Choose style:

Author Topic: Password Manager  (Read 2518 times)

0 Members and 1 Guest are viewing this topic.

Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 1609
  • Karma: 272
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8
Re: Password Manager
« Reply #30 on: April 14, 2018, 08:05:10 am »
Your system security would already have to be compromised for anyone to access your clipboard. If that was the case, they could easily see what you typed too.

Offline tetricky

  • Jr. Member
  • **
  • Posts: 73
  • Karma: 14
  • New Forum User
    • View Profile
  • Peppermint version(s): 8
Re: Password Manager
« Reply #31 on: April 14, 2018, 04:04:28 pm »
Who or what are you imagining has access to your local clipboard in those circumstances, that doesn't also have access to /dev/tty while you are typing? Why would typing it, be more secure than copy and pasting it?

...as long as there is no storage artefact of the clipboard when you are no longer at the machine.

.,...sorry, didn't see the above post before I replied.

There is also the question of practicality. If you are copy and pasting a long, strong, password from an encrypted password manager, it can be longer and less memorable, and most likely less susceptible to brute force attack.  I actually provisioned a vps from OVH last weekend, and the root password had been brute forced before I had actually seen the activation notice. Caused all manner of problems.

Key piece of advice for any host facing the wider internet - don't use root (establish a username, and use a STRONG password).  Close all ports possible (move ssh from 22, as a lot of script attacks look there), use something like zenmap to check your open ports, and make sure they are only there to provide services that you know about, and are going to address security of.

This STRONG password is not one you can remember, nor do you want to be writing it down.

I am open to any better idea than an encrypted password manager (lookup on the phone to get into the machine locally, or copy and paste to ssh in remotely - where you haven't got puiblic/private keys, or need to sudo).
« Last Edit: April 14, 2018, 04:15:24 pm by tetricky »

Offline christianvl

  • Member
  • ***
  • Posts: 138
  • Karma: 24
  • The Wheel weaves as the Wheel wills
    • View Profile
  • Peppermint version(s): 8
Re: Password Manager
« Reply #32 on: April 14, 2018, 09:50:05 pm »
Thanks to you all for taking your time to answer.

It's a lot better to use longer passwords,  copy and paste them, than using easier passwords.

I've also found this nice article on the subject,  if anyone is interested https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords
There are neither beginnings or endings to the turning of the Wheel of Time. But it was a beginning.

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3241
  • Karma: 260
  • Soy un huevo que adora Peppermint.
    • View Profile
  • Peppermint version(s): Peppermint 9 (64-bit)
Re: Password Manager
« Reply #33 on: April 15, 2018, 06:09:26 am »
I've also found this nice article on the subject,  if anyone is interested https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords

That's a practical article.  Thanks, christianvl. :)


For a lighter take on this matter, here's a small discussion concerning passwords and passphrases between John Oliver and Edward Snowden.  Of course, at the end of the conversation, John Oliver says something that is absolutely true -- that he just isn't going to take the time and effort to come up with good passwords for passphrases.  Many people I know think like that.

Code: [Select]
https://www.youtube.com/watch?v=yzGzB-yYKcc
« Last Edit: April 15, 2018, 07:55:41 am by perknh »
We're all Peppermint users and that's what matters  ;). -- AndyInMokum