Blog Post
Choosing a Password Manager for Linux

Choosing a Password Manager for Linux

About a decade ago, password management wasn’t a critical issue, and most Internet users had only a few of them to remember. Typically it was an e-mail, maybe a login to online forums, or a MUD game from even older times (who still remembers those?). Things have drastically changed, and there are currently 4.6 billion people who use the Internet to watch movies, shop, make money, advertise, teach Python online courses, and whatever else you can think of.

And most of the services that people are using online are usually hidden behind a password, especially those that include money transactions. Instead of having to remember only a few simple passwords, there’s a necessity to have dozens of them for each different service. Moreover, cybercriminals were fast to exploit it, and credential-stuffing attacks are increasing for some time now.

So whatever OS a person is using, be it a more secure Linux or Android or any other, password management is an online problem that can target anyone. However, a solution was developed quite some time ago, with some password managers dating as early as the start of the century.

How Do Password Managers Solve the Issue?

At first glance, password managers might look like a very simple piece of software that’s not doing much. The reality is different. Password managers use cryptography, and cloud-based solutions, and use zero-knowledge architecture to secure users’ passwords. They facilitate the use of complex combinations for our passwords, which is of utmost importance since studies reveal that the most popular passwords still are “123456”, “password”, “qwerty123”, and alike.

The problem with weak and reused passwords is that they’re easily hacked. The most straightforward way to do that is by brute-forcing, trying millions of different password combinations until you get a hit. Needless to say, “123456” would break pretty quickly, leaving an account exposed. A more sophisticated method would be to use a Rainbow Table, a list of pre-computed hashes and values used when encrypting a password. Once again, hash values of primitive passwords have most likely appeared on one rainbow table or another, causing such credential stuffing attack spikes as in the Disney+ streaming service release.

Back to password managers. First of all, they take all of the user passwords and store them in an encrypted vault.

There are two solutions: 1) the encrypted vault is kept locally on the users’ device; 2) the cloud-based solution keeps an encrypted vault in the cloud. Both have advantages and disadvantages. Local storage solutions lack cross-device compatibility, which became paramount when smartphones became an everyday thing. However, keeping the vault locally prevents it from leaking from an unsecured cloud.

Cloud-Based Solutions

Cloud-based solutions are probably the most popular choice since encryption takes care of possible data leaks. Even if a vault leaks (and good password managers secure their servers adequately to prevent that from happening), it’s encrypted with the latest encryption algorithms (for example, NordPass – a cloud-based solution – uses a relatively recent XChaCha20 encryption algorithm), which, with the current state of computing power – are nearly impossible to break. Users should be aware that not all password managers use the most up-to-date encryption, and some of them might be broken more easily, leaking your passwords all over the Internet.

Another thing to notice in a cloud-based solution is that the vault is encrypted and decrypted on the device level. After the passwords’ additions and edits have been made, the vault is encrypted locally and only then sent to the server. This is in relation to zero-knowledge architecture. If the decryption of the vault would commence on a cloud server, the user would have to provide the master password. And having both the vault and the master password on an online server is risky, to say the least.

To solve this issue, cybersecurity experts and password manager developers found a way to authenticate a user without knowing its master password. This is what’s called zero-knowledge architecture. It means that the master password is accessible only to the user and nobody else. One way or another, there’s always a chance of a server leaking information or a sophisticated hack attack penetrating the defenses to steal the vaults. But if there’s no master password to open, the vaults are useless, and brute-forcing them would take decades to achieve with the current technology.

What’s a Good Password Manager for Linux?

Linux is a major Operating System powering vast server networks and a frequent primary choice of cybersecurity specialists. Because of its popularity, most well-developed password managers have native Apps for Linux, so there’s a lot to choose from.

Some of them, like NordPass, were developed for ease of use, so for users who have never tried a password manager and only want an efficient and fast solution to a password management problem, this might be an excellent choice. It comes with an inbuilt password generator and a data breach scanner, which alerts if your password has been leaked and requires changing.

And for a local password storage solution KeePass is one of the better-known password managers, although it’s recommended only for advanced users. It has a somewhat chaotic history, beginning with KeePass, which didn’t have a Linux version. A separate program – KeePassX – was launched for Linux, but then KeePass released a Linux version, and then another one called KeePassXC with additional improvements. So, right now, there are three KeePass versions that all run on Linux – it’s your right to choose since they’re all different.

Furthermore, KeePass is open-source, which is particularly popular among Linux users.

To summarize, the facts show that password-related hack attacks are becoming more popular and profitable, and it’s necessary to use additional software to protect online accounts. There are tons of good password managers to choose from with specific reviews which are best for Linux, alongside the two mentioned in this article.

Related posts

Leave a Reply

Required fields are marked *

Copyright © 2022 All rights reserved.