I mentioned several posts ago that my old Yahoo account had been hacked and that, as a result, I was madly changing passwords on everything I’d ever touched. I’m happy to report that this seems to have done the trick: no more dodgy sign-ins from the likes of Peru or Slovenia, for example, and no more spam (as far as I can tell) being sent from my old yahoo email account.
I also mentioned earlier that I was now keeping all my passwords in the completely zero-cost password manager called Keepass. Not only do I store the passwords there, I also get Keepass to generate the passwords in the first place… properly randomised, upper- and lower-case, plus numerals, plus special characters: you get the idea! In fact, I now don’t know what my passwords are to anything! If I need to log in to something, I simply run Keepass, copy the encrypted password into the clipboard (from which it is auto-cleaned after 30 seconds) and paste it into the password field. I know my Gmail password is 64 characters long, therefore, but I don’t know anything else about it and, so long as I can run Keepass, I don’t need to.
It’s a little fiddly, perhaps. But it’s definitely a more secure way to do things.
Provided I can run Windows, that is, because Keepass is a Windows-only application. (Yeah, a security product running on Windows… quit the laughing already!)
I only realised this flaw in my methodology when I got stuck on one of my old PCs which happened to have Fedora 15 x86_64 installed on it and found I couldn’t log in to anything!
Happily, there is a (fiddly) workaround: there’s an equivalent product, called KeepassX, which will run on Linux, provided you compile it from source. Doing that is just a little trickier than I’d like, so here’s the Fedora 15 64-bit recipe for doing that, should it be needed in future:
Download the KeepassX software. Save it to a convenient place: I use my Desktop folder.
Right-click the downloaded .tar.gz file and select ‘extract here’. You should end up with a directory called keepassx-0.4.3
As root, issue this command to install a necessary prerequisite: yum install libXtst-devel
As root, cd to the new keepassx-0.4.3 subdirectory and run the command: yum install mingw32-qt-qmake
Still as root, run the command: /usr/lib64/qt4/bin/qmake
Still as root, run the command: make
Still as root, run the command make install
You should now be able to type the command keepassx in a terminal session as yourself and have the software run correctly.
The only other issue you’ll have is that if you’ve used the latest version of Keepass on Windows (version 2.something or other) to create your password ‘vault’, you won’t be able to open it in the Linux version (which is compatible only with version 1.x) because of file format changes between versions. Happily, if you go back to the Windows version and select File → Export, you’ll be able to output a copy of your vault in 1.x format, which KeepassX will then be able to read without drama.
Which only leaves the small matter of saving the password vault (and its 1.x equivalent) on an encrypted USB thumb drive. On Windows, I use
Truecrypt Veracrypt to encrypt the entire device (and to subsequently mount and unmount it) -and, happily, it’s available for Linux as well. Installation is straightforward -it’s usually in most distro’s repositories.
You now just run Veracrypt, which behaves exactly as it does under Windows. The only slight twist is that when you mount your thumb drive, Veracrypt will first prompt you for the encrypted device’s master password, which is fine. But it will then prompt you for your Linux user account’s password -which may well not have the necessary privileges to mount devices. If that’s the case, it will complain that it ‘Failed to obtain administrator privileges: hjr is not in the sudoers file’.
Which, finally, prompts the inevitable question: how do I add myself to the sudoers file, then?! Easy: as root, issue this command:
echo ‘hjr ALL=(ALL) ALL’ >> /etc/sudoers.
(Use your own username, obviously, unless you too happen to log on to your OSes as ‘hjr’!) As soon as you’ve done that, re-run Veracrypt as yourself and you should be able to mount and dismount the encrypted thumb drive at will.