Is a password manager better than an encrypted file for storing passwords?
Clash Royale CLAN TAG#URR8PPP
For any passwords other than websites I log into regularly (such as Gmail, Facebook, etc.), I use apg
to generate a random 20 character password. I then add that password and a username or email address to a text file I keep stored in an encrypted VeraCrypt volume (password for that exists solely in my head).
In light of the Collection #1 breach, I'm planning to go through and change some of my passwords, and I'm wondering about the benefits of using a password manager such as Encryptr or Gnome Keyring. I usually use Mint with Cinnamon.
Is storing passwords in an encrypted file considered adequate for most peoples' needs? Even if it is, are there other benefits to using a password manager?
encryption passwords password-management
migrated from superuser.com Jan 18 at 17:56
This question came from our site for computer enthusiasts and power users.
add a comment |
For any passwords other than websites I log into regularly (such as Gmail, Facebook, etc.), I use apg
to generate a random 20 character password. I then add that password and a username or email address to a text file I keep stored in an encrypted VeraCrypt volume (password for that exists solely in my head).
In light of the Collection #1 breach, I'm planning to go through and change some of my passwords, and I'm wondering about the benefits of using a password manager such as Encryptr or Gnome Keyring. I usually use Mint with Cinnamon.
Is storing passwords in an encrypted file considered adequate for most peoples' needs? Even if it is, are there other benefits to using a password manager?
encryption passwords password-management
migrated from superuser.com Jan 18 at 17:56
This question came from our site for computer enthusiasts and power users.
Please ping me if this is not a helpful migration. Thanks! (SU ♦)
– studiohack
Jan 18 at 17:57
@studiohack Not a problem. Thanks for migrating it.
– CMB
Jan 18 at 21:22
1
A password manager is special-purpose encrypted file with some additional features and better hardening against potential attacks.
– caw
Jan 20 at 22:46
add a comment |
For any passwords other than websites I log into regularly (such as Gmail, Facebook, etc.), I use apg
to generate a random 20 character password. I then add that password and a username or email address to a text file I keep stored in an encrypted VeraCrypt volume (password for that exists solely in my head).
In light of the Collection #1 breach, I'm planning to go through and change some of my passwords, and I'm wondering about the benefits of using a password manager such as Encryptr or Gnome Keyring. I usually use Mint with Cinnamon.
Is storing passwords in an encrypted file considered adequate for most peoples' needs? Even if it is, are there other benefits to using a password manager?
encryption passwords password-management
For any passwords other than websites I log into regularly (such as Gmail, Facebook, etc.), I use apg
to generate a random 20 character password. I then add that password and a username or email address to a text file I keep stored in an encrypted VeraCrypt volume (password for that exists solely in my head).
In light of the Collection #1 breach, I'm planning to go through and change some of my passwords, and I'm wondering about the benefits of using a password manager such as Encryptr or Gnome Keyring. I usually use Mint with Cinnamon.
Is storing passwords in an encrypted file considered adequate for most peoples' needs? Even if it is, are there other benefits to using a password manager?
encryption passwords password-management
encryption passwords password-management
asked Jan 18 at 3:46
CMBCMB
1273
1273
migrated from superuser.com Jan 18 at 17:56
This question came from our site for computer enthusiasts and power users.
migrated from superuser.com Jan 18 at 17:56
This question came from our site for computer enthusiasts and power users.
Please ping me if this is not a helpful migration. Thanks! (SU ♦)
– studiohack
Jan 18 at 17:57
@studiohack Not a problem. Thanks for migrating it.
– CMB
Jan 18 at 21:22
1
A password manager is special-purpose encrypted file with some additional features and better hardening against potential attacks.
– caw
Jan 20 at 22:46
add a comment |
Please ping me if this is not a helpful migration. Thanks! (SU ♦)
– studiohack
Jan 18 at 17:57
@studiohack Not a problem. Thanks for migrating it.
– CMB
Jan 18 at 21:22
1
A password manager is special-purpose encrypted file with some additional features and better hardening against potential attacks.
– caw
Jan 20 at 22:46
Please ping me if this is not a helpful migration. Thanks! (SU ♦)
– studiohack
Jan 18 at 17:57
Please ping me if this is not a helpful migration. Thanks! (SU ♦)
– studiohack
Jan 18 at 17:57
@studiohack Not a problem. Thanks for migrating it.
– CMB
Jan 18 at 21:22
@studiohack Not a problem. Thanks for migrating it.
– CMB
Jan 18 at 21:22
1
1
A password manager is special-purpose encrypted file with some additional features and better hardening against potential attacks.
– caw
Jan 20 at 22:46
A password manager is special-purpose encrypted file with some additional features and better hardening against potential attacks.
– caw
Jan 20 at 22:46
add a comment |
1 Answer
1
active
oldest
votes
Having an encrypted text file with passwords in it is certainly better then having common/reused passwords or an unencrypted file.
A good password manager is, however, incrementally better, in the following ways (off the top of my head)
- Better memory management - it can prevent passwords being left in computer memory which can be snaffled by other processes/users.
- It only exposes the needed password, not all of them.
- (Sometimes) Browser integration makes life easier
- Many eyes - a program designed specifically for password management, and audited, likely has stronger processes in place to ensure good hygene.
- Cross-platform compatibility, arguably easier to merge records and manage in a cloud environment/from multiple locations.
You might want to look at Keepass and other variants, and the kdbx format. (And how well its supported). I use that under Linux (I assume you use linux as you mention APG)
10
With a password manager you can even copy passwords without showing them on the screen, so people around you won't even see that one password.
– Máté Juhász
Jan 18 at 6:31
6
Not to mention that a password manager can autogenerate very strong, random passwords, using a variety of algorithms.
– Ian Kemp
Jan 18 at 7:45
9
Browser integration does not only make life easier; it's also a great way to avoid phishing. A website can fool a user, but definitely not the browser and an extension. If you try to log into a site and password autocompletion doesn't kick in, it's a red flag!
– Fabio Turati
Jan 18 at 10:10
4
My worry with password managers is that they seem a very likely target for a hack. Whereas the secured file stored locally on my machine or usb-drive are not (assumptions on my part).
– Deruijter
Jan 18 at 14:41
2
Password manager can provide an automatic close and lock after a certain length of time, if you walk away and forget to close your encrypted text file it is unlikely to close itself.
– user3067860
Jan 18 at 17:47
|
show 13 more comments
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f201739%2fis-a-password-manager-better-than-an-encrypted-file-for-storing-passwords%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Having an encrypted text file with passwords in it is certainly better then having common/reused passwords or an unencrypted file.
A good password manager is, however, incrementally better, in the following ways (off the top of my head)
- Better memory management - it can prevent passwords being left in computer memory which can be snaffled by other processes/users.
- It only exposes the needed password, not all of them.
- (Sometimes) Browser integration makes life easier
- Many eyes - a program designed specifically for password management, and audited, likely has stronger processes in place to ensure good hygene.
- Cross-platform compatibility, arguably easier to merge records and manage in a cloud environment/from multiple locations.
You might want to look at Keepass and other variants, and the kdbx format. (And how well its supported). I use that under Linux (I assume you use linux as you mention APG)
10
With a password manager you can even copy passwords without showing them on the screen, so people around you won't even see that one password.
– Máté Juhász
Jan 18 at 6:31
6
Not to mention that a password manager can autogenerate very strong, random passwords, using a variety of algorithms.
– Ian Kemp
Jan 18 at 7:45
9
Browser integration does not only make life easier; it's also a great way to avoid phishing. A website can fool a user, but definitely not the browser and an extension. If you try to log into a site and password autocompletion doesn't kick in, it's a red flag!
– Fabio Turati
Jan 18 at 10:10
4
My worry with password managers is that they seem a very likely target for a hack. Whereas the secured file stored locally on my machine or usb-drive are not (assumptions on my part).
– Deruijter
Jan 18 at 14:41
2
Password manager can provide an automatic close and lock after a certain length of time, if you walk away and forget to close your encrypted text file it is unlikely to close itself.
– user3067860
Jan 18 at 17:47
|
show 13 more comments
Having an encrypted text file with passwords in it is certainly better then having common/reused passwords or an unencrypted file.
A good password manager is, however, incrementally better, in the following ways (off the top of my head)
- Better memory management - it can prevent passwords being left in computer memory which can be snaffled by other processes/users.
- It only exposes the needed password, not all of them.
- (Sometimes) Browser integration makes life easier
- Many eyes - a program designed specifically for password management, and audited, likely has stronger processes in place to ensure good hygene.
- Cross-platform compatibility, arguably easier to merge records and manage in a cloud environment/from multiple locations.
You might want to look at Keepass and other variants, and the kdbx format. (And how well its supported). I use that under Linux (I assume you use linux as you mention APG)
10
With a password manager you can even copy passwords without showing them on the screen, so people around you won't even see that one password.
– Máté Juhász
Jan 18 at 6:31
6
Not to mention that a password manager can autogenerate very strong, random passwords, using a variety of algorithms.
– Ian Kemp
Jan 18 at 7:45
9
Browser integration does not only make life easier; it's also a great way to avoid phishing. A website can fool a user, but definitely not the browser and an extension. If you try to log into a site and password autocompletion doesn't kick in, it's a red flag!
– Fabio Turati
Jan 18 at 10:10
4
My worry with password managers is that they seem a very likely target for a hack. Whereas the secured file stored locally on my machine or usb-drive are not (assumptions on my part).
– Deruijter
Jan 18 at 14:41
2
Password manager can provide an automatic close and lock after a certain length of time, if you walk away and forget to close your encrypted text file it is unlikely to close itself.
– user3067860
Jan 18 at 17:47
|
show 13 more comments
Having an encrypted text file with passwords in it is certainly better then having common/reused passwords or an unencrypted file.
A good password manager is, however, incrementally better, in the following ways (off the top of my head)
- Better memory management - it can prevent passwords being left in computer memory which can be snaffled by other processes/users.
- It only exposes the needed password, not all of them.
- (Sometimes) Browser integration makes life easier
- Many eyes - a program designed specifically for password management, and audited, likely has stronger processes in place to ensure good hygene.
- Cross-platform compatibility, arguably easier to merge records and manage in a cloud environment/from multiple locations.
You might want to look at Keepass and other variants, and the kdbx format. (And how well its supported). I use that under Linux (I assume you use linux as you mention APG)
Having an encrypted text file with passwords in it is certainly better then having common/reused passwords or an unencrypted file.
A good password manager is, however, incrementally better, in the following ways (off the top of my head)
- Better memory management - it can prevent passwords being left in computer memory which can be snaffled by other processes/users.
- It only exposes the needed password, not all of them.
- (Sometimes) Browser integration makes life easier
- Many eyes - a program designed specifically for password management, and audited, likely has stronger processes in place to ensure good hygene.
- Cross-platform compatibility, arguably easier to merge records and manage in a cloud environment/from multiple locations.
You might want to look at Keepass and other variants, and the kdbx format. (And how well its supported). I use that under Linux (I assume you use linux as you mention APG)
answered Jan 18 at 4:10
davidgodavidgo
46049
46049
10
With a password manager you can even copy passwords without showing them on the screen, so people around you won't even see that one password.
– Máté Juhász
Jan 18 at 6:31
6
Not to mention that a password manager can autogenerate very strong, random passwords, using a variety of algorithms.
– Ian Kemp
Jan 18 at 7:45
9
Browser integration does not only make life easier; it's also a great way to avoid phishing. A website can fool a user, but definitely not the browser and an extension. If you try to log into a site and password autocompletion doesn't kick in, it's a red flag!
– Fabio Turati
Jan 18 at 10:10
4
My worry with password managers is that they seem a very likely target for a hack. Whereas the secured file stored locally on my machine or usb-drive are not (assumptions on my part).
– Deruijter
Jan 18 at 14:41
2
Password manager can provide an automatic close and lock after a certain length of time, if you walk away and forget to close your encrypted text file it is unlikely to close itself.
– user3067860
Jan 18 at 17:47
|
show 13 more comments
10
With a password manager you can even copy passwords without showing them on the screen, so people around you won't even see that one password.
– Máté Juhász
Jan 18 at 6:31
6
Not to mention that a password manager can autogenerate very strong, random passwords, using a variety of algorithms.
– Ian Kemp
Jan 18 at 7:45
9
Browser integration does not only make life easier; it's also a great way to avoid phishing. A website can fool a user, but definitely not the browser and an extension. If you try to log into a site and password autocompletion doesn't kick in, it's a red flag!
– Fabio Turati
Jan 18 at 10:10
4
My worry with password managers is that they seem a very likely target for a hack. Whereas the secured file stored locally on my machine or usb-drive are not (assumptions on my part).
– Deruijter
Jan 18 at 14:41
2
Password manager can provide an automatic close and lock after a certain length of time, if you walk away and forget to close your encrypted text file it is unlikely to close itself.
– user3067860
Jan 18 at 17:47
10
10
With a password manager you can even copy passwords without showing them on the screen, so people around you won't even see that one password.
– Máté Juhász
Jan 18 at 6:31
With a password manager you can even copy passwords without showing them on the screen, so people around you won't even see that one password.
– Máté Juhász
Jan 18 at 6:31
6
6
Not to mention that a password manager can autogenerate very strong, random passwords, using a variety of algorithms.
– Ian Kemp
Jan 18 at 7:45
Not to mention that a password manager can autogenerate very strong, random passwords, using a variety of algorithms.
– Ian Kemp
Jan 18 at 7:45
9
9
Browser integration does not only make life easier; it's also a great way to avoid phishing. A website can fool a user, but definitely not the browser and an extension. If you try to log into a site and password autocompletion doesn't kick in, it's a red flag!
– Fabio Turati
Jan 18 at 10:10
Browser integration does not only make life easier; it's also a great way to avoid phishing. A website can fool a user, but definitely not the browser and an extension. If you try to log into a site and password autocompletion doesn't kick in, it's a red flag!
– Fabio Turati
Jan 18 at 10:10
4
4
My worry with password managers is that they seem a very likely target for a hack. Whereas the secured file stored locally on my machine or usb-drive are not (assumptions on my part).
– Deruijter
Jan 18 at 14:41
My worry with password managers is that they seem a very likely target for a hack. Whereas the secured file stored locally on my machine or usb-drive are not (assumptions on my part).
– Deruijter
Jan 18 at 14:41
2
2
Password manager can provide an automatic close and lock after a certain length of time, if you walk away and forget to close your encrypted text file it is unlikely to close itself.
– user3067860
Jan 18 at 17:47
Password manager can provide an automatic close and lock after a certain length of time, if you walk away and forget to close your encrypted text file it is unlikely to close itself.
– user3067860
Jan 18 at 17:47
|
show 13 more comments
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f201739%2fis-a-password-manager-better-than-an-encrypted-file-for-storing-passwords%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Please ping me if this is not a helpful migration. Thanks! (SU ♦)
– studiohack
Jan 18 at 17:57
@studiohack Not a problem. Thanks for migrating it.
– CMB
Jan 18 at 21:22
1
A password manager is special-purpose encrypted file with some additional features and better hardening against potential attacks.
– caw
Jan 20 at 22:46