Finding a suitable password manager in Ubuntu 7.10 (Gutsy Gibbon)

Like most users these days I have many user accounts on various websites. Dealing with security can be quite an issue with so many passwords. A lot of accounts, say to a discussion board, are not too problematic if the credentials get compromised. For other sites, like financial or email services, compromise represents significantly more danger. It is wise not to use the same usernames and passwords on different servers for the reason that if 1 gets compromised others are put at risk. I find it’s best to use a password manager and generate passwords for various sites and keep the password file protected by a strong password or passphrase that changes regularly. I also find that it helps keep such accounts organized so I don’t lose track of them. I wanted to see if there was an application that would suit my needs using Kubuntu 7.10 (Gutsy Gibbon).

I first wanted to see what packages where available that were worth investigating so I ran the command: apt-cache search password manager.

I first eliminated all the packages with gnome dependencies which included:

• fpm
• gpass
• revelation

I then eliminated the console programs which included:

• pwsafe
• zsafe

I was left with the following 2 programs:

• kde-pwmanager
• mypasswordsafe

I’ve used mypasswordsafe before and didn’t love it. But using kde-pwmanager didn’t exactly blow me away either. Both encrypt password files using Blowfish encryption. I’m not sure either secures the passwords in memory (pwsafe does but such a feature also requires the command to be run with sudo). Of course kde-pwmanager integrates itself far better into KDE and is still under active development. Not only does mypasswordsafe not create a menu item it also strangely uses capitalization in its executable name (MyPasswordSafe).

When it comes to layout I think I prefer mypasswordsafe because it arranges items in a tree. Though that may be a preference because it is what I’m used to. The layout in kde-pwmanager is a flat listing and uses a category drop-down menu to organize passwords. Without a doubt my biggest pet peeve is that kde-pwmanager shows the password on the screen by default. I quickly changed the “Auto-lock timeout” to 1 second and disabled “Deep-lock on Autolock”. This means that if a password is “unlocked” (displayed) it will do so for only 1 second before becoming “locked” (concealed) again. I also disabled “Open document with passwords unlocked”.

Some other notes on mypasswordsafe:

• Pro: keeps track of created/modified/accessed dates and times for all entries
• Con: “Clear Clipboard” and “Clear clipboard on exit?” don’t work
• Con: no auto-lock timeout
• Con: generated passwords only consist of uppercase and lowercase letters and numbers

Some other notes on kde-pwmanager:

• Pro: can auto-lock the file after a specified number of minutes
• Pro: very configurable password generator that can include special characters and spaces in the password as well as execute an external program for password generation
• Con: saves files by default with a “PWM” extension (which is unwise since nobody should be able to easily identify the password file)
• Con: does not save created/modified/accessed dates and times for all entries

I think I’ll try kde-pwmanager for a while and see how I like it. It’s not everything I would like it to be but it might be suitable for my needs.