We all know that passwords sucks, that they are the nightmare of all administrators and security guys. So many hacks have been eased because the victims reused the same password everywhere : email account, forum, bank, critical systems…
Sadly, so far, there is even not the beginning of a replacement solution. Passwords will be there for long, so we would better use them accordingly.
Yes, I am aware of many on-line services like FisrtPass, KeePass, 1stPassword, etc. However, I don’t feel comfortable with having all my password somewhere on-line, even if they claim – and I believe they are sincere, that they use strong encryption and can’t access to it.
Instead, I use a combination of the Firefox password manager and the Pwgen add-on. I use this add-on to quickly and conveniently generate a random password when I subscribe to a web service. When Firefox prompts for it, I just choose to remember the password automatically. SSO quick and dirty.
For the other passwords that I can’t and don’t need to memorize, I store them in a local encrypted file.
To edit the file, I simply use Vim with this nice GPG plugin:
- copy gpg.vim to /home/$user/.vim/plugin
- if not done yet, generate you GPG key :
$ gpg --gen-key
- Encrypt your password file and erase it:
$ gpg --encrypt --recipient 'your name' passwords $ rm passwords
- Now, it’s done. Just edit password.gpg to decrypt and access to your passwords (you will be prompted for your passphrase):
$ vim passwords.gpg
If you don’t like the overhead of GPG, a more straightforward solution is to use the OpenSSL extension :
- Copy the openssl.vim file to /home/$user/.vim/plugin as well.
- Now, to encrypt to file to, say, AES (note the .aes file extension which makes sense for the plugin):
$ openssl aes-256-cbc -in passwords -out passwords.aes
- Decryption will occur as soon as you edit the file with Vim:
$ vim passwords.aes
I believe that, if not perfect, it is pretty secure. I mean not more, not less than your system is. Anyway I don’t have any need for an on-line manager. And you, how do you manage your passwords? Let us know about your tips.