Re: Secure Password Storage

Thu, 14 Oct 2004 09:35:55 -0700

This isn't a linux or open license solution, but FWIW I've been very happy using password vault software on my Palm to hold ~100 passwords and magic numbers. I'm using Dataviz's Password Plus, but there are lots of them out there, and they're relatively cheap.

I've yet to get kpilot going, but when I do I'm hoping that Palm applications won't care what OS the data is being backed up to, and all I need to do is get the .prc files onto the Palm.

Of course, this means you have to have a Palm and keep it charged and buy commercial software so there are infrastructure issues, but it really works for me.

/icebiker

----- Original Message ----- From: "Jacob S" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 13, 2004 19:18
Subject: Secure Password Storage


Ok, so I know that using key based authentication is better, and that
you should never write down passwords. But, I don't know of any websites
that allow key based authentication (yet) and 135+ passwords is hard to
memorize. :-)

So, my next thought was removeable media. But, what happens if I lose
the removeable media (falls out of my pocket, gets stolen, etc.), or a
'friend' snoops files they shouldn't?

I could encrypt them using ssh, but now I have to carry a second
removeable media with me at all times - for my ssh key - and hope I
don't lose both pieces of media at the same time. If I don't carry my
ssh key with me, I've just lost the functionality of always having my
passwords with me. I could do a password protected zip file, but that
seems pretty weak to me.

I also don't have a laptop, so I realize that presents a whole new set
of complications and ways for privacy/security to be compromised in
regard to my passwords and keyloggers, etc.

So, does anyone have any other suggestions for good ways to store
passwords in a fashion I can carry with me yet keep them secure? I'm
pretty much resigned to the fact that anyone that *really* wants to get
the passwords can, if they have the removeable media and enough time,
but I don't want to make it any easier on them than I have to.

Any suggestions would be appreciated.

TIA,
Jacob


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to