https://pfp.works/
Pain-free Passwords security review :
https://palant.de/2019/09/26/pfp-pain-f ... ty-review/
I reviewed the code of the Pain-free Passwords extension. It’s a stateless password manager that generates new passwords based on your master password, meaning that you don’t have to back your password database up (although, you also can import your old passwords, which do need backing up). For this kind of password managers, the most sensitive part is the password generation algorithm. Other possibly vulnerable components include those common for all password managers: autofill, storage and cloud sync.
Passwords generated by a password manager have to be unpredictable. For a stateless password manager, there’s another important requirement: it should be impossible to derive the master password back from one of the generated passwords. PfP satisfies both requirements.
With this setup, the only attack possible would be brute-forcing the master password, i. e. trying to reverse the one-way hash function, which is prohibitively expensive and time-consuming (we’re talking about tens of years running very expensive computers here). So it’s highly unlikely someone would even try, a much more efficient method would be to install a keylogger on the victim’s computer.
PfP does a good job making sure a password for a specific website can only be filled on that website. I wasn’t able to trick it into autofilling password for one website on another.
PfP code doesn’t contain any common mistakes, like listening to keyboard events from a webpage context or otherwise executing sensitive code in an untrusted environment.
Firefox addon :
https://addons.mozilla.org/en-US/firefo ... passwords/
Also available for Chrome users
Pain-free Passwords & Passbolt
Pain-free Passwords & Passbolt
Last edited by labbe5 on Wed 16 Oct 2019, 12:27, edited 3 times in total.
OpenSSL
https://www.ostechnix.com/4-easy-ways-t ... -in-linux/
Generate a strong password in Linux
Method 1 – using OpenSSL
$ openssl rand -base64 14
-base64’ string will make sure the password can be typed on a keyboard
For even stronger passwords :
$ openssl rand -base64 16
Further reading :
Managing passwords using ed and gpg2
https://dataswamp.org/~solene/2019-10-0 ... ds-ed.html
Google Password audits all your passwords to reveal weak, reused or compromised passwords
https://www.ghacks.net/2019/10/03/googl ... passwords/
Generate a strong password in Linux
Method 1 – using OpenSSL
$ openssl rand -base64 14
-base64’ string will make sure the password can be typed on a keyboard
For even stronger passwords :
$ openssl rand -base64 16
Further reading :
Managing passwords using ed and gpg2
https://dataswamp.org/~solene/2019-10-0 ... ds-ed.html
Google Password audits all your passwords to reveal weak, reused or compromised passwords
https://www.ghacks.net/2019/10/03/googl ... passwords/
Last edited by labbe5 on Thu 03 Oct 2019, 20:44, edited 2 times in total.
I tried to make a little pet that goes in Personal Category, Labbe.
It runs in Terminal with the dollar sign removed, but won’t run from
The desktop file. A bit brain dead today lol.
It runs in Terminal with the dollar sign removed, but won’t run from
The desktop file. A bit brain dead today lol.
- Attachments
-
- password-generator.pet
- (8.12 KiB) Downloaded 189 times
Passbolt - An open source password manager for teams
https://addons.mozilla.org/en-US/firefo ... /passbolt/
Passbolt is an open source password manager built for collaboration. It allows your team to securely share and store credentials. For instance, the wifi password of your office, or the administrator password of a router or your organisation social media account password.
Passbolt is different from the other password managers because :
- It is free & open source;
- It is primarily designed for teams and not individuals;
- It is based on OpenPGP, a proven cryptographic standard;
- It is easy to use for both novice and IT professionals alike;
- It is extensible thanks to its restful API;
- It is respectful of privacy.
This add-on is required to use the software.
Further reading :
Passbolt review
https://vpnpro.com/password-managers/passbolt-review/
How to Install Passbolt Password Manager on Ubuntu 18.04 Server
https://www.linuxbabe.com/ubuntu/instal ... untu-18-04
Five myths about password managers
https://blog.mozilla.org/firefox/myths- ... -managers/
Passbolt is an open source password manager built for collaboration. It allows your team to securely share and store credentials. For instance, the wifi password of your office, or the administrator password of a router or your organisation social media account password.
Passbolt is different from the other password managers because :
- It is free & open source;
- It is primarily designed for teams and not individuals;
- It is based on OpenPGP, a proven cryptographic standard;
- It is easy to use for both novice and IT professionals alike;
- It is extensible thanks to its restful API;
- It is respectful of privacy.
This add-on is required to use the software.
Further reading :
Passbolt review
https://vpnpro.com/password-managers/passbolt-review/
How to Install Passbolt Password Manager on Ubuntu 18.04 Server
https://www.linuxbabe.com/ubuntu/instal ... untu-18-04
Five myths about password managers
https://blog.mozilla.org/firefox/myths- ... -managers/