Wednesday, February 24, 2010

pwsafe - Password Keeper

I don't know about you but, I have a butt load of usernames and passwords. I try not to use the same username and password for facebook, twitter, my bank, work, etc for what I hope is obvious security reasons. I desperately needed something to manage my passwords, which lead me to find pwsafe. From the man page, "pwsafe [is a] commandline password database utility compatible with Counterpane's Passwordsafe." It has been really handy.

pwsafe is in the Debian/Ubuntu repositories and I assume should be in most of the major Linux distributions. If you can't find it for your distro, you can get it here.

Once installed, you will need to create a new database.
$ pwsafe --createdb

You be asked to create a password for this database, make sure it is unique, secure and don't forget it.

Once that is done you're ready to add an entry.

$ pwsafe -a name

This will initiate the following:

Enter passphrase for /home/jared/.pwsafe.dat:
group []: Web
username: xxxxxxxxx
password [return for random]:
password again:
notes: access to ftp and panel

This is pretty straight forward. You are asked for your passphrase (the one
created when you first set up your database) and then a group name. This is a
nice feature to catagorize your passwords. I have a group for Finance, Websites,
Work, etc. You can then search or list information just for those groups. Next you will enter a username, password (twice) and notes. The notes is nice for security questions you may be asked on bank sites for authentication where you can never remember the answer.

To view a list of entries with in a group.

$ pwsafe -l groupname

You will be prompted for your passphrase. The groupname is optional, but helps cut down on the output. This will just print out group, name and your notes. No passwords will be displayed.

To view your passwords,

$ pwsafe -upE name

Again you will be prompted for your passphrase and your username and password will be displayed. There's a lot more you can do with pwsafe. See the man page for more info.



Eric said...

I've been using KeePassX for the same purpose. Its killer feature is automatic generation of passwords, matching certain criteria. On the other hand, --mergedb sounds much better than the hand-merging I have occasionally done.

Utahcon said...

I've always been leery of these types of programs because they really change the way the game works.

If I were to compromise your computer, and realize you are running a password keeping program, I'd only have to find 1 more password ever. Then I would have all your passwords and full knowledge of where they work, and as you noted with your notes I would be able to know the extra questions that are going to be asked etc.

I see these as a security risk, just my thoughts.