Re: Password managers

To: paulf@quillandmouse.com
Cc: Debian <debian-user@lists.debian.org>
Subject: Re: Password managers
From: "der.hans" <deb-user@LuftHans.com>
Date: Thu, 9 Nov 2023 19:55:49 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.20.2311091858490.12384@post>
In-reply-to: <[🔎] 20231109110553.10261d32@yosemite.mars.lan>
References: <[🔎] 20231109110553.10261d32@yosemite.mars.lan>

Am 09. Nov, 2023 schwätzte paulf@quillandmouse.com so:

moin moin Paul,

Folks:

I have a bash/GPG based password manager I wrote years ago, but I'd
like to use something more "accepted/popular". The problem I have with
the other password managers I've looked at is that you can store a very
limited amount of information for each "account". For example, for
one of my logins, I may have to store the answers to three security
questions, an account login, email address, the actual password, and
maybe the mobile phone number associated with the login. I also object
to my password information being stored online by some password manager
vendor.

Does anyone know of a password manager which will store a variety of
user-defined information for each login, and not store that information
on the internet (and which is free as in beer)?


In KeePass-based projects like KeePassXC you can store the usual title,
username, password, URL and notes in the main screen/tab.

In the advanced tab you can store further key/value pairs. This works well
for storing random strings for security questions and answers.

The responses can been starred out like password entries are. There isn't
a keyboard shortcut to copy them, but there is a menu drop down, so you
can get the values without having to open the entry.

There's also an option to add attachments.

I say KeePass-based because KeePass was the original project. KeePassX was
a port of the windows KeePass project to Linux and other platforms.
KeePassXC is a more active, community developed fork of KeePassX. I've
been using the latter two for many, many years.

Thanks to the developers and packagers for the projects!

All 3 are using KeePass file formats. There are other packages that
understand the formats. F-Droid has several if you're wanting some of your
passwords on your phone. Because it's a common format you have some choice
into which tool you want to use. There are also some command line options.

The biggest lack I've seen for host-your-own is that there isn't a secure
way to do partial sync between password files. For instance, I don't need
all my passwords on my phone, so would like to have phone.kdbx with just
the few I need, but be able to sync with my everything.kdbx file if
changes are made in one or the other.

KeePassXC FAQ on file formats.

https://keepassxc.org/docs/#faq-format

ciao,

der.hans

Paul


--
#  https://www.SpiralArray.com   https://www.PhxLinux.org
# "You want weapons? We're in a library! Books! The best weapons in the
# world! This room's the greatest arsenal we could have - arm yourselves!"
# -- the Doctor: Doctor Who, Tooth and Claw, 2006

Reply to:

Follow-Ups:
- Re: Password managers
  - From: "der.hans" <deb-user@LuftHans.com>

References:
- Password managers
  - From: <paulf@quillandmouse.com>

Prev by Date: Re: network question
Next by Date: balenaEtcher installation problems
Previous by thread: Re: Password managers
Next by thread: Re: Password managers
Index(es):
- Date
- Thread