| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
Things to consider.
| 4.1 Cleanups that need doing | ||
| 4.2 Shell history | ||
| 4.3 Best gnu-pw-mgr practices | ||
| 4.4 Password reset arrangements |
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
It is entirely possible that there are some web sites out there with password requirements that this program cannot (at present) necessarily comply with. There are some possible workarounds:
--use-pbkdf2 option), that would be faster and easier than implementing
a new option.
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
It is imprudent to leave your invocations in your shell history. These are often stored away in your home directory, unless you do something to keep it out of your history. It should not be the end of the world because it is troublesome to also obtain the configuration file. Still, it is not wise to tempt fate.
If you use BASH for your shell,
HISTCONTROL=ignorespace:ignoredups HISTIGNORE=gnu-pw-mgr * unset HISTFILE |
are your friends. Press the space bar before the command name, or specify that anything that looks like a “gnu-pw-mgr” command should be ignored or eliminate history entirely.
Also, if you put your password id’s on the command line, they become part of the process history and can be found. If that is a conceivable problem, then you may prefer to not put it on the command line and then type it in in response to a prompt. Your password id will not be echoed back as you type it.
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
Try out several password id transforms before changing all your passwords on all your sites. You may decide it is too hard or too easy and want to change it. However, once you have gone to the trouble of changing the passwords on a lot of sites, you won’t be especially eager to do it again. So, play with it on one site you use a lot, change the password a lot as you change the transform and then make a good decision.
Once you need to or are required to change a password, simply specify a new “–use-pbkdf2” value for that password id. You may see its current value by specifying “–status”.
When choosing your password id transform, use things that you can easily remember. Especially if some nonsense thing can be easily remembered. Separate the components with unusual things like multiple punctuation characters. Do odd things with the top level domain. cApitaliZe strangely. Use a slightly different transform for financial institutions. If someone gets ahold of your seed file, you want to hope that a dictionary attack will not be readily successful.
But lastly and most important: be sure you can remember your transform(s). If you forget, your password is gone. So choose what you can remember and be consistent.
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
Some sites will allow you to set up password resets using alternate channels (i.e. not your primary email address). Take advantage of this whenever possible. If someone gains access to your email, you don’t want them to reset all your passwords, intercept the restore access emails and, thus, gain access to all your password protected accounts.
| [ << ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
This document was generated by Bruce Korb on June 30, 2018 using texi2html 1.82.