked last year, but didn’t lose anything.

https://blog.lastpass.com/2015/06/lastpass-security-notice.html/

Ah, they did lose hashes.

If that puts you off, I hear KeePass is good.

And that’s offline.

Though you’ll probably still want to sync it.

AG: \_(ツ)_/ I use 1Password, the Linux client is shite

KeePass is nice but theres no decent browser extensions since foxpass died AFAIK

don’t trust lastpass for shit, their concept is whack theres been some dodgy phishing like stuff

like this https://www.seancassidy.me/lostpass.html

historically had some super dodgy defaults too, like auto filling sites without prompts, so JS could grab your credentials etc

no clue if they’ve fixed that

https://www.dashlane.com/ is a competitor to lastpass, no clue how it compares, go google around see if Taviso found any exploits

https://twitter.com/taviso/status/763801055725359104 apaprently there is

TD: fwiw I use keepass @tumbarumba , have for 7yrs+ now . zero issues. I don’t use a web client… good old fashioned copy pasta for me.

MS : I continue to love 1Password, which I’ve used for years. I find the following feature set unmatched anywhere: (a) easily sync securely via DropBox to all my devices on multiple platforms, (b) easily move/copy data between my personal vault, my family shared vault, and business vaults.

I hope someday that 1Password makes Linux a first-class citizen. If I were you, I’d suggest to them that they use Flatpak or the other similar thing. They are the ideal use case for secure cross-distro Linux software distribution with a containerized security model. If they jump on that train early, they could set the tone for a lot of security-conscious desktop proprietary software on Linux, I bet.


Viewing all articles
Browse latest Browse all 11063

Trending Articles