| Lee H. Marzke on 30 Dec 2015 12:43:05 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] password safe |
I also use Lastpass for myself and my Enterprise clients. I set it up to require a 2nd factor Yubikey string for each login. You have a local copy of the encrypted data , so it works off-line, and also syncs to every client I have, Linux, Windows, Android, etc. Enterprise features allow you to enforce certain minimum standards, so the entry-level IT guy doesn't use some low security settings on his account. So for example I require some form of 2nd factor auth for every login account. Lastpass also allows you to store documents as attachments, so for example I have a master spreadsheet for my client's data center with all the IP's, LUN assignments, 10g wiring , emergency contacts etc. that I keep in LP, so even if the DC is down; everyone With LP access also has the passwords, and all configuration/emergency data. That works across Linux and Windows as well (using LibraOffice Calc ) FYI: Lastpass hack didn't compromise much, unless you re-used the master password on a website. Muti-factor auth is the way to go in any case. https://blog.lastpass.com/2015/06/lastpass-security-notice.html/ I leave a tiny Yubikey inserted completely inside a USB port on my laptop, and I have a 2nd yubikey on my keychain for my clients computers when I'm in the office. The yubikey OTP device generates a string consisting of my userid xxxxxx (blanked out) and an unique one-time string that changes each push, also has a 10Hz timestamp. here are two pushes: userid unique one-time string xxxxxxxxxxxx hiieljkutjjjkfihebtlcuncllnddfbj xxxxxxxxxxxx fcufhrgcggdnninkngdnhgdlfrbutgjk The letters chosen work same on any US or foreign keyboard mapping. You just put the curser in a yubikey text entry block and tap the button. Works on All OS's no driver required. The yubikey just emulates a USB keyboard. Lee ----- Original Message ----- > From: "Rich Freeman" <r-plug@thefreemanclan.net> > To: patterson@computer.org, "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org> > Sent: Wednesday, December 30, 2015 12:45:54 PM > Subject: Re: [PLUG] password safe > On Wed, Dec 30, 2015 at 11:41 AM, Bill Patterson > <bill.patterson1@comcast.net> wrote: >> Does anyone recommend a good password safe to use with Linux? > > Lastpass for everything. I keep an backup that is gpg-encrypted in > case they ever close shop. I haven't found a practical alternative > for all the platforms I use. > > -- > Rich > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug -- "Between subtle shading and the absence of light lies the nuance of iqlusion..." - Kryptos Lee Marzke, lee@marzke.net http://marzke.net/lee/ IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug