[Cialug] Password vaults

Matt matt at itwannabe.com
Sun May 21 22:03:55 UTC 2017 

My recommendation is to carry around a Mooltipass (Mini).  It is a 
hardware password keeper that utilizes a browser plugin to automatically 
handle web-based accounts, but can also act as a USB HID keyboard device 
to type in passwords manually.  It encrypts the passwords using AES-256 
and stores the encryption key on a smart card.  You use a 4-digit pin to 
unlock the smart card, much as you would a bank card.  The cards are 
built to fail if anyone tries to input the wrong key more than four 
times (or something like that...4 or 5).  Of course, you should keep a 
second copy of the smart card with your key on it in a safe place.

You can read about the Mooltipass here: https://www.themooltipass.com/

The code and hardware design files are here: 
https://github.com/limpkin/mooltipass

It's fully open source and doesn't suffer from the type of attacks that 
can be leveraged against online/software-based products.  A person would 
have to physically obtain the mooltipass, your smart card, and the pin 
to access all your passwords, or they would have to install a keylogger 
on your machines and wait for you to enter all of the passwords they are 
looking to compromise (though any password keeper running on a 
compromised machine is susceptible to this type of attack).

I, personally, think it is easy enough to use without having to deal 
with too much trouble.  The only time I ever get annoyed with it is when 
I leave it behind and then want to log into a website on my phone or 
something like that.  If I would remember to keep it on me at all times, 
I wouldn't run into those issues.  Any password keeper is going to add a 
few steps to your logins, so you are trading higher security for a 
couple of annoying steps to unlock the password keeper and have it log 
you in.  I figure once I've gotten used to keeping it on me at all times 
I'll be used to it, and all my passwords will be strong, completely 
random, 16-character (my choice of size... it actually supports up to 31 
character passwords) strings that are unique to every place I log in.

Good luck with whatever you choose, though!

-- Matt (N0BOX)


On 5/21/2017 5:43 PM, Josh More wrote:
> If you put your KeePass file on a Dropbox/SpiderOak/OwnCloud share, you can
> run it on multiple systems.
>
> On Sun, May 21, 2017 at 4:36 PM, L. V. Lammert <lvl at omnitec.net> wrote:
>
>> Seems like more and more of my machines will no longer run the LastPass
>> plugin for Firefox - the idiots have added so much CRAP (logos for every
>> URL, fancy menus that are worthless, ad nauseum) that it isn't even worth
>> using any more.
>>
>> Is there any other solution that will securely synchronize a vault amongst
>> workstations, tablets, & mobile devices? Most of the other tools are just
>> designed for a single workstion (a la KeePass), or not really secure
>> (Firefox Sync).
>>
>>          TIA!
>>
>>          Lee
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug

More information about the Cialug mailing list