North Idaho Linux Users Group

Categories

Downloads

Archives

Using A Password Manager

How do you keep track of all the passwords you use for your router, Internet forums, business web sites, banks, etc? If you write them down somewhere, you could lose the list or someone else could find it and make use of it. You have a computer right in front of you, so it stands to reason you can use it to keep track of all your login information, including passwords. And you can do that in a safe manner by using a password manager program.

Generally, the password programs available for Linux keep passwords in an encrypted file. Different managers use different encryption for this. Most of them also require a master password to allow you access to your passwords. We will show you some of these password managers and will show how to use one of them - KeePassX.

Password Managers

GPass

GPass is a manager that is no longer actively developed, but is a favorite of many Linux users. It uses the Blowfish algorithm to store login information in a single file. You can create folders in the file to hold various types of login information, like forums, business, etc. There is more information about GPass at their web site: http://projects.netlab.jp/gpass/


Gpass Password Manager

Gpassword

Gpassword is a multi-platform password manager. It will run on Linux, Windows and Mac. It uses a single Crypto++ encrypted platform to store login information. You can create multiple password files with it if necessary, though.

Gpassword is not in any software repositories. You can download it from the web site http://sourceforge.net/projects/gpasswordman/ and use the installer bash script to install it.


Gpassword Password Manager

Revelation

Revelation is a password manager for Gnome that is no longer in active development. Unlike other managers, Revelation does not ask you for a master password to enter the password file. Instead, you must provide the master password for each new password entry. It stores login information in a separate file for each set of logins. This is a disadvantage, as you cannot search through all the login information for each entry.

For more information about Revelation, go to the web site: http://oss.codepoet.no/revelation/wiki/Home


Revelation Password Manager

Gringotts

A password manager named for the wizard's bank in the Harry Potter books can't be bad, can it? Gringotts is not just a password manager; it is a comprehensive information manager, capable of storing the information using one of eight encryption algorithms. It is too complex if you are using it to just store login credentials.

If you are looking for something that can keep track of encrypted documents and attached files as well as login information, check out Gringotts at http://gringotts.berlios.de/.


Gringotts Password Manager

MyPasswords

MyPasswords is a password manager that doesn't require installation and is multi-platform. It uses the Derby database and AES encryption to store login information. It does not have a master password, so you must be careful who has access to your computer.

MyPasswords is not in any software repository. You can download it from their web site at http://sourceforge.net/projects/mypasswords7/.


MyPasswords Password Manager

PasswordSafe

PasswordSafe uses a database and a master password to store passwords and other login information. It has groups (folders) and entries, like many of the other programs. PasswordSafe is in beta test and you can expect it to crash periodically, so it is not yet ready for primetime.

You can find more information about PasswordSafe at it's web site: http://sourceforge.net/projects/passwordsafe/.


PasswordSafe Password Manager

Fiagaro's Password Manager 2

Fiagaro's Password Manager 2 (FPM2) uses an AES-256 encrypted database to store all kinds of information. It requires a master password to open the database. You can create categories for different entries and the categories will be listed in the main program window. FPM2 contains a password generator which allows you to avoid use 'ambiguous' characters such as '1' and 'l'. It has a search as you type capability to find items in the database.

You can find more information about FPM2 at it's website: http://als.regnet.cz/fpm2/


Fiagaro's Password Manager 2

KeePassX

KeePassX is one of the oldest and most popular of the password managers. It is an unofficial port of the Windows KeePass tool. Unlike some of the other managers, KeePassX can also work with encryption keys, and you can use a combination of master password and key file if you want yet another layer of security. KeePassX uses AES and Twofish encryption.

KeePassX uses a single encrypted file for storage. It stores information in groups (folders) and entries, so you can organize your passwords for easier access. You can have as many of these encrypted files as you wish.

KeePassX is in the Linux Mint repositories. You can find more information about it (or download it) at http://www.keepassx.org/.


KeePassX Password Manager

KeePass2

KeePass2 is a multiplatform password manager that is a direct descendant of KeePass, the Windows password manager. It supports AES, Rijndael and Twofish encryption algorithms to encrypt its databases. It uses SHA-256 to hash its master password. No specific installation is required to use KeePass2 - you simply run the program.

The KeePass2 is a single file that can be transferred from one computer to another. For more information about KeePass2, visit their web site at http://keepass.info/.


KeePass2 Password Manager

Using A Password Manager: KeePassX

We will be demonstrating the capabilities of a password manager using KeePassX, which is the password manager used by the author. When you run KeePassX, the first thing that happens is a dialog requesting your master password.


Master Key Dialog

Note that the master key can be a password, a key file or both. The key file can be any file on your computer. You can also create a randomly-generated key file in the "New Database" dialog by selecting the key file check box and clicking Generate Key File.

The KeePassX main window is displayed after the master key is accepted. This is where all the user entries are stored.


Main Window

The first thing you should probably do is create the Groups (like folders) in which to store entries. The groups will help you to keep your entries organized. The groups shown in the picture are Business, Forums, My Web Sites and Other.

To create a group, highlight the group in which you want your new group to reside, then click on Add New Subgroup. If you had clicked on Add New Group, the group would be added at the same level as the group we highlighted, which is not what we want.


Adding a New Subgroup

The group properties dialog will appear. Enter the new group's name and click on OK.


Group Properties

You can enter new entries in the group in one of two ways. If the new entry is associated with something that has more than one set of user information, you should add a new subgroup under the main group. If the new entry only has one set of user information, you can create an entry by clicking on Add New Entry.


Add New Entry Menu Item

The New Entry dialog will be displayed. It will show which group the entry will be added to, as well as a descriptive title for the entry. The important bits are the username, URL and password. You can even generate a password if you don't currently have one.


New Entry Dialog

When you have entered all the information, click on OK. The entry will be added. At this point, be sure to save the database changes by clicking on the Save Database item in the File menu.

To use the information in an entry, highlight that entry in the database, then right-click the mouse to get a context menu.


Entry Context Menu

You can copy stuff to the clipboard so it can be used in other applications. IMPORTANT NOTE: Copying a username or password to the clipboard allows you to paste that particular item only one time. Once you have pasted it, the item is removed from the clipboard. This is a clever and important safety feature.

You now have enough information to be able to use the KeePassX password manager. For more information about its use, you should use the built-in user manual.