Password / files softwarevault?

Discussion in 'privacy technology' started by TheGhost, Mar 4, 2010.

Thread Status:
Not open for further replies.
  1. TheGhost

    TheGhost Registered Member

    Joined:
    May 14, 2009
    Posts:
    25
    I have my passwords / usernames stored in a few simple .txt files on my desktop. I know that's one of the dumbest things to do security-wise so i'm looking for a solution. How can i securely save my passwords/usernames but still being accessible within seconds? I open these txtfiles +/- 30 times/day for business purposes.
    i was thinking about storing these .txtfiles in a truetrypt partition, but that means i have to start truecrypt everytime i want to have access to the .txtfiles.
     
  2. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
  3. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    +1
    KeePass rocks. I have switched to the 2.x series, but I can't say the difference is significant for me.
     
  4. Spyros

    Spyros Registered Member

    Joined:
    Feb 25, 2005
    Posts:
    74
  5. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    HAN, would you explain in details why you think 1.x series is better than 2.x series, please?
     
  6. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    2.x relies on .NET Framework. While I feel there is nothing particularly wrong with .NET Framework, I try to run my PCs as lean as possible. Running an extra process to get to my passwords just seems excessive to me.

    Keep in mind 1.x is not abandon-ware. It's still actively developed.
     
  7. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    That's true, and something I didn't fully account for when I switched from 1.x to 2.x. I switched because there are a few additional features in the 2.x version, but as it turns out, I don't seem to be using any of them, so I could have easily stuck with 1.x. Now that I've made the switch, I really don't feel compelled to switch back.

    The comparison of features for 1.x vs 2.x is here:
    http://keepass.info/compare.html
     
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I formerly used KeePass but I've since happily moved on to LastPass. I switched because I didn't want a solution that tied me to a given computer.
     
  9. Number99

    Number99 Registered Member

    Joined:
    May 16, 2007
    Posts:
    29
    Location:
    Sweden
    I use KeePass 2 and I'm extremely satisfied with it. :)
     
  10. KookyMan

    KookyMan Registered Member

    Joined:
    Feb 2, 2008
    Posts:
    367
    Location:
    Michigan, USA
    How does Keepass tie you to a given computer? OR the flip side how does LastPass make you more portable?

    I use Keepass across all my home PCs, as well as portably. Even use KeePassX on Linux (Can access Keepass databases).
     
  11. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    With LastPass, I have one master copy of my password database, which resides on their servers (in encrypted format that they cannot read). Thus, I can access/update my passwords from any computer that has a browser and Internet connection. With KeePass, on the other hand, your database is located on your hard disk or other local storage - with v1.x at least, if I recall correctly. According to optigrab's link KeePass v2.x supports synchronization whereas v1.x did not, so maybe there's been some improvement in this area since I stopped using KeePass.
     
  12. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    At this point, I am not yet convinced the right place to store all my passwords in one place is on the web. So LastPass is not for me... :)
     
  13. KookyMan

    KookyMan Registered Member

    Joined:
    Feb 2, 2008
    Posts:
    367
    Location:
    Michigan, USA
    I agree, I've come close to that for.. simplicity, but I might have a compromise for you, that addresses your concern as well as...

    Starting with KeePass 2.x (Which admittedly is LESS portable in and of itself than KeePass 1.x, as 2.x requires the .NET runtimes from Microsoft[though I'll run out on a unstable limb and say that Mono will probably suffice on Linux/Wine but I could be wrong]). Keepass has the ability to open a remote database located at a URL. I don't use it, so I'm not to familiar with the features of it, nor the ability to save/update it, but I have a plan/suggestion (which I'm sure will have a ton of holes discovered by other posters but it should be secure) for a single database, secure access solution.

    If you have a Linux box you have running 24/7 try this:
    1) Install OpenSSH, Samba, and an FTP Server of your choice.
    2) Add a directory share to Samba, and locate your Keepass database there. This will be accessible anywhere inside your network at its share, and as such you have total access to your database anywhere at home.
    3) Create a user that will have access to only this directory. Allow this user to only connect from localhost (127.0.0.1)
    4) Configure OpenSSH to allow keyfile logins, disable password logins. This increases security. Also allow SSH Tunnels.

    To access your password remotely:
    1) You will need a SSH Client (I suggest PuTTY, I have it, I love it, it will work for what you are wanting to do here. It is FOSS and very portable.). KeePass 2.x, and a system that can run it given the .NET Dependency. Internet access obviously.
    2) Configure PuTTY by opening a SSH Session to your home IP. (DynDNS works great for a dns name for this.), You have configured the Private Key File login, as well as a SSH Tunnel. Set the tunnel to point to your localhost at the remote end. Once you have logged in, which is very secure since you have a keyfile setup brute forcing is not really possible for attackers, open KeePass if you haven't done so, and Open URL and set the server to localhost. Since you set up the tunnel, PuTTY will forward the request to the remote end, which is your linux box, where Keepass will see a FTP server, access it and acquire your database.

    Shazam. Your database is still hosted locally (on your home network), its behind three layers of security (First: SSH Login/Keyfile; Second: FTP Password; Third: Database password itself. I'd almost suggest a password Keyfile on your portable USB Drive your carriying with you to remove harden against bruteforcing the database itself 'just in case'.), and its always available to you as long as you have your USBKey with your SSH keyfile, Database Keyfile and IP address. (You can download Putty and WinSCP Anywhere).

    While this seems like a lot of work, there is a good reason for it all. You could just set the FTP up directly to the outside world, but you will have people trying to break into it. Not to mention that FTP usernames and passwords are sent in the clear so a packet sniffer can compromise you. By using SSH, you are establishing an encrypted tunnel between the PC you are on and your home PC. Noone can read what is happening on that tunnel, so they don't know your getting a file.

    An alternative method, if your always going to be traveling with your laptop, you could install OpenVPN and just create a tunnel that way, and then map the share like you would at home. IF you travel, I'd almost suggest this because then you can route all your web surfing (and everything else) through your home PC instead of from wherever your at. Not to mention you also have access to all of your files.

    Oh, and if you don't have a spare Linux (or any other box) hanging around, you could do the above on your primary PC, but at that point I'd almost suggest hunting down a spare machine. It's kind of nice to have a spare server running, load it up with space and you can host your own little website, run as a fileserver in house, or various other little things.
     
Loading...
Thread Status:
Not open for further replies.