Lee H. Marzke on 30 Dec 2015 12:43:05 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] password safe


I also use Lastpass for myself and my Enterprise clients.   I 
set it up to require a 2nd factor Yubikey string for each login.

You have a local copy of the encrypted data , so it works off-line,   and also
syncs to every client I have, Linux, Windows, Android, etc.

Enterprise features allow you to enforce certain minimum standards, so the
entry-level IT guy doesn't use some low security settings on his account.
So for example I require some form of 2nd factor auth for every login account.

Lastpass also allows you to store documents as attachments,  so for example I
have a master spreadsheet for my client's data center with all the IP's,
LUN assignments, 10g wiring , emergency contacts etc.  that I keep in LP,  so
even if the DC is down; everyone With LP access also has the passwords, and all
configuration/emergency data.   That works across Linux and Windows as well
(using LibraOffice Calc )

FYI: Lastpass hack didn't compromise much, unless you re-used the master password on a website.
Muti-factor auth is the way to go in any case.

https://blog.lastpass.com/2015/06/lastpass-security-notice.html/


I leave a tiny Yubikey inserted completely inside a USB port on my laptop,  and I have a 2nd
yubikey on my keychain for my clients computers when I'm in the office.


The yubikey OTP device generates a string consisting of my userid xxxxxx (blanked out) and 
an unique one-time string that changes each push,  also has a 10Hz timestamp.  here are two pushes:

userid       unique one-time string
xxxxxxxxxxxx hiieljkutjjjkfihebtlcuncllnddfbj
xxxxxxxxxxxx fcufhrgcggdnninkngdnhgdlfrbutgjk


The letters chosen work same on any US or foreign keyboard mapping.  You just
put the curser in a yubikey text entry block and tap the button.  Works
on All OS's  no driver required.  The yubikey just emulates a USB keyboard.


Lee




----- Original Message -----
> From: "Rich Freeman" <r-plug@thefreemanclan.net>
> To: patterson@computer.org, "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
> Sent: Wednesday, December 30, 2015 12:45:54 PM
> Subject: Re: [PLUG] password safe

> On Wed, Dec 30, 2015 at 11:41 AM, Bill Patterson
> <bill.patterson1@comcast.net> wrote:
>> Does anyone recommend a good password safe to use with Linux?
> 
> Lastpass for everything.  I keep an backup that is gpg-encrypted in
> case they ever close shop.  I haven't found a practical alternative
> for all the platforms I use.
> 
> --
> Rich
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

-- 
"Between subtle shading and the absence of light lies the nuance of iqlusion..." - Kryptos 

Lee Marzke, lee@marzke.net http://marzke.net/lee/ 
IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM 
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug