If you either manage a number of systems (regardless of platform), or simply have a lot of passwords for computers, services, sites, and so forth, keeping track of those authentication credentials can be a serious strain to your memory. On top of that, these days passwords should not be such that you can easily memorize them. The more challenging they are, the harder they are to crack. Because of this, anyone with more than one password necessary to navigate through the daily grind (which would be just about everyone) should immediately make use of a password manager.
“What is a password manager,” you ask? Simple: A password manager is a tool that allows you to save authentication credentials within an encrypted “vault.” That vault only requires a single password for you to gain entry. Once you’ve entered the main password, you then have access to all of your credentials. Most password managers allow you not only to save usernames and passwords but also associated URLs and notes. Some even offer random password generators, so when you need to create a new, complicated password, all you have to do is click a single button.
But, which password managers are available for Linux and are worthy of your time? I have collected two that I believe do the best job of safe-keeping your passwords with the most user-friendly interfaces. I want to avoid web-based password managers and stick with desktop GUI tools only. Those criteria leave me with the two that I think are the best in breed.
One thing to understand about password managers is that they truly are only as strong as the master password you set. Set a master password of password, and all of your authentication credentials will be easy pickin’s. If you want to get the most out of these tools, it is imperative that you set a very challenging master password. Use a combination of caps, lowercase, symbols, and numbers.
With that said, let’s dive in and see what the best password manager GUI tools for Linux have to offer.
Password Gorilla has been my go-to for a long time. One of the reasons I’ve always liked this particular take on the password manager is its simplicity. You create databases of passwords (each database encrypted by a master password) and then add groups and subgroups to the database. To each group or subgroup you can then add a login.
Password Gorilla can be installed from the standard repositories and works on most modern Linux distributions. Once installed, you will have to first set a master password for the database. With the master password set, the main window will open, displaying an empty database. The first thing you will want to do is create groups (Figure 1), so you can better organize your passwords. How you define these groups is up to you.
To create a group, right-click the New Database listing and then select Add Subgroup (which will be a subgroup to the main database). Give the subgroup a name, then click OK. You can now create a subgroup to the newly created group. Select the group you just created and then click Add Subgroup. Give the new subgroup a name and click OK.
After you’ve created all your groups/subgroups, you can right-click either a group or subgroup and then click Add Login. Enter the details for the new login (Figure 2) and click OK.
Password Gorilla does include a password generator that you can use when adding a new login to a group.
One nice feature of Password Gorilla is that you can set the lock after idle time. By default Password Gorilla will lock a database after five minutes of idle time. You can set that in File > Preferences > Defaults > Lock when idle after (Figure 3).
Another outstanding feature included in Password Gorilla is the ability to create your own password policy. With this, you can ensure that random passwords, generated by the tool, always meet your particular criteria. To use this feature, click Security > Password Policy and then (in the new window) edit the default policy to suit your needs (Figure 4).
KeePassX is one of the more popular password managers for the Linux platform. KeePassX can also be installed from the standard repositories of most Linux distributions. This take on the password manager offers many of the same features as Password Gorilla, but it also includes the ability to protect a database with a key file.
Let’s say, for example, you have a key file generated by the gpg command. You can use that key to lock your database. To do this, you will need to have exported your gpg key and named it with the .key extension.
To export you gpg key in this fashion, you could issue the command gpg –armor –export EMAIL ADDRESS FOR KEY > name.key (Where EMAIL ADDRESS FOR KEY is the email address associated with the gpg key you want to use, and name is the name you’ll use for the key). To be safe, save that file on a thumbdrive or in a hidden location (otherwise, anyone could happen upon the key and open your password manager).
Once you have that key in place, do the following:
Click Database > New Database (Figure 5)
When prompted add a master password and verify the password
Check the box for Key File
Click the Browse button
Navigate to where your .key file is housed and select the file
You should now immediately save your new database. Click the Save button, navigate to where you want the database to be saved, give the database a name, and click Save. Your database is good to go.
When you want to open this newly created database, you’ll have to enter the database master password and locate the keyfile. If you do not have both the master password and the keyfile, you will not be able to gain access to the delights within. Now you can create groups, subgroups, and entries in similar fashion to Password Gorilla.
Step Up Your Password Game
It’s time you started working with a password manager. Period. Plenty of options are available (even web-based tools like LastPass), but you cannot go wrong with either Password Gorilla or KeePassX. Give one of these tools a try and see if one (or both) doesn’t perfectly fill the gaping hole you have in the realm of password security.