On August 12, 2014 5:42:09 AM PDT, Anton Aylward <opensuse@antonaylward.com> wrote:
On 08/12/2014 03:14 AM, ellanios82 wrote:
I keep saying Context is Everything and that applies here too.
_______________________
- Thank you,
Because, one needs so many user-names and passwords : My.Yahoo, Google, Bank, etc., etc. : until now it had seemed reasonable to keep in text-file
Eh?
Sorry, not I don't think that it does.
If you use a modern browser it has the ability to remember login. There are a number of plugins for Firefox to do this.
In addition there are specific password managers for Linux in a variety of flavours.
. . . but one reads frightening stuff like hackers scooping millions of passwords
Which journalists play into headlines. Someone drilled down on that and found many of those "millions" were actually garbage.
Why? Do you have reason to think that *your* password s have been stolen, are among them?
To my mind, protecting the password store on *your* machine is of little use if the sites you visit are vulnerable. Perhaps they have you enter your password over a plain http connection, not https. Perhaps they store your password in cleartext in their database. Heck it makes more sense for hackers to attack some sites that have those millions of passwords, many by people who use the same password on all accounts, that to target users individually.
Really, its about Risk management and some *sites* are the risk.
Consider the ones, for example that only allow 8 character passwords and ignore case. Yes there are still many of those around.
: thus, it seemed not excessive to think about using PGP to encrypt that text-file
: this text-file might have to be decrypted and again re-encrypted several times a day
Seems very wrong headed to me.
- but, perhaps this is not a good way
Damn right! Lots of limits on how to 'automatically' create, sore, import etc. Lots of manual intervention needed, as you point out. Very much the old 1980's "Classic UNIX" way of doing it. Sad to say but MS-Windows and its emphasis on GUI-ness has show this to be antiquated.
: maybe an Linux specialized password-wallet is a better way to consider ?
Like Kwallet if you are using KDE? Keyring if you are using Gnome?
But the example you gave above makes me think that a store integrated with your browser makes more sense.
http://www.techradar.com/news/software/applications/8-of-the-best-linux-pass...
Probably the most popular is http://www.keepassx.org/
What's interesingt about this http://sourceforge.net/projects/passwordsafe/ is <quote> PasswordSafe lets you create different groups such as blogs, forums, wikis and the like. You can then assign entries to any of these groups. You can define the settings for the password generator in the last tab – things like the number of characters, or what combination of lower-case/uppercase letters and numbers to use. </quote>
-- "...there is no reason anyone would want a computer in their home." Ken Olson, President, Chairman, and Founder of DEC, 1977 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Browser plugins? OS based password vaults.? Are ye daft man? It's not 1998 any more. Not everyone does everything at their computer any more. Your passwords have to travel with you. With the pace that Linux adopts and then abandons packages, it's crazy to suggest putting anything of value into kde or gnome's password managers. If the hard drive failure doesn't get you the next release surely will. And your next trip through customs can get your laptop seized and held for months, holding your only copy of your passwords to say nothing of thieves. I reach for my phone or my tablet 5 times a day for password lookup. You need a password vault that syncs. Across several platforms. And one which does that even when you forget to do it. -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org