Password managers and RISC OS

posted in: Software | 2

downloadI’m sure most people these days are familiar with how important using strong passwords are – don’t use common words, don’t have a short password and, probably the most important one – never reuse passwords between online accounts…

Now it’s all well and good to be using unique and hard-to-remember passwords for all your accounts, but with it arises the issue of remembering them. Unless you’re some form of cyborg, you can’t – especially considering the amount of online accounts individuals have these days. I have 80+ in my password manager alone, and I’m sure that’s probably not all of them.

Writing your passwords down on paper could be a way to go, but you always run the risk of either losing the paper they’re written on or even worse, some nasty person gets hold of it.

Password managers have increased in popularity in recent years, and have come along way over the last decade or so. LastPass and Dashlane are the most popular multi-platform password managers, utilising the cloud to store your passwords – which are protected by a master password and two-factor authentication. My OS X and Windows machines are running Dashlane, which is pretty nifty in that it auto-populates login fields on the Internet – but it doesn’t cover me when I’m using my RISC OS machines…

So I thought I’d take a look at what options we have available to us on RISC OS, all of which store passwords locally on your machine – which although it’s considered a security risk on other platforms, the risk of your passwords being obtained maliciously from your RISC OS machine as a result of malware or an unauthorised access attack is relatively low.

Passman by Kevin Wells – Developed natively by Kevin Wells, Passman is a desktop utility for RISC OS that is designed to serve as a single user password manager. Specifically geared towards login fields on websites, it makes it easy to enter the username/password combo for a previously stored website by allowing you to put the cursor in the username field for the site, and then clicking the relevant button in Passman.

The one downside is that although Passman is secured by a master password, the passwords it stores aren’t encrypted, so although RISC OS is relatively safe from malware attacks and vulnerability exploits, the passwords can still be obtained by malicious 3rd party if they really want to get their hands on them.

Compatibility-wise, the application runs well on my Raspberry Pi 2 running RISC OS 5.21 and has also not had any issues running on my RiscPC running RISC OS 4.

Qupzilla, ported by Chris Gransden – QupZilla is a lightweight, fast web browsed based on the QtWebEngine browser, it’s come a long way since it was first released in 2010. It now features an RSS reader, Extension Support, a spell checker and, a Password Manager.

22-07-2016 13-39-32Ported to RISC OS a few months ago by Chris Gransden, Qupzilla runs on any modern version of RISC OS – I tested this on my Raspberry Pi 2 running RISC OS 5.21 without encountering any problems. It won’t be compatible with older, 26-bit systems like the RiscPC however.

The browser’s built-in password manager stores passwords locally, and just like Passman, it requires a master password to get into your password list. Unfortunately, passwords are not encrypted but as it’s an in-browser feature it makes it very easy to copy over passwords into login forms, and adds an added level of convenience when compared to using a separate passwords manager application.

Overall, password management on RISC OS has improved massively over the last few years, with two free and very usable software solutions out there. The only downside is that both solutions don’t currently encrypt the passwords, which could mean a malicious third party could nab the file(s) containing the passwords if they put their mind to it.

EDIT (July 2018): Passwords by John Peachey – John has updated !Passwords to work on modern RISC OS systems. Passwords is a small password manager that requires login to view and amend your passwords, it also keeps all passwords in an encrypted form on the backend. Check out our in-depth look at Passwords here.

2 Responses

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.