I mentioned several posts ago that my old Yahoo account had been hacked and that, as a result, I was madly changing passwords on everything I’d ever touched. I’m happy to report that this seems to have done the trick: no more dodgy sign-ins from the likes of Peru or Slovenia, for example, and no more spam (as far as I can tell) being sent from my old yahoo email account.
I also mentioned earlier that I was now keeping all my passwords in the completely zero-cost password manager called Keepass. Not only do I store the passwords there, I also get Keepass to generate the passwords in the first place… properly randomised, upper- and lower-case, plus numerals, plus special characters: you get the idea! In fact, I now don’t know what my passwords are to anything! If I need to log in to something, I simply run Keepass, copy the encrypted password into the clipboard (from which it is auto-cleaned after 30 seconds) and paste it into the password field. I know my Gmail password is 64 characters long, therefore, but I don’t know anything else about it and, so long as I can run Keepass, I don’t need to.
It’s a little fiddly, perhaps. But it’s definitely a more secure way to do things.
Provided I can run Windows, that is, because Keepass is a Windows-only application. (Yeah, a security product running on Windows… quit the laughing already!)
I only realised this flaw in my methodology when I got stuck on one of my old PCs which happened to have Fedora 15 x86_64 installed on it and found I couldn’t log in to anything!
Happily, there is a (fiddly) workaround: there’s an equivalent product, called KeepassX, which will run on Linux, provided you compile it from source. Doing that is just a little trickier than I’d like, so here’s the Fedora 15 64-bit recipe for doing that, should it be needed in future:
- Download the KeepassX software. Save it to a convenient place: I use my Desktop folder.
- Right-click the downloaded .tar.gz file and select ‘extract here’. You should end up with a directory called keepassx-0.4.3
- As root, issue this command to install a necessary prerequisite: yum install libXtst-devel
- As root, cd to the new keepassx-0.4.3 subdirectory and run the command: yum install mingw32-qt-qmake
- Still as root, run the command: /usr/lib64/qt4/bin/qmake
- Still as root, run the command: make
- Still as root, run the command make install
You should now be able to type the command keepassx in a terminal session as yourself and have the software run correctly.
The only other issue you’ll have is that if you’ve used the latest version of Keepass on Windows (version 2.something or other) to create your password ‘vault’, you won’t be able to open it in the Linux version (which is compatible only with version 1.x) because of file format changes between versions. Happily, if you go back to the Windows version and select File -> Export, you’ll be able to output a copy of your vault in 1.x format, which KeepassX will then be able to read without drama.
Which only leaves the small matter of saving the password vault (and its 1.x equivalent) on an encrypted USB thumb drive. On Windows, I use Truecrypt to encrypt the entire device (and to subsequently mount and unmount it) -and, happily, it’s available for Linux as well. Installation is an absolute doddle:
- Download the Linux version of the Standard Truecrypt software (I prefer not to go console-only!)
- Right-click the download and select ‘extract here’
- As root, in a terminal session, invoke the extracted file (which is a shell script) by issuing the command:
Substitute your own path and file name in that lot, obviously.
- Select option 1 (to install Truecrypt), agree to the license… job done.
You now just type the command truecrypt in a terminal session as yourself to run the software, which behaves exactly as it does under Windows. The only slight twist is that when you mount your thumb drive, Truecrypt will first prompt you for the encrypted device’s master password, which is fine. But it will then prompt you for your Linux user account’s password -which may well not have the necessary privileges to mount devices. If that’s the case, it will complain that it ‘Failed to obtain administrator privileges: hjr is not in the sudoers file’.
Which, finally, prompts the inevitable question: how do I add myself to the sudoers file, then?! Easy: as root, issue this command:
echo ‘hjr ALL=(ALL) ALL’ >> /etc/sudoers.
(Use your own username, obviously, unless you too happen to log on to your OSes as ‘hjr’!) As soon as you’ve done that, re-run Truecrypt as yourself and you should be able to mount and dismount the encrypted thumb drive at will.