issuhub.com

Linux Format - UK (2020-03)

(Antfer) #1 
56 LXF260 March 2020 http://www.linuxformat.com

TUTORIALS Password manager


password’ – the only password you’ll have to remember

going forward. This should be lengthy but memorable

(to you), and can be further protected using secondary

layers such as 2FA.

Password managers come in all shapes and sizes,

but to be truly effective they need to be cross-platform,

work in any browser and simplify the act of entering

passwords through autofill and paste features. Plenty of

proprietary solutions offer these, but few are open

source, which raises questions about transparency.

Cross-platform means apps for all major platforms:

Linux, Windows, Mac, Android, Apple and web browsers

(Chrome and Firefox, but preferably more). Your vault is

kept synced between your devices via the cloud. The

cloud might mean storing your vault on one of your

cloud services, or relying on the password manager’s

own proprietary server. If you’re lucky, you’ll even get

the option of setting up your own self-hosted server.

Using the cloud throws up security considerations of its

own, so the vault needs to be encrypted using keys that

aren’t accessible to your password manager.

We’ve narrowed our choice of recommended

password managers to three. The first option is the least

flexible but is a good choice if you’re already using

KeePass to store sensitive information on your PC. That

option is KeePassXC (https://keepassxc.org). It’s

optimised for multi-platform use but has no built-in

support for cloud providers (you’ll need to set this up).

Our second option is simpler to set up and

implement – check out the boxout (opposite page) for

more on Buttercup. It’s currently quite early in its

t goes without saying that relying on the same

old passwords to secure your online accounts

is not good practice. A quick trip to https://

haveibeenpwned.com should reveal that one or more

of them has been exposed in the past 20 years or so.

The solution is simple, yet complicated. It’s simple

because you just need to generate long, random

passwords comprising letters, numbers and symbols to

make them hard to guess or crack through brute force,

but complicated because it’s hard to remember them all.

The solution lies in employing the services of a

password manager. This helps you to generate those

random passwords, then stores them securely in an

encrypted file (or vault) that’s locked behind a ‘master

You can store more than one login for each website – which is useful

when accessing multiple services on the same server.

Set up a secure


password manager


Nick Peers reveals how to take your password management to


the next level with the option of a self-hosted server.


Nick Peers

At last Nick

believes he’s

protected by

unique, long,

random passwords.

I


BITWARDEN


OUR

EXPERT

Credit: https://bitwarden.com

Manage passwords and other info


(^1)
Types
You can store more than just passwords –
payment cards, identities (for filling forms) and
generic secure notes can all be stored.
(^2)
Organise into folders
Group related information together – click



  • next to Folders to add a new folder.
    (^3)
    Edit item
    After clicking Edit, you can manually
    change existing information and add new
    info. Previous passwords are retained under
    Password history.
    (^4)
    List matching logins
    The currently selected type or folder’s
    contents are listed here – click one to view
    and edit its properties.
    (^5)
    Organise items
    Choose which folder to file the
    current item into here, or tick Favourite
    to make it easier to find.
    (^6)
    More controls
    Buttons beneath the edit item fields
    enable you to save, share (with other
    organisations) and delete the item.
    1
    4 3
    6
    5
    2
    56 LXF260 March 2020 http://www.linuxformat.com
    TUTORIALS Password manager
    password’– theonlypasswordyou’llhave to remember
    goingforward.Thisshouldbelengthybut memorable
    (toyou),andcanbefurtherprotectedusing secondary
    layerssuchas2FA.
    Passwordmanagerscomeinallshapes and sizes,
    buttobetrulyeffectivetheyneedtobe cross-platform,
    workinanybrowserandsimplifytheact of entering
    passwordsthroughautofillandpastefeatures. Plenty of
    proprietarysolutionsofferthese,butfew are open
    source,whichraisesquestionsabouttransparency.
    Cross-platformmeansappsforallmajor platforms:
    Linux,Windows,Mac,Android,Appleand web browsers
    (ChromeandFirefox, butpreferablymore). Your vault is
    keptsyncedbetweenyourdevicesviathe cloud. The
    cloudmightmeanstoringyourvaulton one of your
    cloudservices,orrelyingonthepassword manager’s
    own proprietary server. If you’re lucky, you’ll even get
    the option of setting up your own self-hosted server.
    Using the cloud throws up security considerations of its
    own, so the vault needs to be encrypted using keys that
    aren’t accessible to your password manager.
    We’ve narrowed our choice of recommended
    password managers to three. The first option is the least
    flexible but is a good choice if you’re already using
    KeePass to store sensitive information on your PC. That
    option is KeePassXC (https://keepassxc.org). It’s
    optimised for multi-platform use but has no built-in
    support for cloud providers (you’ll need to set this up).
    Our second option is simpler to set up and
    implement – check out the boxout (opposite page) for
    more on Buttercup. It’s currently quite early in its
    t goeswithoutsayingthatrelyingonthesame
    oldpasswordstosecureyouronlineaccounts
    isnotgoodpractice.A quicktriptohttps://
    haveibeenpwned.comshouldrevealthatoneormore
    ofthemhasbeenexposedinthepast 20 yearsorso.
    Thesolutionissimple,yetcomplicated.It’ssimple
    becauseyoujustneedtogeneratelong,random
    passwordscomprisingletters,numbersandsymbolsto
    makethemhardtoguessorcrackthroughbruteforce,
    butcomplicatedbecauseit’shardtorememberthemall.
    Thesolutionliesinemployingtheservicesofa
    passwordmanager.Thishelpsyoutogeneratethose
    randompasswords,thenstoresthemsecurelyinan
    encryptedfile(orvault)that’slockedbehinda ‘master
    You can store more than one login for each website – which is useful
    when accessing multiple services on the same server.
    Set up a secure
    password manager
    Nick Peersrevealshowto take your password management to
    thenextlevelwiththeoption of a self-hosted server.
    NickPeers
    At last Nick
    believes he’s
    protected by
    unique, long,
    random passwords.
    I
    BITWARDEN
    OUR
    EXPERT
    Credit: https://bitwarden.com
    Manage passwords and other info
    (^1)
    Types
    You can store more than just passwords –
    payment cards, identities (for filling forms) and
    genericsecurenotescanallbestored.
    2
    Organise into folders
    Group related information together – click

  • nexttoFolderstoadda newfolder.
    (^3)
    Edit item
    After clicking Edit, you can manually
    change existing information and add new
    info. Previous passwords are retained under
    Password history.
    (^4)
    Listmatching logins
    The currently selected type or folder’s
    contents are listed here – click one to view
    andedititsproperties.
    (^5)
    Organise items
    Choose which folder to file the
    current item into here, or tick Favourite
    tomakeit easiertofind.
    (^6)
    More controls
    Buttons beneath the edit item fields
    enable you to save, share (with other
    organisations) and delete the item.
    1
    4 3
    6
    5
    2

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.