|
Size: 747
Comment: page was renamed from PasswordTool
|
← Revision 17 as of 2025-03-30 08:21:09 ⇥
Size: 2328
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| ## page was renamed from PasswordTool = Password Management Tool = |
= Password Management = |
| Line 4: | Line 3: |
| * There are a lot of tools who try to help you to organize your passwords. * We choosed '''keepassx'''' - http://www.keepassx.org/ * It's available for Linux and Windows. * The database is the same for Linux and Windows - you can use the same in both worlds. |
== Important advises == |
| Line 9: | Line 5: |
| = Installing = * Sun Ray Server: already installed. * mathpwt1 / mathpwt4: will be installed soon. * Ubuntu general: `sudo apt-get install keepassx` * Windows: download from the homepage. |
* To save your credentials and other impartant data, use [[keepassx|KeepassXC]]. * Use different passwords for your online accounts. * Whenever possible, activate multi factor authentication (MFA) - even if this is pain at the beginning, as soon as you have been hacked, you will change your mind. * Save your passwords in a secure way (not in .docx or .xlsx or whatever). * Take care that you have access to your personal credentials, even if there is no internet available. |
| Line 15: | Line 11: |
| = Using = * If you use only one database: keepassx will remember your last used database. * If you use different databases: specify the db file as argument on the commandline or select it via the GUI. |
== FAQ == * Q: Why different passwords? * A: If a hacker get's your password, the first thing he will do is to try the capured password on all major online services (gmail, whatsapp, spotify, ...) * Q: Should I use an online password service like lastpass, 1password, ... * A: That's your decision. Some of them have been hacked already ([[https://www.heise.de/news/Passwortmanager-LastPass-Hacker-scheinen-Kennworttresore-zu-knacken-9300583.html|Lastpass hacked]]) * Q: Is it ok to save my passwords in the browser? * A: This is a personal decision and no clear yes/no. You definetly should use a strong master password. * Q: Is it ok to use Mac OS X Keychain or Microsoft Windows Credential Manager? * A: This is fine with one added requirement: you should have an offline backup! Just imagine your Apple ID or Microsoft account will be locked by Apple or Microsoft! You will not be the first person and it is really really hard to get the account back ([[https://www.heise.de/select/ct/2022/24/2227209284720057373|Microsoft sperrt Account]]) * Q: What is your advice to manage passwords? * A: 1) Use [[keepassx|KeepassXC]], 2) '''synced''' via cloud storage to all of your devices, 3) activate '''browser integration'''. * + MFA token like TOTP, Passkey can be handled via KeepassXC - No single point of failure with MS-Authenticator only binds to one device. * - There is one database with all of your information ... if a criminal get's access to it, this is a nightmare. * ? But is it better to use the same password everywhere or putting your credentilas in a word file in plain text? * + Create multiple databases: one for online accounts, one for finance, ... use different master passwords. |
Password Management
Important advises
To save your credentials and other impartant data, use KeepassXC.
- Use different passwords for your online accounts.
- Whenever possible, activate multi factor authentication (MFA) - even if this is pain at the beginning, as soon as you have been hacked, you will change your mind.
- Save your passwords in a secure way (not in .docx or .xlsx or whatever).
- Take care that you have access to your personal credentials, even if there is no internet available.
FAQ
- Q: Why different passwords?
- A: If a hacker get's your password, the first thing he will do is to try the capured password on all major online services (gmail, whatsapp, spotify, ...)
- Q: Should I use an online password service like lastpass, 1password, ...
A: That's your decision. Some of them have been hacked already (Lastpass hacked)
- Q: Is it ok to save my passwords in the browser?
- A: This is a personal decision and no clear yes/no. You definetly should use a strong master password.
- Q: Is it ok to use Mac OS X Keychain or Microsoft Windows Credential Manager?
A: This is fine with one added requirement: you should have an offline backup! Just imagine your Apple ID or Microsoft account will be locked by Apple or Microsoft! You will not be the first person and it is really really hard to get the account back (Microsoft sperrt Account)
- Q: What is your advice to manage passwords?
A: 1) Use KeepassXC, 2) synced via cloud storage to all of your devices, 3) activate browser integration.
- + MFA token like TOTP, Passkey can be handled via KeepassXC - No single point of failure with MS-Authenticator only binds to one device.
- - There is one database with all of your information ... if a criminal get's access to it, this is a nightmare.
- ? But is it better to use the same password everywhere or putting your credentilas in a word file in plain text?
- + Create multiple databases: one for online accounts, one for finance, ... use different master passwords.