Norman Fuchs wrote:
I have never used a password manager, but I am being pushed to use one. But I'd like to know if any of them are compatible with SeaMonkey. Can someone help me, please?
I use a mix of KeePass and the manager that's built into Seamonkey. I consider my KeePass store to be primary, but I let the built-in one remember passwords for sites that I use regularly. If you use the Seamonkey mail client and let it remember passwords, you're already using the Seamonkey password manager, especially for sending mail.
If you're using the password manager, then you do want to make sure you have the master password set, using a non-trivial password. With the master set, then you'll get prompted to enter it once per session, the first time you do anything that requires a password.
The value of an external password tool is portability, and there's a variety of ways that you can use it, and you don't necessarily have to use the cloud.
With KeePass, I don't put my password store on a cloud server, but I do keep one copy on my main work computer, and I keep a second copy on my LAN, where I can get to that from any of the computers in my LAN. KeePass does have a synchronization tool where I can sync any time I need.
A good intro to KeePass: https://www.techrepublic.com/article/how-to-manage-your-passwords-effectively-with-keepass/
Because KeePass is a separate program (rather than a browser extension, as many are/try to be) it also allows me a lot of ability to get to my content from outside of Seamonkey. The UI allows me to open a saved URL on a couple of mouse clicks, whether my default browser (Seamonkey), or to choose another browser. Additionally, with scripting support built in, it allows me to do logins in places where user ID and password are separate screens (not just consecutive form entries), and I can even use it to do a cert-based login in an SSH session.
Personally, I choose not to keep stuff on the cloud, but if your store has a strong access password, then I think you're pretty safe, whether you're using KeePass or something else. There may be variants, but I have investigated LastPass, and I'm convinced that they are a zero-knowledge setup, where they don't have access to encryption keys. Several years ago, LastPass was hacked, but from the reports I saw, all the intruders had access to was encrypted files. The only people who were vulnerable were ones using weak passwords.
Under ownership of LogMeIn, LastPass has recently announced that they're limiting use of unpaid access to only one or two devices, and for wider use, requires upgrade to a paid tier of service.
The place where many want a cloud-based service is if they're trying to coordinate access over multiple devices (especially the mix of computer/tablet/phone).
However, with a little effort on your part, you can still synchronize a computer and phone without going through the cloud to get there.
The primary negative on KeePass is with the user interface. It's an open-source project, and has many of the common things, both in the quality of graphical display (XP-vintage graphics), and that there are so many advanced features, that it can be a little intimidating for a newbie to get started with. In this context, it's worth noting that there is a companion project -- KeePassXC. It's not actually KeePass, but a separate work interacts seamlessly with KeePass files. KeePassXC has a softer feel to the UI, less of the case-specific advanced features, and also supports both Mac and Linux.
Another possible option to consider could be Password Safe. I haven't looked at it in detail, but it's similar to KeePass as stand-alone tool that's not normally integrated with a cloud-based service. I don't believe that Password Safe is quite as extensive in its feature set. The other thing about Password Safe is that it originated with security researcher Bruce Schneier (also the originator of the blowfish encryption algorithm), although it's now also an open source project.
Smith _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
