Jan
2016
password management
LITA listsrev has an excellent discussion on password management.
I personally am using LastPass for two years: great free option, paid one can be used on mobiles.
=========================
From: lita-l-request@lists.ala.org [mailto:lita-l-request@lists.ala.org] On Behalf Of Michael J. Paulmeno
Sent: Wednesday, January 06, 2016 1:36 PM
To: lita-l@lists.ala.org
Subject: RE: [lita-l] Question on password management
I second Keepass. Not only is it free, open source, and multi-OS, but it lives on your computer, not in the cloud (although the database can be put on a shared drive or in DropBox for access across devices). Personally that makes me feel much safer. There are clients available for Windows, Mac, Linux, IPhone, Android and even Blackberry.
Cheers,
Mike
From: lita-l-request@lists.ala.org [mailto:lita-l-request@lists.ala.org] On Behalf Of Ronald Houk
Sent: Wednesday, January 06, 2016 12:38 PM
To: lita-l@lists.ala.org
Subject: Re: [lita-l] Question on password management
I use lastpass as well. However, LastPass was just bought by LogMeIn, so lots of people are holding their breath hoping that things stay good. Another open source, multi-os, alternative is keepass (keepass.info)
On Wed, Jan 6, 2016 at 11:43 AM, Yvonne Reed <yvonner@ranchomiragelibrary.org> wrote:
Hi Everyone,
I would like offer or recommend a password management tool to my library staff that’s reliable and easy to use. Do any of you have one you can recommend?
Thank you,
Yvonne Reed
Technology Librarian
Rancho Mirage Public Library
71-100 Hwy 111
Rancho Mirage, CA 92270
(760)341-7323 x770
————————————–
From: lita-l-request@lists.ala.org [mailto:lita-l-request@lists.ala.org] On Behalf Of O’English, Lorena
Sent: Wednesday, January 06, 2016 12:51 PM
To: lita-l@lists.ala.org
Subject: RE: [lita-l] Question on password management
I really like Dashlane (dashlane.com) – it has a lot of options, including the ability to give someone else access to your passwords in certain situations (plus, they support Firefox financially via low-impact ads). I think of this sometimes when I think about what would happen if a piano fell on me tomorrow – what a mess it would be for my spouse to cope with my digital life! That said, although I use Dashlane, I still have not quite managed to get myself to use all its functionality.
Lorena
***
Washington State University Libraries
wsulorena: Twitter, Skype, GTalk, Yahoo IM
———–
—–Original Message—–
From: lita-l-request@lists.ala.org [mailto:lita-l-request@lists.ala.org] On Behalf Of Cary Gordon
Sent: Wednesday, January 06, 2016 12:37 PM
To: lita-l@lists.ala.org
Subject: Re: [lita-l] Question on password management
1Password ++
————–
—–Original Message—–
From: lita-l-request@lists.ala.org [mailto:lita-l-request@lists.ala.org] On Behalf Of COLLINS, MATTHEW
Sent: Wednesday, January 06, 2016 12:35 PM
To: lita-l@lists.ala.org
Subject: RE: [lita-l] Question on password management
I have used Roboform for at least 10 years and never had a problem. It manages passwords for logins and bookmarks on my PCs, my iPhone and iPad. It synchs online so work, home, tablet and phone all have the same info. It also stores personal info (name & multiple addresses) and confidential notes and other info.
–Matthew
———————-
Has anyone mentioned Password Safe? http://passwordsafe.sourceforge.net/
It’s worked well for organizing and managing usernames/passwords.
Angela Stangl
Digital Services Coordinator
Rodney A. Briggs Library
University of Minnesota, Morris
(320) 589-6164
——————————-
FEATURES
http://keepass.info/features.html
PLUGINS
http://keepass.info/plugins.html
Note: CAPS is used here and there to call attention without extra Gmail formatting, not to shout at anyone. Still…I know I look like I yell here. I have flogged myself, I will now bathe in the River Salt.
MWoT
Ok, check it out.
Plugins, macros, group/profile/source/target/timing locks, separate DBs and separate metadata for these if you like, INTERNALLY-ROTATING SUPERKEYS via REGULAR KEY TRANSORMATIONS and TWO-CHANNEL AUTO-TYPE OBFUSCATION (for obfuscating your auto-typed passwords or keys, if you select Auto)….!!!…
…and well-reasoned, well-EXPLAINED approaches to certain critical areas of password management in general and to KeePass in particular.
For instance: In the FAQ, read the logic breakdown (thought-by-thought explanation) of why Keepass does NOT lock itself when a SUB-dialogue box is open in Keepass whle the user then LOCKS the workstation. =)
Why doesn’t KeePass lock when Windows locks and a KeePass sub-dialog is open?
http://keepass.info/help/base/faq_tech.html#noautolock
My support of Keepass as a primary, then a close alternative, comes from four of my six years in IT being in direct computer and network security roles. Sure, not the most trench years out there, but they are all engineering and tiered-analyst roles for several major US corporations.
I’m proud of that…and in terms of relevance, I worked – and still work – with and around many engineers, analysts, and scientists (data, algorithmic). I look up to these people a great deal, and many of these coworkers come fully assembled having forgotten more than I’ll ever know and still learning faster than I could ever talk about… and even THEY use Keepass and they use it powerfully.
Detection of each site’s contact (HTTP GET, form forcus, etc) or “touch” can be different with each browser it integrates into, and that’s just for starters. One can also script up a different timing to use before the credentials are passed….;)….one can also relegate references to a central database, or one can refer only to the local system or even just a specific profile that can access said .kdbx file (KeePass database), or one can limit the data source to just one .kdbx single-instance database file, or one can use the .kdbx as a secondary for some other central repository failure, if that happens.
One can make several .kdbx files for different uses…no requirement to have just one! Each a diffferent base of unique data keys, each wtih a different direction administered on when it is referenced, how it is run, and where it lives on a system.
Aaaaaand it can integrate with other DBMs, it’s not an island!
Keepass is not the end-all be-all, but it IS FOSS (Free and Open-Source Software, great for investigating its machinery). Also it is:
– Programmable (via the Plugins model, you can write some yourself if you like!)
– Modularizable (again, via the Plugins model)
– Profile lockable, (<— really neat!)
– SMM (Secure Memory Manageable, for Windows Clipboard and the like)
– and more!
Anyway, Keepass is rad for its cost, but, like the others on this thread, I will second LastPass as well. LastPass is a an alternative to Keepass. =)
Daniel Strickland
linkedin.com/in/dwstrickland
Matthew Collins
Director of the Ernest Miller White Library Associate Professor of Research and Bibliography Louisville Presbyterian Theological Seminary
1044 Alta Vista Road
Louisville, KY 40205
mcollins@lpts.edu| 502.992.5420