Managing access credentials
Key Moments
Whether you need to log into an online store, read your email in the browser, check your account balance, or upload photos to the cloud, most services require an individual account with authentication when accessing the service. This raises various problems.
Using the same passwords on multiple accounts has long been considered a bad idea. However, if you use a separate password for each service, you can quickly lose track of which password goes with which account. At the same time, passwords need to meet certain security requirements to resist brute force attacks. It is important to use uppercase and lowercase letters, numbers, and special characters in a way that prevents algorithms from cracking the password, leading to complex passwords. Last, but not least, users soon forget their passwords for accounts that they rarely use, which makes access even more difficult.
To remedy this, a password manager can store essential information for the respective services along with your access credentials. You then typically only need to remember the password for the password manager. Of course, developers need to effectively secure the password manager itself. Otherwise, unauthorized third parties will gain access to a large volume of individual access credentials in the event of theft. To see what current password managers have to offer, this article looks at four password managers: Buttercup, KeePassXC, Pasaffe, and Password Safe (see also the "Not Considered" box).
Not Considered
Because there are so many password managers, we had to make a subjective selection for this article. Many local password managers are no longer under development and have therefore dropped out of the race. For example, Gryptonite [1] (formerly GPassword Manager) was last updated in 2015, MyPasswords [2] in 2013, and the Python-based Loxodo [3] in 2018. Other text-based password managers, like pass
[4], are not covered here, because they do not provide a graphical interface.
Basic Functions
A common practice among password managers is to offer online services and store credentials in the cloud, creating potential vulnerabilities. Such services are often commercial, and users do not know in detail where their data ends up and what data security measures the provider takes.
Many of these services only work as an extension of the web browser on the client side. This makes them vulnerable to malware that compromises the web browser as a platform. A local backup on a workstation computer or an enterprise server without Internet-based access seems far more elegant and secure than using an online service.
Password managers also often to store more than just the plain vanilla authentication data. Thanks to auto-type options, they also complete web pages with access data in a largely automated way, saving users manual input. Different categories help keep track of the stored data.
Buttercup
Buttercup [5], a free, local, multiplatform application, stores and retrieves access credentials both locally and in the cloud. Several RPM and deb packages, as well as two AppImages, are available for installation on Linux. The application supports both older 32-bit and current 64-bit operating systems [6]. Buttercup stores the user data in archives. After installation and first startup, Buttercup opens a window prompting you to create an archive (Figure 1).
Buttercup later saves the access data in the archive; the data should ideally be categorized. Open a file manager to create the archive, and assign a name and storage path for the archive. Be sure to include the .bcup
extension in each instance. If you forget it, Buttercup will not create the archive.
Once the archive is created, the software asks you to define a master password. Then the actual program interface opens (Figure 2). The main window is divided into four vertical panes. In the narrow pane on the far left, Buttercup arranges the existing archives one below another. On first launch, only the first archive is found in this pane.
In the second pane, you will find the group list where Buttercup sorts the groups that belong to the selected archive. In the third pane, Buttercup lists entries that belong to the selected group. Finally, in the fourth pane on the far right, Buttercup shows the contents of the selected entry. This is where you can create usernames, passwords, and user-defined fields.
Contents
To fill the databases, first press the New Group button at the bottom of the second pane and create a new group in the input field that appears. Pressing the Enter key transfers the group to the group pane. Buttercup displays all the groups in alphabetical order.
Then select the group to which you want to add entries. The group name is highlighted in green. After clicking on Add Entry in the pane to the right of the group view, a dialog opens on the far right. Now enter a name for the entry followed by the matching access credentials. If required, you can add more information to the current entry by clicking the Custom Fields link. Finally, click on Save bottom right.
The new entry now ends up in the third pane. If you want to edit an entry later on, select the entry and press the Edit button at the bottom of the far right pane. Then save the entry again, so that Buttercup will apply the changes.
If a group contains a particularly large number of entries, you can sort them. To do this, press the bar symbol top right in the entry pane and select the sort order in the pop-up context menu. The software arranges entries either alphabetically (Figure 2) or chronologically, but you can reverse the order for both options.
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.