Is a password manager better than an encrypted file for storing passwords?












19















For any passwords other than websites I log into regularly (such as Gmail, Facebook, etc.), I use apg to generate a random 20 character password. I then add that password and a username or email address to a text file I keep stored in an encrypted VeraCrypt volume (password for that exists solely in my head).



In light of the Collection #1 breach, I'm planning to go through and change some of my passwords, and I'm wondering about the benefits of using a password manager such as Encryptr or Gnome Keyring. I usually use Mint with Cinnamon.



Is storing passwords in an encrypted file considered adequate for most peoples' needs? Even if it is, are there other benefits to using a password manager?






encryption passwords password-management







share|improve this question













migrated from superuser.com 40 mins ago


This question came from our site for computer enthusiasts and power users.











  • 7





    maybe this should be on Information Security

    – phuclv
    14 hours ago











  • @phuclv Thanks. I couldn't decide where to post this. I didn't know there was a sub site for information security.

    – CMB
    14 hours ago











  • Please ping me if this is not a helpful migration. Thanks! (SU ♦)

    – studiohack
    39 mins ago
















19















For any passwords other than websites I log into regularly (such as Gmail, Facebook, etc.), I use apg to generate a random 20 character password. I then add that password and a username or email address to a text file I keep stored in an encrypted VeraCrypt volume (password for that exists solely in my head).



In light of the Collection #1 breach, I'm planning to go through and change some of my passwords, and I'm wondering about the benefits of using a password manager such as Encryptr or Gnome Keyring. I usually use Mint with Cinnamon.



Is storing passwords in an encrypted file considered adequate for most peoples' needs? Even if it is, are there other benefits to using a password manager?






encryption passwords password-management







share|improve this question













migrated from superuser.com 40 mins ago


This question came from our site for computer enthusiasts and power users.











  • 7





    maybe this should be on Information Security

    – phuclv
    14 hours ago











  • @phuclv Thanks. I couldn't decide where to post this. I didn't know there was a sub site for information security.

    – CMB
    14 hours ago











  • Please ping me if this is not a helpful migration. Thanks! (SU ♦)

    – studiohack
    39 mins ago














19












19








19








For any passwords other than websites I log into regularly (such as Gmail, Facebook, etc.), I use apg to generate a random 20 character password. I then add that password and a username or email address to a text file I keep stored in an encrypted VeraCrypt volume (password for that exists solely in my head).



In light of the Collection #1 breach, I'm planning to go through and change some of my passwords, and I'm wondering about the benefits of using a password manager such as Encryptr or Gnome Keyring. I usually use Mint with Cinnamon.



Is storing passwords in an encrypted file considered adequate for most peoples' needs? Even if it is, are there other benefits to using a password manager?






encryption passwords password-management







share|improve this question














For any passwords other than websites I log into regularly (such as Gmail, Facebook, etc.), I use apg to generate a random 20 character password. I then add that password and a username or email address to a text file I keep stored in an encrypted VeraCrypt volume (password for that exists solely in my head).



In light of the Collection #1 breach, I'm planning to go through and change some of my passwords, and I'm wondering about the benefits of using a password manager such as Encryptr or Gnome Keyring. I usually use Mint with Cinnamon.



Is storing passwords in an encrypted file considered adequate for most peoples' needs? Even if it is, are there other benefits to using a password manager?






encryption passwords password-management




encryption passwords password-management






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 14 hours ago







CMB











migrated from superuser.com 40 mins ago


This question came from our site for computer enthusiasts and power users.






migrated from superuser.com 40 mins ago


This question came from our site for computer enthusiasts and power users.










  • 7





    maybe this should be on Information Security

    – phuclv
    14 hours ago











  • @phuclv Thanks. I couldn't decide where to post this. I didn't know there was a sub site for information security.

    – CMB
    14 hours ago











  • Please ping me if this is not a helpful migration. Thanks! (SU ♦)

    – studiohack
    39 mins ago














  • 7





    maybe this should be on Information Security

    – phuclv
    14 hours ago











  • @phuclv Thanks. I couldn't decide where to post this. I didn't know there was a sub site for information security.

    – CMB
    14 hours ago











  • Please ping me if this is not a helpful migration. Thanks! (SU ♦)

    – studiohack
    39 mins ago








7




7





maybe this should be on Information Security

– phuclv
14 hours ago





maybe this should be on Information Security

– phuclv
14 hours ago













@phuclv Thanks. I couldn't decide where to post this. I didn't know there was a sub site for information security.

– CMB
14 hours ago





@phuclv Thanks. I couldn't decide where to post this. I didn't know there was a sub site for information security.

– CMB
14 hours ago













Please ping me if this is not a helpful migration. Thanks! (SU ♦)

– studiohack
39 mins ago





Please ping me if this is not a helpful migration. Thanks! (SU ♦)

– studiohack
39 mins ago










1 Answer
1






active

oldest

votes


















22














Having an encrypted text file with passwords in it is certainly better then having common/reused passwords or an unencrypted file.



A good password manager is, however, incrementally better, in the following ways (off the top of my head)




  • Better memory management - it can prevent passwords being left in computer memory which can be snaffled by other processes/users.

  • It only exposes the needed password, not all of them.

  • (Sometimes) Browser integration makes life easier

  • Many eyes - a program designed specifically for password management, and audited, likely has stronger processes in place to ensure good hygene.

  • Cross-platform compatibility, arguably easier to merge records and manage in a cloud environment/from multiple locations.


You might want to look at Keepass and other variants, and the kdbx format. (And how well its supported). I use that under Linux (I assume you use linux as you mention APG)






share|improve this answer



















  • 7





    With a password manager you can even copy passwords without showing them on the screen, so people around you won't even see that one password.

    – Máté Juhász
    12 hours ago






  • 4





    Not to mention that a password manager can autogenerate very strong, random passwords, using a variety of algorithms.

    – Ian Kemp
    10 hours ago






  • 6





    Browser integration does not only make life easier; it's also a great way to avoid phishing. A website can fool a user, but definitely not the browser and an extension. If you try to log into a site and password autocompletion doesn't kick in, it's a red flag!

    – Fabio Turati
    8 hours ago






  • 3





    My worry with password managers is that they seem a very likely target for a hack. Whereas the secured file stored locally on my machine or usb-drive are not (assumptions on my part).

    – Deruijter
    3 hours ago






  • 1





    Password manager can provide an automatic close and lock after a certain length of time, if you walk away and forget to close your encrypted text file it is unlikely to close itself.

    – user3067860
    49 mins ago











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f201739%2fis-a-password-manager-better-than-an-encrypted-file-for-storing-passwords%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown
























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









22














Having an encrypted text file with passwords in it is certainly better then having common/reused passwords or an unencrypted file.



A good password manager is, however, incrementally better, in the following ways (off the top of my head)




  • Better memory management - it can prevent passwords being left in computer memory which can be snaffled by other processes/users.

  • It only exposes the needed password, not all of them.

  • (Sometimes) Browser integration makes life easier

  • Many eyes - a program designed specifically for password management, and audited, likely has stronger processes in place to ensure good hygene.

  • Cross-platform compatibility, arguably easier to merge records and manage in a cloud environment/from multiple locations.


You might want to look at Keepass and other variants, and the kdbx format. (And how well its supported). I use that under Linux (I assume you use linux as you mention APG)






share|improve this answer



















  • 7





    With a password manager you can even copy passwords without showing them on the screen, so people around you won't even see that one password.

    – Máté Juhász
    12 hours ago






  • 4





    Not to mention that a password manager can autogenerate very strong, random passwords, using a variety of algorithms.

    – Ian Kemp
    10 hours ago






  • 6





    Browser integration does not only make life easier; it's also a great way to avoid phishing. A website can fool a user, but definitely not the browser and an extension. If you try to log into a site and password autocompletion doesn't kick in, it's a red flag!

    – Fabio Turati
    8 hours ago






  • 3





    My worry with password managers is that they seem a very likely target for a hack. Whereas the secured file stored locally on my machine or usb-drive are not (assumptions on my part).

    – Deruijter
    3 hours ago






  • 1





    Password manager can provide an automatic close and lock after a certain length of time, if you walk away and forget to close your encrypted text file it is unlikely to close itself.

    – user3067860
    49 mins ago
















22














Having an encrypted text file with passwords in it is certainly better then having common/reused passwords or an unencrypted file.



A good password manager is, however, incrementally better, in the following ways (off the top of my head)




  • Better memory management - it can prevent passwords being left in computer memory which can be snaffled by other processes/users.

  • It only exposes the needed password, not all of them.

  • (Sometimes) Browser integration makes life easier

  • Many eyes - a program designed specifically for password management, and audited, likely has stronger processes in place to ensure good hygene.

  • Cross-platform compatibility, arguably easier to merge records and manage in a cloud environment/from multiple locations.


You might want to look at Keepass and other variants, and the kdbx format. (And how well its supported). I use that under Linux (I assume you use linux as you mention APG)






share|improve this answer



















  • 7





    With a password manager you can even copy passwords without showing them on the screen, so people around you won't even see that one password.

    – Máté Juhász
    12 hours ago






  • 4





    Not to mention that a password manager can autogenerate very strong, random passwords, using a variety of algorithms.

    – Ian Kemp
    10 hours ago






  • 6





    Browser integration does not only make life easier; it's also a great way to avoid phishing. A website can fool a user, but definitely not the browser and an extension. If you try to log into a site and password autocompletion doesn't kick in, it's a red flag!

    – Fabio Turati
    8 hours ago






  • 3





    My worry with password managers is that they seem a very likely target for a hack. Whereas the secured file stored locally on my machine or usb-drive are not (assumptions on my part).

    – Deruijter
    3 hours ago






  • 1





    Password manager can provide an automatic close and lock after a certain length of time, if you walk away and forget to close your encrypted text file it is unlikely to close itself.

    – user3067860
    49 mins ago














22












22








22







Having an encrypted text file with passwords in it is certainly better then having common/reused passwords or an unencrypted file.



A good password manager is, however, incrementally better, in the following ways (off the top of my head)




  • Better memory management - it can prevent passwords being left in computer memory which can be snaffled by other processes/users.

  • It only exposes the needed password, not all of them.

  • (Sometimes) Browser integration makes life easier

  • Many eyes - a program designed specifically for password management, and audited, likely has stronger processes in place to ensure good hygene.

  • Cross-platform compatibility, arguably easier to merge records and manage in a cloud environment/from multiple locations.


You might want to look at Keepass and other variants, and the kdbx format. (And how well its supported). I use that under Linux (I assume you use linux as you mention APG)






share|improve this answer













Having an encrypted text file with passwords in it is certainly better then having common/reused passwords or an unencrypted file.



A good password manager is, however, incrementally better, in the following ways (off the top of my head)




  • Better memory management - it can prevent passwords being left in computer memory which can be snaffled by other processes/users.

  • It only exposes the needed password, not all of them.

  • (Sometimes) Browser integration makes life easier

  • Many eyes - a program designed specifically for password management, and audited, likely has stronger processes in place to ensure good hygene.

  • Cross-platform compatibility, arguably easier to merge records and manage in a cloud environment/from multiple locations.


You might want to look at Keepass and other variants, and the kdbx format. (And how well its supported). I use that under Linux (I assume you use linux as you mention APG)







share|improve this answer












share|improve this answer



share|improve this answer










answered 14 hours ago









davidgodavidgo

35518




35518








  • 7





    With a password manager you can even copy passwords without showing them on the screen, so people around you won't even see that one password.

    – Máté Juhász
    12 hours ago






  • 4





    Not to mention that a password manager can autogenerate very strong, random passwords, using a variety of algorithms.

    – Ian Kemp
    10 hours ago






  • 6





    Browser integration does not only make life easier; it's also a great way to avoid phishing. A website can fool a user, but definitely not the browser and an extension. If you try to log into a site and password autocompletion doesn't kick in, it's a red flag!

    – Fabio Turati
    8 hours ago






  • 3





    My worry with password managers is that they seem a very likely target for a hack. Whereas the secured file stored locally on my machine or usb-drive are not (assumptions on my part).

    – Deruijter
    3 hours ago






  • 1





    Password manager can provide an automatic close and lock after a certain length of time, if you walk away and forget to close your encrypted text file it is unlikely to close itself.

    – user3067860
    49 mins ago














  • 7





    With a password manager you can even copy passwords without showing them on the screen, so people around you won't even see that one password.

    – Máté Juhász
    12 hours ago






  • 4





    Not to mention that a password manager can autogenerate very strong, random passwords, using a variety of algorithms.

    – Ian Kemp
    10 hours ago






  • 6





    Browser integration does not only make life easier; it's also a great way to avoid phishing. A website can fool a user, but definitely not the browser and an extension. If you try to log into a site and password autocompletion doesn't kick in, it's a red flag!

    – Fabio Turati
    8 hours ago






  • 3





    My worry with password managers is that they seem a very likely target for a hack. Whereas the secured file stored locally on my machine or usb-drive are not (assumptions on my part).

    – Deruijter
    3 hours ago






  • 1





    Password manager can provide an automatic close and lock after a certain length of time, if you walk away and forget to close your encrypted text file it is unlikely to close itself.

    – user3067860
    49 mins ago








7




7





With a password manager you can even copy passwords without showing them on the screen, so people around you won't even see that one password.

– Máté Juhász
12 hours ago





With a password manager you can even copy passwords without showing them on the screen, so people around you won't even see that one password.

– Máté Juhász
12 hours ago




4




4





Not to mention that a password manager can autogenerate very strong, random passwords, using a variety of algorithms.

– Ian Kemp
10 hours ago





Not to mention that a password manager can autogenerate very strong, random passwords, using a variety of algorithms.

– Ian Kemp
10 hours ago




6




6





Browser integration does not only make life easier; it's also a great way to avoid phishing. A website can fool a user, but definitely not the browser and an extension. If you try to log into a site and password autocompletion doesn't kick in, it's a red flag!

– Fabio Turati
8 hours ago





Browser integration does not only make life easier; it's also a great way to avoid phishing. A website can fool a user, but definitely not the browser and an extension. If you try to log into a site and password autocompletion doesn't kick in, it's a red flag!

– Fabio Turati
8 hours ago




3




3





My worry with password managers is that they seem a very likely target for a hack. Whereas the secured file stored locally on my machine or usb-drive are not (assumptions on my part).

– Deruijter
3 hours ago





My worry with password managers is that they seem a very likely target for a hack. Whereas the secured file stored locally on my machine or usb-drive are not (assumptions on my part).

– Deruijter
3 hours ago




1




1





Password manager can provide an automatic close and lock after a certain length of time, if you walk away and forget to close your encrypted text file it is unlikely to close itself.

– user3067860
49 mins ago





Password manager can provide an automatic close and lock after a certain length of time, if you walk away and forget to close your encrypted text file it is unlikely to close itself.

– user3067860
49 mins ago


















draft saved

draft discarded




















































Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f201739%2fis-a-password-manager-better-than-an-encrypted-file-for-storing-passwords%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Liquibase includeAll doesn't find base path

Image
0 while migrating a project from maven to gradle I ran in the following problem. My file structure looks like this: The changelog-master.xml includes the changelog-v1-0.xml, which then should include the directory v1-0 with following line: <includeAll path="src/main/resources/liquibase/changelogs/v1-0/" errorIfMissingOrEmpty="true" /> . This works just fine. This: <includeAll path="/liquibase/changelogs/v1-0/" errorIfMissingOrEmpty="true" relativeToChangelogFile="true" /> doesn't. I get following errormessage: Cannot find base path 'src/main/resources/liquibase/changelogs/changelog-v1-0.xml' with liquibase in version 3.6.2. I also tried the versions 3.6.0, 3.6.1 and 3.5.5. I am using gradle to build my project in version 4.9
Read more

How to use setInterval in EJS file?

Image
0 I have a problem with using setInterval in my EJS file, which is part of my nodejs app (with Express). I have created function getRandomSubarray , which chooses randomly subset of images from array. I want to change this subset every three seconds. This is problematic piece of my code: <%setInterval(function(){%> <%RandomSubrecipesImg=tools.getRandomSubarray(recipesImg,4)%> <div class="navbar-image-box col-sm-3 d-none d-sm-block"><img class="navbar-image" src="<%=RandomSubrecipesImg[0].replace('public',"")%>"></div> <div class="navbar-image-box col-sm-3 d-none d-sm-block"><img class="navbar-image" src="<%=RandomSubrecipesImg[1].replace('public',"")%>">&
Read more

Petrus Granier-Deferre

Image
Petrus Granier-Deferre (Lutetiae die 27 Iulii 1927 natus; ibidem die 16 Novembris 2007 mortuus) fuit moderator cinematographicus et dux scaenarum Francicus. Pelliculae selectae | 1961 : Le Petit Garçon de l'ascenseur 1962 : Les Aventures de Salavin (sous-titré Confession de minuit) 1965 : La Métamorphose des cloportes 1965 : Paris au mois d'août 1967 : Le Grand Dadais 1970 : La Horse 1971 : Le Chat 1971 : La Veuve Couderc 1973 : Le Fils 1973 : Le Train 1974 : La Race des seigneurs 1975 : La Cage 1975 : Adieu poulet 1976 : Une femme à sa fenêtre 1976 : Le Toubib 1981 : Une étrange affaire 1982 : L'Étoile du Nord 1983 : L'Ami de Vincent 1985 : L'Homme aux yeux d'argent 1986 : Cours privé 1987 : Noyade interdite 1988 : La Couleur du vent 1990 : L'Autrichienne 1995 : Le Petit Garçon 1992 : La Voix 1993 : Archipel 1995 : Maigret et la vente à la bougie (TV) 1996 : La Dernière Fête (TV) 1997 : Maigret et l'enfant de c
Read more