On 3/15/2021 7:56 AM, NFN Smith wrote:
Norman Fuchs wrote:
I have never used a password manager, but I am being pushed to use
one. But I'd like to know if any of them are compatible with
SeaMonkey. Can someone help me, please?
I use a mix of KeePass and the manager that's built into Seamonkey. I
consider my KeePass store to be primary, but I let the built-in one
remember passwords for sites that I use regularly. If you use the
Seamonkey mail client and let it remember passwords, you're already
using the Seamonkey password manager, especially for sending mail.
If you're using the password manager, then you do want to make sure you
have the master password set, using a non-trivial password. With the
master set, then you'll get prompted to enter it once per session, the
first time you do anything that requires a password.
The value of an external password tool is portability, and there's a
variety of ways that you can use it, and you don't necessarily have to
use the cloud.
With KeePass, I don't put my password store on a cloud server, but I do
keep one copy on my main work computer, and I keep a second copy on my
LAN, where I can get to that from any of the computers in my LAN.
KeePass does have a synchronization tool where I can sync any time I need.
A good intro to KeePass:
https://www.techrepublic.com/article/how-to-manage-your-passwords-effectively-with-keepass/
Because KeePass is a separate program (rather than a browser extension,
as many are/try to be) it also allows me a lot of ability to get to my
content from outside of Seamonkey. The UI allows me to open a saved URL
on a couple of mouse clicks, whether my default browser (Seamonkey), or
to choose another browser. Additionally, with scripting support built
in, it allows me to do logins in places where user ID and password are
separate screens (not just consecutive form entries), and I can even use
it to do a cert-based login in an SSH session.
Personally, I choose not to keep stuff on the cloud, but if your store
has a strong access password, then I think you're pretty safe, whether
you're using KeePass or something else. There may be variants, but I
have investigated LastPass, and I'm convinced that they are a
zero-knowledge setup, where they don't have access to encryption keys.
Several years ago, LastPass was hacked, but from the reports I saw, all
the intruders had access to was encrypted files. The only people who
were vulnerable were ones using weak passwords.
Under ownership of LogMeIn, LastPass has recently announced that they're
limiting use of unpaid access to only one or two devices, and for wider
use, requires upgrade to a paid tier of service.
The place where many want a cloud-based service is if they're trying to
coordinate access over multiple devices (especially the mix of
computer/tablet/phone).
However, with a little effort on your part, you can still synchronize a
computer and phone without going through the cloud to get there.
The primary negative on KeePass is with the user interface. It's an
open-source project, and has many of the common things, both in the
quality of graphical display (XP-vintage graphics), and that there are
so many advanced features, that it can be a little intimidating for a
newbie to get started with. In this context, it's worth noting that
there is a companion project -- KeePassXC. It's not actually KeePass,
but a separate work interacts seamlessly with KeePass files. KeePassXC
has a softer feel to the UI, less of the case-specific advanced
features, and also supports both Mac and Linux.
Another possible option to consider could be Password Safe. I haven't
looked at it in detail, but it's similar to KeePass as stand-alone tool
that's not normally integrated with a cloud-based service. I don't
believe that Password Safe is quite as extensive in its feature set. The
other thing about Password Safe is that it originated with security
researcher Bruce Schneier (also the originator of the blowfish
encryption algorithm), although it's now also an open source project.
Smith
Thanks to all for the advice. I will have to study all this carefully.
_______________________________________________
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey
