Thursday, February 11, 2010

Password managers for Windows, Mac and Ubuntu

I'm not a security expert ... not even close. So when it comes to this post about password managers, let me be clear: I'm just writing about my experience. I'm not endorsing. I'm not an expert.

At the office we use Password Safe to store a multitude of passwords for servers, web sites, and what have you. I found it incredibly useful to have this, especially for things accessed from a command line instead of a web browser (where Firefox serves me fine.) I liked it so much, I wanted to do something similar for my personal use.

I use a work-based Windows XP laptop, a beautiful new iMac at home, and a Dell Mini 10 using Ubuntu. Three machines, three OS's. But when I went looking for a Linux version of Password Safe, I couldn't easily find recently-developed version.

Searching around brought me to this Lifehacker article on password managers which was a good place to start, but I was also intrigued by the thought of a browser based system, which led me to, a free online password manager.

(First ... why not use Firefox's password manager? I do, but I want to manage a single repository for three machines. I know there are services to share passwords across computers in Firefox, but I was looking for other things, too, like search, etc. Also, browsers are not the only thing I need passwords for. There are probably options there if you look more.)

So I tried Passpack first. The interface is really slick and I found it easy to use. Some notes about it:

* I was worried about storing my passwords in the cloud, and Passpack is certainly aware of that concern. They explain all the particulars of how and why your data is safe, and I'm in no position to quarrel with them. (That said, you'll see below it is the main reason I continued to look for solutions.)

* I really, really liked the 1-click option to log into web sites. If you have the credentials for a site stored in Passpack, you can teach Passpack how to log into that site through a single click on your browser toolbar. The only downside is you have to have Passpack open in a browser tab, which isn't a huge deal, but I tend to get up from my desk enough that I didn't really want to keep it open. It's easy enough to lock and unlock the safe, though.

* Password Safe used a Windows-like tree to organize related passwords, which was useful. Passpack uses tags, which I also like, maybe even more.

* Passpack is free for the first 100 passwords. Within a couple of days I had entered 25. Seems like it wouldn't take me long to reach 100.

* If you need more than 100 passwords, there is a professional version with monthly fees (in Euros). There are some nice added features, like you can share passwords with other individuals with Passpack accounts. That can be a secure way to transfer passwords to clients or co-workers.

I found there was a lot to like about Passpack, and they describe their security pretty well, but other professionals I talked to just weren't comfortable with their most precious passwords in the cloud. I wasn't really worried until I wanted to save my Amex account password. Again, I'm not a security expert and I'm not making judgments on this, I just chose at this time to continue to look at other options. I still have the Passpack account ....

A suggestion was a more traditional software model that stores an encrypted file, which could then be saved in Dropbox, which has it's own security. Dropbox would sync this file to all my computers, so I would have the latest file no matter which machine I was on. This seemed to put my sysadminy friends more at ease because there is the encryption of the file and then the encryption of Dropbox. I figured I would at least try that route, so I went back to the Lifehacker list, which led me to KeePass and KeePassX.

Keepass for Windows (I'm using the Classic edition) is a full-featured as the Password Safe I had been using, but with a nicer interface. The KeepassX versions for Mac and Linux were said to have "less polish" but they seem to do what everything I want.

* You can organize related passwords in groups. You can assign one of 60+ icons to the group or password files to help you visually identify them.

* There's a nice search function across all fields except the password, I think. This helps me find what I want quickly.

* Saving the database file in Dropbox has worked like a champ. One disadvantage from Passpack would be if I was on a different or borrowed machine, I would have to download and install Keypass as well as download the file from Dropbox. Obviously it's easier to log into Passpack to quickly get a password.

* Keepass also allows you to use a "Key File" to lock your database. You have to have that file on your computer (or a thumb drive) to open the database. You can use that in conjunction with the password, so you would have two layers of protection. I haven't used that feature.

* A buddy and I experimented using a shared database on a server (not Dropbox) and that was kind of flaky. We seemed to be fine saving the file on Window server, but it didn't file lock correctly on Mac Xserve. We haven't played with it enough to troubleshoot why.

So, in short, I wish I could get over my heebee jeebies about Passpack being stored online, because it seems to be a wee bit more usable, but I'm finding the Keepass system to work just on my Windows, Mac and Ubuntu systems.


  © Blogger template 'A Click Apart' by 2008

Back to TOP