How do I remember all these passwords?
January 22nd, 2008
If you are like me, you have a ton of passwords you have to remember. I have different login names and passwords for bank accounts, forums, blogs, email, and other stuff. How do you deal with it all? How can a person possibly remember them all, especially the ones that only get used once every month or two, or just a couple of times in a year?
One option, that I rejected years ago, is to use the same login and password everywhere. If a person were to choose a good, strong password, this would be secure, but only until any one of the several sites was compromised and the password data stolen. Is that likely? Maybe not, but this seems like an unnecessary and foolish risk to take.
So what to do? I use the same login on a few sites, but some sites have a login specific only to that site. Every site gets a different password. Some people like to use a basic, strong password as a framework, and add to it a suffix or prefix for each site. I just choose something completely different everywhere. This leaves me with the unenviable task of trying to remember all of them…actually, that task is not only unenviable, it is impossible.
Thankfully, I found a cool program called Revelation Password Manager. Revelation is a graphic-based password management program that uses AES encryption for data storage. It is easy to use, intuitive, and aims to be HIG compliant. There is a cool feature where at the click of a mouse Revelation will generate a strong password for you, and I also like the fact that one may copy the data file from one computer to another, or store it on a usb key, and it can be opened on any computer that has Revelation installed.
There are lots of great ways to do this. You could use gpg and encrypt a text file, leaving you able to open it anywhere you had access to gpg. There are other quality programs out there that do the same thing as well. I especially like TrueCrypt for encrypting data. However, every other solution I have used takes me longer and doesn’t have as nice of a feel to me as Revelation. If you are in the market for something like this, check it out and see if it will be a good fit for you as well.
The Revelation website has a series of screenshots for those interested and the program is available in the Ubuntu repositories, so installation is a piece of cake for Ubuntu users. Just install the “revelation” package using apt-get, aptitude, Synaptic, or whatever your favorite method is, and then look in the Applications->Accessories menu (if you are using Gnome as your desktop) for the Revelation Password Manager entry. Simple.
Entry Filed under: Linux / Ubuntu
27 Comments Add your own
1. Yuyo | January 22nd, 2008 at 4:45 pm
You were fairly generous in your praise of revelation, but after looking at some of bugs on the projects web site, I am a little nervous about using on my own data, since it seems that the application is prone to eating people’s data and corrupting its own file.
Have you seen any of these issues.
2. matthew | January 22nd, 2008 at 4:54 pm
Hi Yuyo,
I’ve never had any problem with data retention or corruption.
I’ve used Revelation for the last two years or so, going back to version 0.4.3-2 in Ubuntu 5.10 (Breezy). I may have used an earlier version in 5.04 (Hoary), but I’m not positive.
Other people’s experiences may vary, and based on the bug reports you mention, some problems have existed, but I have never had any issues.
3. ghost | January 22nd, 2008 at 5:04 pm
Address/Telephone book at home works for me.
eg.
F-Facebook
4. Jim | January 22nd, 2008 at 5:08 pm
KeePassX is another good program for doing this and has the added benefit of being cross-platform for us poor slobs that have to use inferior operating systems at work. The win version is also portable which is cool (i.e. portable apps).
5. matthew | January 22nd, 2008 at 5:22 pm
Jim: I had never heard of KeePassX, so I googled it. It looks impressive. It is also in the Ubuntu repos, so I did a quick install to play with it. This looks like a great program. It doesn’t have the ability to import from Revelation, and I have a ton of entries stored, so I’m not likely to switch. However, I will add it to my list of recommendations to consider for people looking for something like this.
6. Marc | January 22nd, 2008 at 6:22 pm
Revelation is indeed nice, but as I recall, I accidentally dragged the toolbar out into limbo once and could never get it back. This made it impossible for me to continue using the program. Hope that bug is gone
7. mariuss | January 22nd, 2008 at 6:49 pm
Same as matthew, using revelation for several years now, never had an issue with it.
Marc, why don’t you completely remove revelation (aka purge) and reinstall, your toolbar will probably get back. Never had this issue, just guessing.
8. Go Pokes | January 22nd, 2008 at 7:02 pm
My Password Safe is also a program that is cross platform and uses standard Password Safe files. I have been using this for years to get at my passwords from multiple locations. It also has a portable windows version to run off of a usb key. It is also in the ubuntu repositories.
9. Ryan | January 22nd, 2008 at 9:58 pm
For me firefox with the master password has been adequate, I don’t know how strong the encryption is though. The other great thing when it comes to password management is this little bit of javascript which I have bookmarked and removes the protection from sites that would otherwise not allow the browser to remember the password.
javascript:(function(){var ca,cea,cs,df,dfe,i,j,x,y;function n(i,what){return i+%22 %22+what+((i==1)?%22%22:%22s%22)}ca=cea=cs=0;df=document.forms;for(i=0;i<df.length;++i){x=df[i];dfe=x.elements;if(x.onsubmit){x.onsubmit=%22%22;++cs;}if(x.attributes[%22autocomplete%22]){x.attributes[%22autocomplete%22].value=%22on%22;++ca;}for(j=0;j<dfe.length;++j){y=dfe[j];if(y.attributes[%22autocomplete%22]){y.attributes[%22autocomplete%22].value=%22on%22;++cea;}}}alert(%22Removed autocomplete=off from %22+n(ca,%22form%22)+%22 and from %22+n(cea,%22form element%22)+%22, and removed onsubmit from %22+n(cs,%22form%22)+%22. After you type your password and submit the form, the browser will offer to remember your password.%22)})();
10. John | January 22nd, 2008 at 10:20 pm
I use KeePass on Windows & Linux and KeePassX under OSX, all sharing the same database.
The windows version runs well under Wine and is better than the KeePassX version, which crashes occasionally and has poor import capabilities.
11. Jim | January 23rd, 2008 at 1:29 am
Matthew, sorry I didn’t provide more info on KeePassX, but glad you found it. I have been using it for about a month now without any issues. It uses AES and has a random password generator. There was an article about it in the Jan 08 issue of Linux Journal. I don’t think it’s online yet though.
John, the version from the gutsy repos has never crashed on me yet. However, I can’t comment on the import capabilities as I have only used this and have nothing to import. However, I can take the database to my win box at work and open it just fine (using portableapps version).
12. Spuds | January 23rd, 2008 at 2:55 am
I have my own system for passwords. Works well.
13. matthew | January 23rd, 2008 at 4:40 am
I’m enjoying everyone’s comments. Thank you. I noticed that someone (not me) just submitted this post to Digg. I’m honored. Let’s see if it makes the front page…and if so, whether my site stays up.
14. Wolfger | January 23rd, 2008 at 8:05 am
the main problem with having a plethora of passwords isn’t how to "remember" them (Firefox and KWallet both do this well), but how to make it portable. I need to have my passwords at home, at work, and at anybody’s house I might be visiting. Requiring a certain piece of software be installed in all those places is unreasonable.
15. Michael Anckaert | January 23rd, 2008 at 9:10 am
Another good way would be to help promote OpenID (openid.net), a decentralized way to authenticate yourself with an OpenID identifier.
Read more about OpenID at the official website (openid.net) or at my blog http://www.masuran.org
16. Paul | January 23rd, 2008 at 1:58 pm
Another option is to have only a few passwords (5 for me) with different levels of security. The level of security of a password you will be using will depend on what kind of data you store on a website.
For example, the less secure will be used on a forum where you have no admin rights (only your e-mail is stored). The second less secure password may be used on a website where you have some admin rights. etc. The more secure ones should be used on great websites, with safe transactions, etc.
Obviously, if your Amazon password is stolen and if they know which websites you browse, you’re done ! But hey, same as in real life !
17. txGreg | January 23rd, 2008 at 4:48 pm
Matthew,
If you decide to play with KeePass some more, you might look at the community tools & such… There was no direct way to import my Password Corral data, but there was a way to do it with a few steps. Like Jim, I moved to KP so that I could use the same program on my work PC, my home Ubuntu systems, and my PocketPC.
18. matthew | January 23rd, 2008 at 5:05 pm
txGreg: I will have to see if I get some time this week to play with the program a bit. If it seems significantly better to me, I’ll explore making a switch. I use Linux both at home and at the office, so Windows/Mac compatibility isn’t a huge issue for me, but it is a nice feature. Thanks for the encouragement.
19. housetier | January 23rd, 2008 at 6:51 pm
I have been using Revelation for many years now and haven’t lost anything yet. It would be disastrous should that ever happen: I have so many accounts stored in there…
20. Joern | January 24th, 2008 at 2:15 am
I’m using <a href="pwsafe.sf.net/">p… a tiny little console programm. It’s easy to learn and rock solid.
21. irony | February 2nd, 2008 at 2:23 pm
I like KeePass as well because of it cross platform nature (windows) - I used it for a year or two on Ubuntu and PCLinuxOS and it hasn’t crashed or bugged on me.
22. irony | February 3rd, 2008 at 12:21 pm
I forgot to add that KeePass works on Gnome or KDE as well as being cross platform.
One thing to note is that it requires the qt libraries which make it rather bulky when downloading.
23. Jerome | February 8th, 2008 at 1:32 am
I have used KeePass. I just need to remember a master password. By using this application, I can take all my passwords with me on a USB Stick.
24. Thomas King | March 4th, 2008 at 5:38 am
I use MobileKnox and DesktopKnox. MobileKnox runs on any J2ME-enabled cellphone and hence makes sure that I have my data with me wherever I go. DesktopKnox runs on Linux, Windows, Mac OS X and synchronizes with MobileKnox so that I can easily enter and alter data. These applications are just great. Give it a try: http://www.mobileknox.com
Greetings,
Thomas
25. Kara | March 6th, 2008 at 3:11 pm
I’m using Figaro Password Manager (FPM) and it will let me "Jump" to a website and once there use the left and right mouse buttons enter both the unserID and the password without going back to FPM to get either. Can I do the same thing with KeepassX? If so, how?
26. Michael Ramm | March 7th, 2008 at 1:12 pm
matthew: It looks like you can export out of Revelation into XML format. I know that KeePassX can import from an XML file, so you might want to see if you can import your passwords into it. The beauty of KeePassX is the cross platform ability. I use it on my Ubuntu box, my MacBook Pro and my Windows XP VMs so that I have access to all of my passwords on one file. I keep my password DB on a usb key with the Portable version of KeePass on it (since most computers in the world are still windows). Enjoy.
27. matthew | March 7th, 2008 at 1:39 pm
Kara: I’m sorry, I don’t know the answer to your question.
Michael: Thank you. When I have some time, I’ll give this a try.
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed