Software : 8 of the best Linux password managers |
8 of the best Linux password managers Posted: 05 Jan 2011 05:00 AM PST Still remember the password to your account on Angelfire for a website that you abandoned in 1999 but can't remember the login information for the Fedora 13 virtual machine? We've all been there. It's what Sherlock Holmes referred to as filling up the attic with useless information. We're not all capable of clearing stuff out from our attic, but we can trust some important information – such as passwords – to dedicated password managers that can remember, protect and serve us these passwords as and when we need them. The naysayers would argue that you can't trust all your passwords to a single location. Different password managers rely on different encryption algorithms to ensure your passwords remain safe, and in our selection you'll find many different algorithms in use. Most of these tools, however, also rely on a master password. Forget the master password and you can't retrieve any of the passwords stored within. Because of the basic premise of password managers, only a few tools are now in active development. Still, the nature of open source projects, and the stability of these tools have ensured them a place on our list. So why wouldn't you use a password manager instead of mucking about with silly text files with manual encryptions. There's just one rule: make sure your master password is very secure – but more importantly, make sure that it's something you won't ever forget. How we tested... We wanted tools that can easily work on more than a single distribution and make it easy to import and export data. Because the information trusted to password managers is so private, the security measures they use wins them extra brownie points. While there are Firefox extensions you can use to store passwords for websites, we're interested in tools that can store any username/password combination, irrespective of what that combination unlocks. We also wanted tools that offer search features so you can quickly locate any passwords. Many tools are still in beta, so that isn't a criterion on our list. If it's stable and can do all that it promises, we're happy Our selection Fiagaro's Password Manager KeePassX One of the oldest and most popular tools Despite the popular naming convention of Linux tools, the K in KeePass doesn't reflect its dependency on KDE. This tool is an unofficial port of the Windows password manager tool KeePass. A standard feature in software repositories for most distributions, the only requirement of KeePassX is the Qt library. When you first launch it, the first step is to create a master password. In contrast to some of the other tools in our list, it can also work with encryption key files. You can also use a combination of master password and key file to add another layer of security to your login credentials. To begin, click File > New Database and provide a master password. You can also create a key file at this point. All login credentials are stored in an encrypted file on your disk. KeePassX offers AES and the Twofish encryption to better protect your passwords. By default, it lets you add entries to the database in two groups – email and internet. You can store the login information for websites, forum boards, wikis, news sites and so on in the internet group, and use the email group to store the email account passwords. For better control, you can even create new groups or sub-groups using the Groups menu from the toolbar. The right-click context menu for each entry in a group lets you copy the username and the password to the clipboard in addition to offering to open the URL in a browser window. However, copying the password to the clipboard is an obvious security risk as any program that can read the clipboard can access this password. You can search the entries in the database using the search bar at the top-right of the KeePassX interface. Verdict KeePassX Very secure. Can work with multiple databases and export and import data Rating: 9/10 Gpass This old horse can still fight, but should you care? Although no longer actively developed, Gpass remains a fan favourite among the netizens. It stores the passwords in an encrypted file under the ~/.gpass directory, which is protected with a master password. As it works only with an encrypted file, you can't create different databases. All login credentials must be stored in a single file. Another shortcoming is that it doesn't give you the option to search through the login credentials file. The single repository of login credentials can expand over time and, while the entries are arranged alphabetically, the inability to search through the list can become bothersome as it grows. Gpass relies on the Blowfish encryption algorithm to make the password repository file unreadable. To add a new entry to the list, click the Add button and fill in the details in the Attribute Editor window. You can use the Type drop-down list to select either General or Folder. Since it can't work with different files, you can create folders to easily manage your passwords; for example, a folder each for wikis, forums, blogs, and so on. Each folder can then have multiple entries. Another useful feature is the password generator. In the Attribute Editor window, next to the Password field is the Generate button. You can use this to create a random password. Login information for your bank accounts and other such sensitive information should not be trusted to a password manager no matter what its security feature set. With many easy-to-use tools still actively developed, there's little reason for you to use Gpass over any of them. Verdict Gpass Easy to install and use. But no database, and can't search or import Rating: 4/10 Gpassword Manager Genius interface. Could use some colour though, and better tooltips Gpassword Manager offers just about all features you would expect from a password manager. While not available in the software repositories, a simple Bash script for an installer makes it an ideal choice for all levels of computer users. Uncompress the tarball and in a terminal run the command sudo ./install.bash This will install the program, and you can then launch it from the terminal with the command gpasswordman or from the Alt+F2 Run Application dialog box. When adding entries, you can define favourites, which can then be accessed by right-clicking the system-tray icon. This feature is unique to this tool, and it's mighty useful. Gpasswordman uses Crypto++ for encryption and can run on Windows or Mac. So you can easily use the same database to store user account information for all your machines. Unlike many other tools in our list, it doesn't offer the option to import or export the encrypted file. So, when you wish to use the file on a different instance of Gpassword Manager, click File > Open and select the file. To create a new entry, click File > New > Secret. The Edit Secret dialog box, where you fill in all the information, lacks proper tooltips. While the tool does offer helpful hints for each of the many buttons, many of them aren't very specific. Type the name of the website in the Label field, and use the + button to add the Username, Password, URL and other fields. You can then fill in this information. Clicking the star button will mark the entry as favourite, enabling you to access it from the system tray icon. Verdict Gpassword Manager It's awesome to access your favourites from the system tray Rating: 9/10 Revelation Hey, it has a punchy tag line! Any tool that says: "You drive, I think there's something wrong with me" in the Help > About dialog deserves to be in as many lists as possible. But saner minds prevail and so it's only on a list of compatriots. Revelation is another password manager for Gnome, and this one isn't in active development any more either. Unlike most other tools, it doesn't ask you to provide a master password as the first step. To add a new entry to the database, click the Add Entry button on the toolbar and fill in the details. Use the Type drop-down list to select what kind of information you're storing. The Account Data fields change depending on what you choose. After adding the entry, click the Save button on the main toolbar. Revelation will ask you to type a name for the database file and specify a location where you wish to store it. Only after you've done that will you be asked to provide a master password. Over time the list of stored credentials will grow, and that's when you will really appreciate the different types of information you can store. To search for an entry, click View > Search Toolbar and type in the complete name in the search bar. You can limit the search to any type, such as website or email, using the Any Type drop-down. It only searches through the name fields of each entry, and you must provide the exact name or the search will come up empty. Revelation loses points here as this is in contrast to many other tools that offer partial matching. It enables you to import files from many of different tools, such as Gpass or Password Safe, and you can export to any of these or even plain to XML. Verdict Revelation An improved search feature will make it a title contender Rating: 8/10 Gringotts A secure notes manager, but it can be used to store passwords Possessing a vast feature set, including the option of choosing from eight different types of encryption algorithms to protect your data, makes Gringotts the most comprehensive program on our list. The feature set however is a curse as much as it is a blessing. Because most users will only want to use a tool to store passwords, its crowded interface may seem a bit tedious. If all you're looking for is a simple tool to store login credentials, this is probably not for you, for it aims to be a repository of all your important data – not just passwords. The website doesn't offer any documentation, and while the project hasn't had a new release in over a year, it's still stable enough for regular use. When you first run Gringotts, click Edit > Preferences and select the type of encryption you wish to use. The Preferences window is made of three tabs and you should browse through each to define its behaviour. To begin, click File > New. You'll be asked to define a password. You can choose to enter a string, or use a file on the disk. Gringotts requires you to first create a new document, and then add items to this document. Since it's a notes manager, you can effectively create a document each for all your medical scans, prescriptions, credit card statements and so on. When adding items to a document, it enables you to attach files. So, you can effectively create a monthly document for your credit card statements and attach all the different bank statements as different items in the document. It will then encrypt and store this data for you. Because of the complex encryption on offer, you can effectively attach a text file with login credentials to Gringotts and feel safe with it. Verdict Gringotts If you only want to manage passwords, there are easier tools. Rating: 4/10 MyPasswords It's beautiful and we like it The best thing about this tool is that it doesn't require installation and it's super fast. You won't find MyPasswords in the software repositories of your distribution, so head on to the project's website and grab the 3.6MB zip file. Handily it can run on Windows, Linux, Unix and even Apple. Once uncompressed, you only need to double-click the run.sh script to launch this program. You can alternatively run the script from the terminal. It relies on the Derby database and AES encryption algorithm to create a secure repository of your login credentials. The interface is very simple and straightforward. You're asked to fill in the login information for a website when you run the program. The fields are all the same for all tools, except it offers the genius tags option. You can add tags to each item you add to the database, and you can provide multiple comma-separated tags for each entry. To add another entry, click the New button at the bottom-right of the window and enter the details for the new account. Each entry is saved into the database when you press Save. When looking for entries, click the Search button on the toolbar and you can search using the title or any tags you provided for the entry. You don't need to provide the exact title, as partial matching also works. For a list of all the entries in the database, click Search without specifying either title or tag. On each subsequent run it will add new entries to the same database and you can easily export this to an XML file if you like. Lack of a master password means anybody can launch the tool and read your passwords, so be careful. Verdict MyPasswords Registered and released this year, this is the tool to use. Rating: 10/10 PasswordSafe Not to be confused with the command-line pwsafe This tool is in beta, and in our tests it crashed a couple of times. You should therefore carefully backup the database files to be on the safe side. Thankfully, it offers various back up options to make the task easier. You'll find PasswordSafe in the software repositories for Ubuntu 10.04 and beyond, but don't confuse it with pwsafe, a command-line only password manager. To add to the confusion, once installed, PasswordSafe also responds to the command pwsafe. So, to launch, type pwsafe into the Alt+F2 Run Application dialog box. When you first run it, you'll need to create a new database. You also need to specify a password – called safe combination in PasswordSafe parlance. The safe combination is the master password you'll use to unlock the database. We're now ready to populate the database with new entries. To begin, click the Add New Entry button on the toolbar or click Edit > Add Entry. The Edit Entry dialog box comprises four tabs. You type in the details for the entry in the first, Basic, tab. PasswordSafe lets you create different groups such as blogs, forums, wikis and the like. You can then assign entries to any of these groups. You can define the settings for the password generator in the last tab – things like the number of characters, or what combination of lower-case/uppercase letters and numbers to use. Another plus point is its hyper-advanced search feature. Press Ctrl+F and you can then use the search bar at the bottom of the main window to look for items in the database. If the basic search doesn't suit your needs, click the Advanced Find Options button on the search bar and then you can search within the different fields as well. Verdict PasswordSafe Fix a few bugs and this tool has all the makings of a title contender Rating: 7/10 Fiagaro's Password Manager 2 Another thoughtful tool. We're really spoiled for choice now Once installed, you can launch this program from the terminal or the Alt+F2 Run Application dialog with the command fpm2. The first step is to specify the master password. We're now ready to fill the database with a wide range of entries. FPM2 uses AES-256 encryption to secure the database files – stored in the ~/.fpm/ directory. To add a new entry, click the New button on the toolbar. Like PasswordSafe, FPM2 also allows you to create categories for different entries in the database. All the entries in the database are listed in the main FPM2 window. You can use the The password generator in most tools is almost exactly alike, but the Avoid Ambiguous Characters option in FPM2's password generator is unique and very useful. It ensures that characters like 1 and l (number 1 and lower-case L), for instance, that are often confusing to read and distinguish, aren't used in the generated password. The search feature offers the search-as-you-type function, which yields near-immediate results for your queries. Partial matching is also supported, which means when looking for The Register entry, you can type reg and FPM2 will helpfully still locate and display the entry. FPM2 can also be used as an application launcher. Just type the name of the application in the URL/Arg field, and select one from SSH, web, or generic command in the Launcher drop-down list. When you now doubleclick the entry in the FPM2 window, the program will be launched. Verdict Fiagaro's Password Manager 2 The settings for applications launchers can be easily defined. Rating: 8/10 The verdict: MyPasswords 10/10 Tell me you didn't see that coming. That the winner would be the tool that lets you assign tags to each entry, doesn't require any installation and supports partial searches. And it's the only tool in the selection that offers two of these qualities – no installation and tags. A perfect score may make us seem partial or jaded or out of our minds, but you'll agree with us after giving MyPasswords a spin yourself. But it wasn't an easy battle, and we were pleasantly surprised to have such a closely contested competition. It was unexpected, especially because some tools haven't seen any developer love in a good long while. The other podium finishers, KeePassX and GPasswordManager, both managed a 9/10. With only a little work, these two can easily topple MyPasswords, although we suspect it will be a Vi vs Emacs-like debate and not a clean win for either party. Most websites nowadays require users to fill in a security question and password that can be used to recover a secret word string if you ever forget yours. And yet, none of the tools in our list offer the option to also add this information to the login credentials. Some tools, like KeePassX, let you add notes for each added entry, and while this can be used to store the security question and other related information like a secondary email address perhaps, dedicated fields to store this information will be very much appreciated. Gringotts gets such a low rating because it's not the easiest to use tool in the list. In fact, it wasn't intended to be a password manager at all, and so putting it in this list was maybe unfair. It's an amazing program when you use it for storing files – which is what it was created for. While some of these tools let you search within categories, PasswordSafe's advanced search option lets you select any number of fields, like name, URL or description to search within. And this is something that the other tools should also offer. While partial matching and search-as-you-type is a handy feature, it's not very convenient when you have dozens or even hundreds of entries in the database. The fact that it doesn't offer a source file so that you can manually install in other distributions is shocking. But MyPasswords, our winner with a perfect score, isn't without fault either. The absolute lack of any documentation is a feature common to almost all tools. Some of them don't even provide a complete feature set. A small tooltip for each button on mouse-over is useful, but this shouldn't be the extent of the documentation for any type of software – not just password managers. |
Tutorial: How to create your first Android app Posted: 05 Jan 2011 03:00 AM PST One of the strengths of the Android platform compared to, say, that of the iPhone, is that it's open source. This makes it easy to produce your own apps and distribute them without a lengthy approval process. You can code your own Android app on your PC as long as you have the right software, and you can even take it for a test drive using an Android emulator. We'll guide you through the steps you need to take in order to write run a basic 'Hello world' application in Android. Android apps are written in Java code, so you'll need a Java development kit installed on your PC. You also need an integrated development environment (IDE) to write and test the code. We explain how to set up Eclipse IDE to work with the plug-in Android Development Tools and the Android Software Development Kit, which enables you to generate and execute suitable Java code within an Android emulator. You also need at least one version of the Android platform. See 'Adding Android platforms' below to find out how to do this. Once you've downloaded a version of Android, you also need to set up a virtual device to run in the emulator. There are several steps you need to take to get your computer ready for the Android SDK. First, install a Java Development Kit. You can get the right one for your version of Windows from here. You also need to install Eclipse IDE for Java developers, which is available from www.eclipse.org/downloads. When you install Eclipse, it will check for the JDK. It's best to extract Eclipse in the same directory as the JDK. Eclipse won't install if it can't find it, but you can move the required files to whichever directory the Eclipse installer is examining. With Eclipse installed, you can download the Android SDK. Extract it to a safe directory and make a note of where it is. Back in Eclipse, you need to add the Android Development Tools. Choose 'Help | Install new software'. Next to 'Work with', enter https://dl-ssl.google.com/android/eclipse and click 'Add'. In the pane below this, check 'Development Tools' and click 'Next'. You should see 'Android DDMS' and 'Android Development Tools' selected. Click 'Next', accept the agreement and restart Eclipse. Point the ADT plug-in to the place you extracted the Android SDK to. In Eclipse choose 'Window | Preferences | Android'. Next to 'SDK location', click 'Browse' and fi nd the folder containing the SDK. Click 'Apply' and 'OK'. platforms To test any app you create, you'll need a version of the Android platform installed. You can do this in the Android SDK and AVD Manager, which you'll be able to launch in Eclipse if you've set your system up correctly. Choose 'Window | Android SDK and AVD Manager' to open it. Now select 'Available Packages' and tick the box next to 'https://dl-ssl.google.com/android/repository/repository.xml'. After a scan of the repository, you'll see the available components. Tick those that you want to install and clear the others. The most important package to install is the latest version of the Android platform. You'll need this to set up a virtual Android device. There are several versions available, but you'll need older ones if you plan to release your app, and therefore need to test it with a range of different versions. At this stage you can also clear the samples, Google APIs and USB driver. If you find that you need any of these later on, you can always go back and install them. Click 'Install selected' and wait for the components to download. Verify and accept the new components if prompted to do so. They will then be added to your existing Android SDK folders. Once you've got Eclipse up and running and have at least one version of the Android platform installed, you need to set up an Android Virtual Device, or AVD. You can do this in the Android SDK and AVD Manager. Choose 'Window | Android SDK and AVD Manager' and select 'Virtual Devices'. Click 'New' and provide a name for your new device. Select the Android platform that you want to use as the target. Click 'Create AVD'. If you want to test your application to ensure that it runs under different versions of Android, you'll need to create a new virtual device for each version of the platform. You can also specify other parameters here, including the presence and size of an SD card. It's possible to select a file to use as a virtual SD card, too. You can opt to use the built-in skin (recommended) or specify the resolution that you want to use. Under the 'Hardware' option, click 'New' and select a device if you want to add more virtual hardware. For a simple AVD, you'll usually be fine sticking with the default options. Once you've finished, you can close the Android SDK and AVD Manager. Now that you've created your virtual device, you can set up a new project in Eclipse to begin creating your application. Once you have the software in place and have set up a virtual device in the Android SDK and AVD manager, you can create a new project. In Eclipse IDE, choose 'File | New | Project'. In the 'New project' wizard, select the 'Android' folder and choose 'Android Project'. Click 'Next'. You now have a new window for your project details. We'll set up a 'Hello world' application, which displays text when launched. In the 'Project name' field enter HelloAndroid. For 'Application name' enter Hello, Android. For 'Package name' enter com. example.helloandroid, and for 'CreateActivity' type HelloAndroid. Click 'Finish'. These parameters are used to set up your project in Eclipse. 'Project name' is also the name for the directory in your workspace that will contain your project files. Eclipse will create it for you. Assuming you accepted the default Windows workspace of 'C:\Users\username\workspace', you'll find the above directory at 'C:\Users\username\workspace\HelloAndroid'. If you browse to this in Windows Explorer, you'll see a number of subfolders and files set up as part of the project. Name your app 'Application name' is the title of your app, and is displayed on the Android device. You can change this at will, but be more careful with 'Package name'; this is the namespace for the package where your source code resides. It needs to follow the rules for naming packages in Java and be unique across the Android system, which is why a domain style package is used. 'com.example' is reserved for examples such as this. If you develop an app that's published, you'll need your own namespace. This usually relates to the organisation publishing the app. 'Create activity' relates to the class stub generated by the plug-in. An activity is basically an action. We'll leave the other project fields at their default values. 'Min SDK version' enables you to set the minimum API needed by your app. If 'Use default location' is ticked, your project is saved in your workspace. 'Build target' is the platform target for your application – the minimum version of Android it will run on. If you develop an app to run on an earlier version of Android, it should run on a later one too, but an app developed for a later version of the platform probably won't run on an earlier version. The build target isn't critical as long as you can get your app to run in the emulator. It's more of a concern when you come to release an app. The option to create the project from an existing example enables you to select existing code to modify. This will be of interest as you move on to new challenges. You should now see your project in the Package Explorer. Double-click 'HelloAndroid 'to expand it. Also expand 'src' and 'com.example.helloandroid'. Doubleclick 'HelloAndroid.java' to see the code that's set up. In the main pane, you should see this text: package com.example. import android.app.Activity; public class HelloAndroid extends Activity { If you can't see all of this, look to the left-hand side of the pane and expand any plus signs indicating collapsed code. Essentially, this defines your application without actually doing anything at this stage. We need to add an object that will contain your text, and specify what the text will be. Below the line 'import android. os.Bundle;' add the following: import android.widget.TextView; You also need to add the following three lines of code above the two closing curly brackets: TextView tv = new TextView(this); You can replace the text in the quotes to make your app say what you like. The code in its entirety reads should read as follows, if you kept the text the same: package com.example. helloandroid; Save the changes and you're ready to test your code in the Android emulator. In Eclipse, choose 'Run | Run | Android Application.' The emulator can take a few minutes to boot into Android. Once booted, your app should run automatically and you'll see a grey title bar with the app name in it. Below this, your text is displayed. Press the 'Home' button to return to the Android home screen. Click the 'Applications' button to see the list of available apps, including 'Hello, Android'. Select this to launch your app. Now you've run your app in the emulator successfully, you can try it on a real device. First, you need to ensure that the USB driver is installed in the Android SDK and AVD manager. Choose 'Window | Android SDK and AVD manager | Available Packages'. Select the Android repository, ensure that the USB driver is ticked and click 'Install selected'. Connect your Android phone to a spare USB port and wait for Windows to detect it. In the 'New hardware' wizard, choose 'Locate and install drivers' and opt to browse your PC for the drivers. Browse to the 'Android SDK' folder and locate the subfolder for the USB driver. Windows should find and install it from here. You need to declare your app as debuggable. In Eclipse, expand your application and double-click 'AndroidManifest.xlm'. Move to the 'Application' tab and select 'True' from the 'Debuggable' dropdown list. Save the project. Go to your Android phone and choose 'Menu' from the home screen, then select 'Applications | Development', and enable USB debugging. You can now reconnect it to your PC via USB. If you want to check that the SDK can see your phone, browse to the 'Tools' directory in your Android SDK folder. Launch 'adb.exe' and you should be able to see your phone listed as 'Device'. To launch your app on the connected phone, choose 'Run | Run | Android application in Eclipse'. Now you have your phone and the emulator connected, you need to specify which you want to run it on. Eclipse presents you with a Device Chooser that lists all the available devices and emulators. Select your phone from this list to install and run the app. Now you've produced and run a basic application in an emulator and on an Android device, you can begin to learn how to develop your own. It helps to have some knowledge of Java programming, but you'll also find a number of stepped tutorials in the Android Developer Resources pages. These include introductions to the different views available to apps and how to implement them. You'll also find ways to use common resources such as location information, and learn how to debug your work. You'll find a list of sample code on these pages too, which will help you work through example apps that you can modify to your own ends. These include games, such as Snake and Lunar Lander, plus utilities including Notepad and Wiktionary. You can find more samples at apps-for-android. |
You are subscribed to email updates from TechRadar: All Applications feeds To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
Google Inc., 20 West Kinzie, Chicago IL USA 60610 |
No comments:
Post a Comment