Is a password manager better than an encrypted file for storing passwords?












1















For any passwords other than websites I log into regularly (such as gmail, facebook, etc), I use APG to generate a random 20 character password. I then add that password and a username or email address to a text file I keep stored in an encrypted Veracrypt volume (password for that exists solely in my head).



In light of this new breach, I'm planning to go through and change some of my passwords, and I'm wondering about the benefits of using a password manager such as Encryptr or Gnome Keyring. I usually use Mint with Cinnamon.



Is storing passwords in an encrypted file considered adequate for most peoples' needs? Even if it is, are there other benefits to using a password manager?










share|improve this question









New contributor




CMB is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • maybe this should be on Information Security

    – phuclv
    2 hours ago











  • @phuclv Thanks. I couldn't decide where to post this. I didn't know there was a sub site for information security.

    – CMB
    2 hours ago
















1















For any passwords other than websites I log into regularly (such as gmail, facebook, etc), I use APG to generate a random 20 character password. I then add that password and a username or email address to a text file I keep stored in an encrypted Veracrypt volume (password for that exists solely in my head).



In light of this new breach, I'm planning to go through and change some of my passwords, and I'm wondering about the benefits of using a password manager such as Encryptr or Gnome Keyring. I usually use Mint with Cinnamon.



Is storing passwords in an encrypted file considered adequate for most peoples' needs? Even if it is, are there other benefits to using a password manager?










share|improve this question









New contributor




CMB is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • maybe this should be on Information Security

    – phuclv
    2 hours ago











  • @phuclv Thanks. I couldn't decide where to post this. I didn't know there was a sub site for information security.

    – CMB
    2 hours ago














1












1








1


0






For any passwords other than websites I log into regularly (such as gmail, facebook, etc), I use APG to generate a random 20 character password. I then add that password and a username or email address to a text file I keep stored in an encrypted Veracrypt volume (password for that exists solely in my head).



In light of this new breach, I'm planning to go through and change some of my passwords, and I'm wondering about the benefits of using a password manager such as Encryptr or Gnome Keyring. I usually use Mint with Cinnamon.



Is storing passwords in an encrypted file considered adequate for most peoples' needs? Even if it is, are there other benefits to using a password manager?










share|improve this question









New contributor




CMB is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












For any passwords other than websites I log into regularly (such as gmail, facebook, etc), I use APG to generate a random 20 character password. I then add that password and a username or email address to a text file I keep stored in an encrypted Veracrypt volume (password for that exists solely in my head).



In light of this new breach, I'm planning to go through and change some of my passwords, and I'm wondering about the benefits of using a password manager such as Encryptr or Gnome Keyring. I usually use Mint with Cinnamon.



Is storing passwords in an encrypted file considered adequate for most peoples' needs? Even if it is, are there other benefits to using a password manager?







security encryption passwords password-management internet-security






share|improve this question









New contributor




CMB is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




CMB is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 2 hours ago









Blackwood

2,88861728




2,88861728






New contributor




CMB is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 3 hours ago









CMBCMB

122




122




New contributor




CMB is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





CMB is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






CMB is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.













  • maybe this should be on Information Security

    – phuclv
    2 hours ago











  • @phuclv Thanks. I couldn't decide where to post this. I didn't know there was a sub site for information security.

    – CMB
    2 hours ago



















  • maybe this should be on Information Security

    – phuclv
    2 hours ago











  • @phuclv Thanks. I couldn't decide where to post this. I didn't know there was a sub site for information security.

    – CMB
    2 hours ago

















maybe this should be on Information Security

– phuclv
2 hours ago





maybe this should be on Information Security

– phuclv
2 hours ago













@phuclv Thanks. I couldn't decide where to post this. I didn't know there was a sub site for information security.

– CMB
2 hours ago





@phuclv Thanks. I couldn't decide where to post this. I didn't know there was a sub site for information security.

– CMB
2 hours ago










2 Answers
2






active

oldest

votes


















3














Having an encrypted text file with passwords in it is certainly better then having shared passwords or an unencrypted file.



A good password manager is, however, incrementally better, in the following ways (off the top of my head)




  • Better memory management - it can prevent passwords being left in computer memory which can be snaffled by other processes/users.

  • It only exposes the needed password, not all of them.

  • (Sometimes) Browser integration makes life easier

  • Many eyes - a program designed specifically for password management, and audited, likely has stronger processes in place to ensure good hygene.

  • Cross-platform compatibility, arguably easier to merge records and manage in a cloud environment/from multiple locations.


You might want to look at Keepass and other variants, and the kdbx format. (And how well its supported). I use that under Linux (I assume you use linux as you mention APG)






share|improve this answer
























  • Yes, I use Mint. I didn't realize Keepass worked on linux.

    – CMB
    2 hours ago











  • apt install keepass2

    – davidgo
    2 hours ago











  • Also, you may find kpcli helpful.

    – davidgo
    2 hours ago











  • Cool, thanks. Does using keepass make cross-platform a problem? For example, if I want to login from android, is there a way to sync passwords across devices?

    – CMB
    2 hours ago











  • I've not used it on Android yet, but it should work OK if you have a shared system like Dropbox, or even use Webdav or any of a number of mechanisms (included in keepass2Android for example)

    – davidgo
    2 hours ago



















0














KeePass works well on Windows and Linux. There are apps for Android and IOS. Put your kdbx file on Dropbox and use a key file only on your devices for extra security to your master password. You can even store certificates as attachments, generate complex passwords and autotype. It's excellent.






share|improve this answer








New contributor




bruceskyaus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });






    CMB is a new contributor. Be nice, and check out our Code of Conduct.










    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1395612%2fis-a-password-manager-better-than-an-encrypted-file-for-storing-passwords%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    3














    Having an encrypted text file with passwords in it is certainly better then having shared passwords or an unencrypted file.



    A good password manager is, however, incrementally better, in the following ways (off the top of my head)




    • Better memory management - it can prevent passwords being left in computer memory which can be snaffled by other processes/users.

    • It only exposes the needed password, not all of them.

    • (Sometimes) Browser integration makes life easier

    • Many eyes - a program designed specifically for password management, and audited, likely has stronger processes in place to ensure good hygene.

    • Cross-platform compatibility, arguably easier to merge records and manage in a cloud environment/from multiple locations.


    You might want to look at Keepass and other variants, and the kdbx format. (And how well its supported). I use that under Linux (I assume you use linux as you mention APG)






    share|improve this answer
























    • Yes, I use Mint. I didn't realize Keepass worked on linux.

      – CMB
      2 hours ago











    • apt install keepass2

      – davidgo
      2 hours ago











    • Also, you may find kpcli helpful.

      – davidgo
      2 hours ago











    • Cool, thanks. Does using keepass make cross-platform a problem? For example, if I want to login from android, is there a way to sync passwords across devices?

      – CMB
      2 hours ago











    • I've not used it on Android yet, but it should work OK if you have a shared system like Dropbox, or even use Webdav or any of a number of mechanisms (included in keepass2Android for example)

      – davidgo
      2 hours ago
















    3














    Having an encrypted text file with passwords in it is certainly better then having shared passwords or an unencrypted file.



    A good password manager is, however, incrementally better, in the following ways (off the top of my head)




    • Better memory management - it can prevent passwords being left in computer memory which can be snaffled by other processes/users.

    • It only exposes the needed password, not all of them.

    • (Sometimes) Browser integration makes life easier

    • Many eyes - a program designed specifically for password management, and audited, likely has stronger processes in place to ensure good hygene.

    • Cross-platform compatibility, arguably easier to merge records and manage in a cloud environment/from multiple locations.


    You might want to look at Keepass and other variants, and the kdbx format. (And how well its supported). I use that under Linux (I assume you use linux as you mention APG)






    share|improve this answer
























    • Yes, I use Mint. I didn't realize Keepass worked on linux.

      – CMB
      2 hours ago











    • apt install keepass2

      – davidgo
      2 hours ago











    • Also, you may find kpcli helpful.

      – davidgo
      2 hours ago











    • Cool, thanks. Does using keepass make cross-platform a problem? For example, if I want to login from android, is there a way to sync passwords across devices?

      – CMB
      2 hours ago











    • I've not used it on Android yet, but it should work OK if you have a shared system like Dropbox, or even use Webdav or any of a number of mechanisms (included in keepass2Android for example)

      – davidgo
      2 hours ago














    3












    3








    3







    Having an encrypted text file with passwords in it is certainly better then having shared passwords or an unencrypted file.



    A good password manager is, however, incrementally better, in the following ways (off the top of my head)




    • Better memory management - it can prevent passwords being left in computer memory which can be snaffled by other processes/users.

    • It only exposes the needed password, not all of them.

    • (Sometimes) Browser integration makes life easier

    • Many eyes - a program designed specifically for password management, and audited, likely has stronger processes in place to ensure good hygene.

    • Cross-platform compatibility, arguably easier to merge records and manage in a cloud environment/from multiple locations.


    You might want to look at Keepass and other variants, and the kdbx format. (And how well its supported). I use that under Linux (I assume you use linux as you mention APG)






    share|improve this answer













    Having an encrypted text file with passwords in it is certainly better then having shared passwords or an unencrypted file.



    A good password manager is, however, incrementally better, in the following ways (off the top of my head)




    • Better memory management - it can prevent passwords being left in computer memory which can be snaffled by other processes/users.

    • It only exposes the needed password, not all of them.

    • (Sometimes) Browser integration makes life easier

    • Many eyes - a program designed specifically for password management, and audited, likely has stronger processes in place to ensure good hygene.

    • Cross-platform compatibility, arguably easier to merge records and manage in a cloud environment/from multiple locations.


    You might want to look at Keepass and other variants, and the kdbx format. (And how well its supported). I use that under Linux (I assume you use linux as you mention APG)







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered 3 hours ago









    davidgodavidgo

    43.2k75290




    43.2k75290













    • Yes, I use Mint. I didn't realize Keepass worked on linux.

      – CMB
      2 hours ago











    • apt install keepass2

      – davidgo
      2 hours ago











    • Also, you may find kpcli helpful.

      – davidgo
      2 hours ago











    • Cool, thanks. Does using keepass make cross-platform a problem? For example, if I want to login from android, is there a way to sync passwords across devices?

      – CMB
      2 hours ago











    • I've not used it on Android yet, but it should work OK if you have a shared system like Dropbox, or even use Webdav or any of a number of mechanisms (included in keepass2Android for example)

      – davidgo
      2 hours ago



















    • Yes, I use Mint. I didn't realize Keepass worked on linux.

      – CMB
      2 hours ago











    • apt install keepass2

      – davidgo
      2 hours ago











    • Also, you may find kpcli helpful.

      – davidgo
      2 hours ago











    • Cool, thanks. Does using keepass make cross-platform a problem? For example, if I want to login from android, is there a way to sync passwords across devices?

      – CMB
      2 hours ago











    • I've not used it on Android yet, but it should work OK if you have a shared system like Dropbox, or even use Webdav or any of a number of mechanisms (included in keepass2Android for example)

      – davidgo
      2 hours ago

















    Yes, I use Mint. I didn't realize Keepass worked on linux.

    – CMB
    2 hours ago





    Yes, I use Mint. I didn't realize Keepass worked on linux.

    – CMB
    2 hours ago













    apt install keepass2

    – davidgo
    2 hours ago





    apt install keepass2

    – davidgo
    2 hours ago













    Also, you may find kpcli helpful.

    – davidgo
    2 hours ago





    Also, you may find kpcli helpful.

    – davidgo
    2 hours ago













    Cool, thanks. Does using keepass make cross-platform a problem? For example, if I want to login from android, is there a way to sync passwords across devices?

    – CMB
    2 hours ago





    Cool, thanks. Does using keepass make cross-platform a problem? For example, if I want to login from android, is there a way to sync passwords across devices?

    – CMB
    2 hours ago













    I've not used it on Android yet, but it should work OK if you have a shared system like Dropbox, or even use Webdav or any of a number of mechanisms (included in keepass2Android for example)

    – davidgo
    2 hours ago





    I've not used it on Android yet, but it should work OK if you have a shared system like Dropbox, or even use Webdav or any of a number of mechanisms (included in keepass2Android for example)

    – davidgo
    2 hours ago













    0














    KeePass works well on Windows and Linux. There are apps for Android and IOS. Put your kdbx file on Dropbox and use a key file only on your devices for extra security to your master password. You can even store certificates as attachments, generate complex passwords and autotype. It's excellent.






    share|improve this answer








    New contributor




    bruceskyaus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.

























      0














      KeePass works well on Windows and Linux. There are apps for Android and IOS. Put your kdbx file on Dropbox and use a key file only on your devices for extra security to your master password. You can even store certificates as attachments, generate complex passwords and autotype. It's excellent.






      share|improve this answer








      New contributor




      bruceskyaus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.























        0












        0








        0







        KeePass works well on Windows and Linux. There are apps for Android and IOS. Put your kdbx file on Dropbox and use a key file only on your devices for extra security to your master password. You can even store certificates as attachments, generate complex passwords and autotype. It's excellent.






        share|improve this answer








        New contributor




        bruceskyaus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.










        KeePass works well on Windows and Linux. There are apps for Android and IOS. Put your kdbx file on Dropbox and use a key file only on your devices for extra security to your master password. You can even store certificates as attachments, generate complex passwords and autotype. It's excellent.







        share|improve this answer








        New contributor




        bruceskyaus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        share|improve this answer



        share|improve this answer






        New contributor




        bruceskyaus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        answered 25 mins ago









        bruceskyausbruceskyaus

        1011




        1011




        New contributor




        bruceskyaus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.





        New contributor





        bruceskyaus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






        bruceskyaus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






















            CMB is a new contributor. Be nice, and check out our Code of Conduct.










            draft saved

            draft discarded


















            CMB is a new contributor. Be nice, and check out our Code of Conduct.













            CMB is a new contributor. Be nice, and check out our Code of Conduct.












            CMB is a new contributor. Be nice, and check out our Code of Conduct.
















            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1395612%2fis-a-password-manager-better-than-an-encrypted-file-for-storing-passwords%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            How to make a Squid Proxy server?

            Is this a new Fibonacci Identity?

            19世紀