Is a password manager better than an encrypted file for storing passwords?
For any passwords other than websites I log into regularly (such as gmail, facebook, etc), I use APG to generate a random 20 character password. I then add that password and a username or email address to a text file I keep stored in an encrypted Veracrypt volume (password for that exists solely in my head).
In light of this new breach, I'm planning to go through and change some of my passwords, and I'm wondering about the benefits of using a password manager such as Encryptr or Gnome Keyring. I usually use Mint with Cinnamon.
Is storing passwords in an encrypted file considered adequate for most peoples' needs? Even if it is, are there other benefits to using a password manager?
security encryption passwords password-management internet-security
New contributor
add a comment |
For any passwords other than websites I log into regularly (such as gmail, facebook, etc), I use APG to generate a random 20 character password. I then add that password and a username or email address to a text file I keep stored in an encrypted Veracrypt volume (password for that exists solely in my head).
In light of this new breach, I'm planning to go through and change some of my passwords, and I'm wondering about the benefits of using a password manager such as Encryptr or Gnome Keyring. I usually use Mint with Cinnamon.
Is storing passwords in an encrypted file considered adequate for most peoples' needs? Even if it is, are there other benefits to using a password manager?
security encryption passwords password-management internet-security
New contributor
maybe this should be on Information Security
– phuclv
2 hours ago
@phuclv Thanks. I couldn't decide where to post this. I didn't know there was a sub site for information security.
– CMB
2 hours ago
add a comment |
For any passwords other than websites I log into regularly (such as gmail, facebook, etc), I use APG to generate a random 20 character password. I then add that password and a username or email address to a text file I keep stored in an encrypted Veracrypt volume (password for that exists solely in my head).
In light of this new breach, I'm planning to go through and change some of my passwords, and I'm wondering about the benefits of using a password manager such as Encryptr or Gnome Keyring. I usually use Mint with Cinnamon.
Is storing passwords in an encrypted file considered adequate for most peoples' needs? Even if it is, are there other benefits to using a password manager?
security encryption passwords password-management internet-security
New contributor
For any passwords other than websites I log into regularly (such as gmail, facebook, etc), I use APG to generate a random 20 character password. I then add that password and a username or email address to a text file I keep stored in an encrypted Veracrypt volume (password for that exists solely in my head).
In light of this new breach, I'm planning to go through and change some of my passwords, and I'm wondering about the benefits of using a password manager such as Encryptr or Gnome Keyring. I usually use Mint with Cinnamon.
Is storing passwords in an encrypted file considered adequate for most peoples' needs? Even if it is, are there other benefits to using a password manager?
security encryption passwords password-management internet-security
security encryption passwords password-management internet-security
New contributor
New contributor
edited 2 hours ago
Blackwood
2,88861728
2,88861728
New contributor
asked 2 hours ago
CMBCMB
122
122
New contributor
New contributor
maybe this should be on Information Security
– phuclv
2 hours ago
@phuclv Thanks. I couldn't decide where to post this. I didn't know there was a sub site for information security.
– CMB
2 hours ago
add a comment |
maybe this should be on Information Security
– phuclv
2 hours ago
@phuclv Thanks. I couldn't decide where to post this. I didn't know there was a sub site for information security.
– CMB
2 hours ago
maybe this should be on Information Security
– phuclv
2 hours ago
maybe this should be on Information Security
– phuclv
2 hours ago
@phuclv Thanks. I couldn't decide where to post this. I didn't know there was a sub site for information security.
– CMB
2 hours ago
@phuclv Thanks. I couldn't decide where to post this. I didn't know there was a sub site for information security.
– CMB
2 hours ago
add a comment |
1 Answer
1
active
oldest
votes
Having an encrypted text file with passwords in it is certainly better then having shared passwords or an unencrypted file.
A good password manager is, however, incrementally better, in the following ways (off the top of my head)
- Better memory management - it can prevent passwords being left in computer memory which can be snaffled by other processes/users.
- It only exposes the needed password, not all of them.
- (Sometimes) Browser integration makes life easier
- Many eyes - a program designed specifically for password management, and audited, likely has stronger processes in place to ensure good hygene.
- Cross-platform compatibility, arguably easier to merge records and manage in a cloud environment/from multiple locations.
You might want to look at Keepass and other variants, and the kdbx format. (And how well its supported). I use that under Linux (I assume you use linux as you mention APG)
Yes, I use Mint. I didn't realize Keepass worked on linux.
– CMB
2 hours ago
apt install keepass2
– davidgo
2 hours ago
Also, you may find kpcli helpful.
– davidgo
2 hours ago
Cool, thanks. Does using keepass make cross-platform a problem? For example, if I want to login from android, is there a way to sync passwords across devices?
– CMB
2 hours ago
I've not used it on Android yet, but it should work OK if you have a shared system like Dropbox, or even use Webdav or any of a number of mechanisms (included in keepass2Android for example)
– davidgo
1 hour ago
|
show 1 more comment
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
CMB is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1395612%2fis-a-password-manager-better-than-an-encrypted-file-for-storing-passwords%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Having an encrypted text file with passwords in it is certainly better then having shared passwords or an unencrypted file.
A good password manager is, however, incrementally better, in the following ways (off the top of my head)
- Better memory management - it can prevent passwords being left in computer memory which can be snaffled by other processes/users.
- It only exposes the needed password, not all of them.
- (Sometimes) Browser integration makes life easier
- Many eyes - a program designed specifically for password management, and audited, likely has stronger processes in place to ensure good hygene.
- Cross-platform compatibility, arguably easier to merge records and manage in a cloud environment/from multiple locations.
You might want to look at Keepass and other variants, and the kdbx format. (And how well its supported). I use that under Linux (I assume you use linux as you mention APG)
Yes, I use Mint. I didn't realize Keepass worked on linux.
– CMB
2 hours ago
apt install keepass2
– davidgo
2 hours ago
Also, you may find kpcli helpful.
– davidgo
2 hours ago
Cool, thanks. Does using keepass make cross-platform a problem? For example, if I want to login from android, is there a way to sync passwords across devices?
– CMB
2 hours ago
I've not used it on Android yet, but it should work OK if you have a shared system like Dropbox, or even use Webdav or any of a number of mechanisms (included in keepass2Android for example)
– davidgo
1 hour ago
|
show 1 more comment
Having an encrypted text file with passwords in it is certainly better then having shared passwords or an unencrypted file.
A good password manager is, however, incrementally better, in the following ways (off the top of my head)
- Better memory management - it can prevent passwords being left in computer memory which can be snaffled by other processes/users.
- It only exposes the needed password, not all of them.
- (Sometimes) Browser integration makes life easier
- Many eyes - a program designed specifically for password management, and audited, likely has stronger processes in place to ensure good hygene.
- Cross-platform compatibility, arguably easier to merge records and manage in a cloud environment/from multiple locations.
You might want to look at Keepass and other variants, and the kdbx format. (And how well its supported). I use that under Linux (I assume you use linux as you mention APG)
Yes, I use Mint. I didn't realize Keepass worked on linux.
– CMB
2 hours ago
apt install keepass2
– davidgo
2 hours ago
Also, you may find kpcli helpful.
– davidgo
2 hours ago
Cool, thanks. Does using keepass make cross-platform a problem? For example, if I want to login from android, is there a way to sync passwords across devices?
– CMB
2 hours ago
I've not used it on Android yet, but it should work OK if you have a shared system like Dropbox, or even use Webdav or any of a number of mechanisms (included in keepass2Android for example)
– davidgo
1 hour ago
|
show 1 more comment
Having an encrypted text file with passwords in it is certainly better then having shared passwords or an unencrypted file.
A good password manager is, however, incrementally better, in the following ways (off the top of my head)
- Better memory management - it can prevent passwords being left in computer memory which can be snaffled by other processes/users.
- It only exposes the needed password, not all of them.
- (Sometimes) Browser integration makes life easier
- Many eyes - a program designed specifically for password management, and audited, likely has stronger processes in place to ensure good hygene.
- Cross-platform compatibility, arguably easier to merge records and manage in a cloud environment/from multiple locations.
You might want to look at Keepass and other variants, and the kdbx format. (And how well its supported). I use that under Linux (I assume you use linux as you mention APG)
Having an encrypted text file with passwords in it is certainly better then having shared passwords or an unencrypted file.
A good password manager is, however, incrementally better, in the following ways (off the top of my head)
- Better memory management - it can prevent passwords being left in computer memory which can be snaffled by other processes/users.
- It only exposes the needed password, not all of them.
- (Sometimes) Browser integration makes life easier
- Many eyes - a program designed specifically for password management, and audited, likely has stronger processes in place to ensure good hygene.
- Cross-platform compatibility, arguably easier to merge records and manage in a cloud environment/from multiple locations.
You might want to look at Keepass and other variants, and the kdbx format. (And how well its supported). I use that under Linux (I assume you use linux as you mention APG)
answered 2 hours ago
davidgodavidgo
43.2k75290
43.2k75290
Yes, I use Mint. I didn't realize Keepass worked on linux.
– CMB
2 hours ago
apt install keepass2
– davidgo
2 hours ago
Also, you may find kpcli helpful.
– davidgo
2 hours ago
Cool, thanks. Does using keepass make cross-platform a problem? For example, if I want to login from android, is there a way to sync passwords across devices?
– CMB
2 hours ago
I've not used it on Android yet, but it should work OK if you have a shared system like Dropbox, or even use Webdav or any of a number of mechanisms (included in keepass2Android for example)
– davidgo
1 hour ago
|
show 1 more comment
Yes, I use Mint. I didn't realize Keepass worked on linux.
– CMB
2 hours ago
apt install keepass2
– davidgo
2 hours ago
Also, you may find kpcli helpful.
– davidgo
2 hours ago
Cool, thanks. Does using keepass make cross-platform a problem? For example, if I want to login from android, is there a way to sync passwords across devices?
– CMB
2 hours ago
I've not used it on Android yet, but it should work OK if you have a shared system like Dropbox, or even use Webdav or any of a number of mechanisms (included in keepass2Android for example)
– davidgo
1 hour ago
Yes, I use Mint. I didn't realize Keepass worked on linux.
– CMB
2 hours ago
Yes, I use Mint. I didn't realize Keepass worked on linux.
– CMB
2 hours ago
apt install keepass2
– davidgo
2 hours ago
apt install keepass2
– davidgo
2 hours ago
Also, you may find kpcli helpful.
– davidgo
2 hours ago
Also, you may find kpcli helpful.
– davidgo
2 hours ago
Cool, thanks. Does using keepass make cross-platform a problem? For example, if I want to login from android, is there a way to sync passwords across devices?
– CMB
2 hours ago
Cool, thanks. Does using keepass make cross-platform a problem? For example, if I want to login from android, is there a way to sync passwords across devices?
– CMB
2 hours ago
I've not used it on Android yet, but it should work OK if you have a shared system like Dropbox, or even use Webdav or any of a number of mechanisms (included in keepass2Android for example)
– davidgo
1 hour ago
I've not used it on Android yet, but it should work OK if you have a shared system like Dropbox, or even use Webdav or any of a number of mechanisms (included in keepass2Android for example)
– davidgo
1 hour ago
|
show 1 more comment
CMB is a new contributor. Be nice, and check out our Code of Conduct.
CMB is a new contributor. Be nice, and check out our Code of Conduct.
CMB is a new contributor. Be nice, and check out our Code of Conduct.
CMB is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1395612%2fis-a-password-manager-better-than-an-encrypted-file-for-storing-passwords%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
maybe this should be on Information Security
– phuclv
2 hours ago
@phuclv Thanks. I couldn't decide where to post this. I didn't know there was a sub site for information security.
– CMB
2 hours ago