[go: up one dir, main page]

|
|
Log in / Subscribe / Register

KeePass, LastPass and two-factor authentication

KeePass, LastPass and two-factor authentication

Posted Oct 14, 2011 7:07 UTC (Fri) by Cato (guest, #7643)
In reply to: Enforcing password strength by tsr2
Parent article: Enforcing password strength

KeePass (Windows only) and KeePassX are database compatible, and there are many KeePass clones on other platforms, e.g. KyPass for iPhone and others for Android.

When combined with something like Dropbox, it's quite easy to keep your password DB available on various devices, although you multiply the risk of a keylogger grabbing the KeePass password. (Dropbox has a pretty good Linux client that includes a CLI-only install for headless servers (just use lynx on the server), and is very quick at syncing small files.

I also use LastPass for less critical passwords, and by generating a strong random password for every site, the main risk is that the main password is stolen. LastPass supports Yubikey, a low-cost USB token with AES encryption, which emulates a keyboard - so a keylogger attack would have to steal the LastPass password and my token. There's still a risk of LastPass-specific targetted malware, so client systems need to be kept updated and secure. Free as in beer on Linux, Windows, Mac, etc, with paid-for apps on iPhone and Android.

Duo Security is an interesting option to secure your own systems' SSH, web apps, VPNs, etc - they use phone calls, SMS or push notifications to smartphones as a second factor, and can be integrated with PAM. Free for up to 5 users or open source projects.


to post comments

KeePass, LastPass and two-factor authentication

Posted Oct 17, 2011 13:17 UTC (Mon) by sorpigal (subscriber, #36106) [Link]

I use PassPack myself, but LastPass is also a good choice. It's too bad there isn't an open source version of this kind of thing so that I can self host; trusting a third party's security and honesty doesn't sit well with me.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds