Domain: keepassx.org
Stories and comments across the archive that link to keepassx.org.
Comments · 30
-
KeePassX? KeePassXC? KeePassDroid?
What about KeepassX?
Or KeePassXC Password Manager? Question: keepassxc ... can we trust it ?
KeePassXC for Beginners says "Android users, consider KeePassDroid.
iPhone users, consider MiniKeePass". -
Re:Good move
> very little choice but to write the password down on a little yellow sticky note
Why aren't you using a password manager like KeePass or KeePassX and just remembering one passphrase to access all your other passwords???
-
Re:Wah wah...
The Unix port is called KeePassX, and it works quite well under Linux, MacOS, the BSDs, etc.
-
No problem with KeepassX
KeepassX does not use the clipboard but instead simulates actual typing, with a configurable delay.
When you select a password entry and press Ctrl-v in KeepassX, it hides itself, switches the focus to the last active window and types the password.
This also protects you from accidentally leaking password to remote desktop sessions or virtual machines that synchronize the clipboards. -
Re:KeePassX
> https://www.keepassx.org/ [keepassx.org]
> It's a password vault application. Remember local applications,
> they run on your computer, that you physically have to be at to use(usually).Usually Keepass and alike are used to store passwords for network services. So the computer storing your passwords in KeepassX is still networked and susceptible to attacks. Also people tend to use multiple machines (sometime even not own) so in order to use KeepassX you still need to transfer its data file somehow. You could keep this file on a pendrive probably with portable version of the app.
So KeepassX in my opinion is less convinient to use than Lastpass - with the latter I just login to service (using two factor authentication) and access my passwords. But mind you I use Keepass only for not-so-sensitive accounts like 100+ eshops, forums and crap like thant (not financial, medical, otherwise sensitive, essential internet authentication account hubs like Google or Facebook).
So for me in order to use Keepass would be to carry a medium with data file (which can be lost, stolen, copied) or to share the data file via some kind of authenticated network service like SFTP, HTTPS, Dropbox etc.
I know the Keepass/local pass file way would be probably slightly more secure but Lastpass method is just more convinient.
Oh and if I were to use password manager I would not go Keepass way - what for? Passwords are just some lines in text file. I would just use encrypted text file, shell utilities like grep and have access to it via SSH with two way authentication (I love Google Authenticator with PAM module for my private use).
My point being that if used correctly (only for not sensitive accounts, two form authentication enabled) a trusted service like Lastpass (I find them very concerned about security - they are targeted all the time) is quite secure and more convinient that Keepass.
Also I would love to have some offline device for my sensitive stuff like financial, medical and so on - I lone for something in form of small ipod-like MP3 player that can be fed with data and when prompted for authentication I could choose my credentials from it and display it would generate QR code with token that could be scanned via webcam to authenticate. Of coure it would be suspectible to MITM attacks and physical loss but in my opinion it would be the most secure way for using password store without sharing it via network.
-
KeePassX
I'd like to take this time to recommend an excellent open source project called KeePassX.
It's a password vault application. Remember local applications, they run on your computer, that you physically have to be at to use(usually).
-
Re:Which password manager by the way?
KeePassX? Or was the question meant to be rhetorical?
:-) -
Re:Dumb dumb dumb advice...
I use KeePassX and MiniKeePass on my iPhone. I sync the password db using dropbox. This works well for me because I can generate strong passwords for ALL sites and I have access to them when I'm on the go.
-
Re:KeePass?
You can always try KeePassX (for Linux and OS X; use the latest 2.0 Alpha release) and MacPass (for OS X), both of which are compatible with the KeePass 2.x database format. They might not have all the features but they work rather well and you don't have to deal with the monstrosity that is KeePass on a non-Windows system.
-
Re:Surprise
The web in insecure, don't store passwords in the web. Use keepassx instead. You get it for Windows and OS X on the site, for Linux using package managers, for Android on the Play Store and maybe also for iOS (look for MiniKeePass).
I don't subscribe to this absolutist position. Web based password managers like Lastpass certainly have their uses and are extremely convenient when tons of forums and websites require you to have accounts. They make it easy to login effortlessly and across multiple computers. They are also safer in that they let you have unique passwords for every account.
That being said, the smart thing to do is to:
1) Not save any bank account / Money related passwords on a web based password manager. Heck, I wouldn't even trust my own computer. I store these strictly in my head
2) Enable 2-factor authentication on any website that if compromised, could allow the attacker to steal your identity and cause more mischief. Gmail would be a prime example of such a website.
This strikes a good balance of letting me have the convenience of online password managers for non-critical sites, and even some critical ones that support 2-factor authentication.
-
Surprise
The web in insecure, don't store passwords in the web. Use keepassx instead. You get it for Windows and OS X on the site, for Linux using package managers, for Android on the Play Store and maybe also for iOS (look for MiniKeePass).
-
Re:Not working well? Do it EVEN MORE!
Key passwords (maybe mail, the password managers ones, places where you must type your password frequently) should be easy to remember, and hard to crack (hint), the rest (there are always a lot of them) should be in one or more password managers (i.e. your browser, with a master password, but also more portable ones like KeePassX) where as are not meant to be remembered are easier to change, to put hardest complexity, and of course, to have all different. And try to avoid automated password trying, specially at fast speed, like using fail2ban or similar when possible or having a keyphrase in your private ssh certficate with PKCS #8 to slow down cracking,
But passwords are just a part of the equation, what run as your user usually have access as the same resources as you (i.e. could read your files, your clipboard, your keyboard input, so could capture passwords, no matter how complex they are), access sites to where you are identified on (i.e. single sign-on systems that enables the IP you are on means that a trojan running in your PC have your privileges, same for vpns, or internal systems not safe from xss attacks). And antivirus aren't as good as protection as they claim to be (Red October was active 5 years before being detected, they can be forced to contain backdoors). Using more secure OSs and browsers (at least, ones with no such overabundance of malware), and security practices (only install from official repositories, stop at mail server level things that don't come from where they claim to come, etc).
And of course, educate people. In real life you know things that are risky and dangerous (i.e. don't walk alone at night in high criminality rate neighbourhoods, drink and drive, touch electric wires, etc ), people should be able to understand what is dangerous or risky in internet too, including their private use at home (even if privacy is a lost cause, there are far more risks)
-
Re:Sites that prevent the browser from remembering
Use keepassx. Usernames and password won't be stored into your browser and that could be annoying but you'll always be able to paste them into any login form. Or at least I never experienced any problem. There is also an Android version and you can copy the password db file among devices (dropbox or manual file copy).
Keepass doesn't work for certain sites. Certain sites still make you type everything in character by character.
-
Re:Sites that prevent the browser from remembering
Use keepassx. Usernames and password won't be stored into your browser and that could be annoying but you'll always be able to paste them into any login form. Or at least I never experienced any problem. There is also an Android version and you can copy the password db file among devices (dropbox or manual file copy).
-
Re:Brilliant idea
You dont need to have all your passwords in your head. Maybe a couple of the important ones, and the one of a password manager where you store all the others.. Better that password manager can run in your phone and in your computer, like i.e. KeePassX. Also, those passwords don't need to be hard to remember, just hard to guess/calculate, but could be easy to remember
-
Re:Low expectations
I just wanted to mention that KeePassX runs on UNIX systems.
-
Re:KeePass?
I use KeePassX, a derivative of the original KeePassX. It is also open and under the GPL. I gather that the major difference between it and the original KeePass is that its cross-platform nature is not dependent on Mono/.Net. The downside is that it does not yet support the KeePass 2.x DB format, but since I'm not using that, I don't mind.
I use KeePassX on Debian, the Windows port under Win7, and KeePassDroid on my phone. It all works really well. My only complaint with KeePassDroid is that it doesn't support file attachments that one can attach to an entry in the database. It doesn't appear to destroy them, it just ignore them right now. Other than that, it's great.
-
Re:not surprising
KeePassX helps with that. But it obviously doens't help with companies spilling their pwd databases...
-
Re:KeePass
-
Re:This is why I use tiered passwords.
Same system I used when I was younger. Nowhere near as good as using KeePassX, which will run on nearly every OS, from USB, and on mobile phones. Each and every site login has a unique password, like "xY5C=r%|yH`", and when I want to log in I just select "copy password to clipboard" over the entry and paste in. Also helps avoid keyloggers. You have one master password, and simply make sure you back up your encrypted password file.
This way, if a site is compromised then it has no damage outside of that account.
Phillip.
-
KeePassX
I am very happy with KeePassX. It stores your passwords and related information in an encrypted file. You can copy a password out of it to paste into a web-form. This means
- You don't have to remember your passwords - they can be randomly generated according to a wide set of rules.
- You don't have to type your passwords - they transfer via the clipboard (which is automatically emptied after a few seconds)
- Your passwords are (reasonably) secure, being stored in an encrypted file.
The obvious problem is that you need a password to open the KeePassX file. However, this at least does not go via browser, and I can manage to remember one complex, very secure password.
KeePassX is open-source, available for Windows/Mac/Linux, and compatible across all of these. Nice solution - give it a try!
p.s. I have no relation to the project - just a happy user!
-
Re:Translation
-
Re:i need an example
-
Re:Ignore it?
-
Re:Ignore it?
"I also fail to see how anyone can maintain even a single password that they change every month, without some kind of system. Especially if it is a strong password, that takes some time&effort to remember."
http://www.keepassx.org/ -
Password Tracker Deluxe
I bought a copy of Password Tracker Deluxe years ago, and it's been a great tool on Windows, so I wanted to give it a mention.
I'm currently trying to replace Windows for my daily needs with Linux (I'm currently trying Linux Mint KDE), and so I had to find another option (although it does mostly work under wine).
What I found was KeePassX, which has done a pretty good job as a replacement. And because KeePassX is cross-platform, I can access on Windows as well.
I saw others mentioning KeePassX above, and they mentioned features I haven't even discovered yet.
-
Keepass and KeepassX are nice for that
-
Re:Keepass
I run keepassx myself. It generates strong passwords for you, if you'd like, or it stores all of your passwords in an encrypted file. It gives you the option to copy a password to the clipboard for a given amount of time (10 secs) before it is delete--it removes them on close too.I admit that I was uncomfortable with this at first, but this is no different than decrypting the password, and storing it in memory, before it's shown on screen.
Keepassx also works great on Linux, Macs, and Windows, which I have not yet tried. -
Re:HEY!
Linux version here:
I also like the openssl VIM plugin for a text file 'password safe', since you don't even need a X GUI to access it:
-
Re:Salt
KeePass Password Safe is even better. There's also a Linux and OS X port.