Tuesday, April 8, 2014

Managing Passwords on a Chromebook

Ok, if you are a LastPass fanboy this post is not for you. I don't care how nice some service says they are, at the end of the day, I am uncomfortable leaving my passwords in the cloud.

For day to day "password memory" I am much more comfortable with Google managing my passwords than a third party service. Google offers the same level of security as LastPass with the added benefit that the encrypted passwords reside in my browser.

The passwords are encrypted and can only be unencrypted by putting in a seperate encryption password. There is no way for someone to access my passwords without having access to my Google account. I also have two factor set up which is an extra layer of security. In LastPass the passwords reside in the cloud and all one needs is my "master password" to gain total access.

It is not the day to day "password memory" that is the issue. Chrome wins Lastpass hands down on this front. It is those passwords for bills and bank accounts that demand a little more security. I don't care how secure ones safe is you are not going to put it in a city park.

So what's one to do for password security on the Chromebook if the cloud is off the table. I have been trying to come up with a solution for months. I use Keepass on my computers but all Keepass friendly apps are cloud dependent. Some Keepass users sync their database to Dropbox or Google Drive but this just brings us back to the LastPass problem.

I have come upon a solution that works for me. It entails two apps Text and Crypto Lite. Text simple lets you open and save text files, and Crypto Lite is a very basic text encrypter with 256 bit AES that can be decrypted with a password. All encryption / decryption happens directly in the browser and is never transmitted.

I have created several groups of passwords - billing for example - and encrypted them with Crypto Lite. I then take the encrypted text and save it to an SD Card with Text. When I need the password I simply take the encrypted text and decrypt it with Crypto Lite.