These days our on-line lives have become quite busy. We visit a lot of websites, most of which need a password login to get to the good stuff. How do you remember all of the passwords? By using password managers. In this article are the options I have found for Linux.
We all know it's safer to use different passwords for all of the websites we login to. We also know passwords should be as random as possible, using a certain minimum length, uppercase, lowercase, and symbols. But when following those rules, it becomes a lot harder to remember passwords, let alone remembering which password goes to which website. This is where a password manager come in. I know some people like to just use a spreadsheet, however it's better to use an encrypted file. Most password managers use encrypted files to store passwords. Some of them even cross platforms, enabling you use your password file on all platforms. The list below is in no particular order. All of the password managers discussed below can be found in the Ubuntu and Debian repositories.
Revelation is a simple password manager. Features:
- Store your passwords securely
- Password generator
- Password protection for your passwords
In using this password manager I noticed that the password generator only allows for upper- and lowercase passwords. It will not let me set the password to have symbols as well. Revelation works but is missing some of the features I like in some of the other password managers. I believe Revelation can do with a little bit more development. Key features work but I would like to see the option of symbols in the password generator.
Figaro's Password Manager 2 (FPM2)
FPM2 has a great feature set. The ability to not only protect your credentials with a password but also with a key file is great. Credentials can never be secure enough. A key file can be any file you select on the computer. Key files are used to create a hash which is then used for access to your credentials. Key Features:
- Passwords are encrypted with the AES-256 (old version use blowfish) algorithm.
- Key for encryption is generated with PBKDF2 using HMAC-SHA-256 with 8192 iterations.
- Optionally you can use two-factor authentication. To decrypt the list of passwords, you must know the master password and you must have the key file.
- Copy passwords or user-names to the clipboard/primary selection.
FPM2's password generator has the option to include symbols. It also shows you the number of possible combinations. FPM2 has the ability to set launchers per category. This makes it possible to in some instances only copy the password or set the launcher to copy username and password. This launcher will even allow you to set either the username or password to be sent to the first selection and copy the other to the clipboard.
Gringotts is more than just a password manager. Gringotts wants to be your manager for all sensitive data. Gringotts has the most complete feature set I have seen out of any of the password managers reviewed. In short, if Gringotts can't keep the data safe then nothing can. I haven't been able to find a full feature list. Honestly to make one myself and include it in this article would take up a full page. Here is a quick (very short) summary:
- Choice of eight strong encryptions to choose from.
- Ability to set an expiration on passwords
- Security monitor. See with what options you are currently running Gringotts
- Secure wipe to completely erase any trace of old files
- Password quality check
- Ability to attach files to security records
- Create complete records with indexing (great for medical records)
I'm not sure if Gringotts is useful for passwords. For credit card information or medical records, it's great also. Gringotts creates separate files or what Gringotts calls "stores". It saves the information you put in, as well as the attached files in that store. If you attach a file it will remove the original and add the file to the store. It seems like this project has been abandoned however (no updates since June of 2009). What we are left with is a great, safe data store.
Gnome Password Manager GPass
In this case, we are looking at the Gnome Password Manager. Also referred to as GPass, it is also a anonymity proxy widely used in China. If you are looking for GPass (the proxy), then go here. Features:
- Clean and easy-to-use user interface.
- Quick-search facility.
- Username and password may easily be copied to the clipboard.
- Encryption is done using the OpenSSL crypto graphics library.
- The built-in password generator helps you generate secure passwords.
It's a very simple password manager that looks a lot like Revelation. However GPass adds what Revelation is missing. GPass's password generator has the ability to add symbols as well. It's easy to use and has the ability to set the password to expire in a set amount of days
So far none of the password managers have been cross platform. This is where KeePassX comes in. I use KeepassX myself on a daily basis. I need it because sometimes I do need to step over to the darkside and use Windows for a couple of hours. KeePassX allows me to do this. Key Features:
- Extensive management - title for each entry for better identification
- possibility to determine different expiration dates
- insertion of attachments
- user-defined symbols for groups and entries
- fast entry dublication
- sorting entries in groups
- Database security
- access to the KeePassX database is granted either with a password, a key-file (e.g. a CD or a memory-stick) or even both.
- Encryption- either the Advanced Encryption Standard (AES) or the Twofish algorithm are used
- encryption of the database in 256 bit sized increments
KeePassX is the unofficial Linux/Mac port of KeePass password safe
, which is the Windows version of the software. The best feature of KeepassX is the ability (by locking the database file) to use it on more than one computer without corrupting the password database. You can set this lock to lock the file after a set time.
So what do you do when you work on a server or spend a lot of time at the command line? pwsafe is a password database for the command line. Features:
- Pure command-line operation if desired (good for remote access over ssh)
- Can interact with X11 selection & clipboard.
- Portable, endianess-clean, misaligned-access-free C++. Compiles cleanly on linux, *bsd, macos x, solaris.
- Compatible with CounterPane's PasswordSafe Win32 program versions 2.x and 1.x.
- Funny comments included in source code.
Originally created for the unix command line, pwsafe is great for simple password management on a server. Pwsafe is compatible with it's Windows parent Password Safe
. The compatible Linux GUI to use with pwsafe is Password Gorilla
. So even though pwsafe is command line, you could use the previously mentioned GUI's as well.