After all the media attention around LinkedIn password leak and others, I am not sure why some of the services (this and this) store the actual password in their databases and send it through mail or SMS upon `forgot password` request. Hashing password without a salt is worse, storing the actual password is worst.
So, I have started using `KeePassX` Password Manager for randomly generating and storing all my passwords. And, I use a stong password for KeePassX.
Ubuntu doesn't come with KeePassX installed, `sudo apt-get install keepassx` will install KeePassX with all the depdencies. Here is a nice tutorial on using KeePassX. The password database is stored in DropBox, so that in a scenario where I loose the machine it would be possible to get back the passwords.
So, I have started using `KeePassX` Password Manager for randomly generating and storing all my passwords. And, I use a stong password for KeePassX.
Ubuntu doesn't come with KeePassX installed, `sudo apt-get install keepassx` will install KeePassX with all the depdencies. Here is a nice tutorial on using KeePassX. The password database is stored in DropBox, so that in a scenario where I loose the machine it would be possible to get back the passwords.
No comments:
Post a Comment