Topics:
Services like LastPass are extremely popular for automatically entering credentials (username and password combinations) for logging into Web sites. They also generate passwords as needed and store them. They're not without their problems, however.
The two major issue with these types of services are the following:
- It's necessary to rely on a third-party service.
- If the site goes down temporarily, goes out of business, or significantly increases their fees (and you don't have a local copy of your data), you'll really be in trouble.
- You have to trust the service with your confidential information.
- Even if the software supports client-side encryption, these services are generally not open source so the code can't easily be audited by a third party. They may claim whatever they want, but proving this is tricky.
The solution is to stick with open-source tools so that you don't have to worry about these issues. Here's a recipe that works quite well:
- Install KeePass (version 2 or higher). This is easily done on Debian/Ubuntu with sudo apt-get install keepass2.
- If you have a KeePassX database (blah.kdb), convert it with the method over at Need A Password Manager? Install KeePass2 In Ubuntu Natty as KeePass2 won't be able to open this DB natively.
- Install KeePassHttp to provide the integration between the desktop application and your browser. For Debian, Ubuntu or similar operating systems, follow the method over at How to Integrate KeePass With Chrome and Firefox in Ubuntu.
- Install ChromelPass for Chromium / Google Chrome or PasslFox for FireFox / IceWeasel.
If you'd like to synchronize your database across devices, you'll need a service to do that, but you won't have to trust it to the same degree because your passwords are already encrypted. I recommend SpiderOak for this as they client-side encrypt everything (for an extra layer of protection), or at least they claim to - see my comments above! At the time of this writing, the commonly-used Dropbox definitely doesn't do this.
Mobile and other clients for KeePass are listed on the KeePass Downloads page.
Add new comment