Paroolihaldurid

Paroolihaldurid on turvalised tarkvararakendused, mida saab kasutada paroolide haldamiseks ja turvaliseks salvestamiseks. Need rakendused pakuvad teile võimalust luua tugevaid paroole ning salvestada neid turvaliselt, nii et teil ei pea enam muretsema paroolide meeldejätmise või nende kaotamise pärast.

Tartu Ülikool soovitab paroolihaldureid LastPass, BitWarden ja KeePass.

• LastPass on üks populaarsemaid paroolihaldureid, mis pakub kõiki peamisi funktsioone, nagu paroolide loomine ja salvestamine, paroolide automaatne täitmine, veebilehitsejate laiendused ja multi-factor autentimine.
  LastPass Free users can use LastPass on an unlimited number of devices within their one active device type (either computers only or mobile devices only).
  LastPass has two accessible device types: computer (all browsers running on desktops and laptops) or mobile (mobile phones, smart watches, and tablets).
  Access your vault using just your biometrics. Go passwordless with the LastPass Authenticator app.
  
• BitWarden on turvaline ja kasutajasõbralik paroolihaldur, mis pakub võimalust oma andmeid enda kontrolli all hoida.
  Secure Password Sharing - Share your encrypted data quickly and easily, and only with the users or teams who need access
  Cross-Platform Accessibility - Access critical data in your vault from any location, browser, and device
  Cloud-Based or Self-Host - Deploy fast and efficiently in the cloud, or self-host for teams with additional IT and infrastructure resources
  Security Audit & Compliance - Open source, third-party audited, and compliant with GDPR, Privacy Shield, HIPAA, and CCPA regulations
  Vault Health Reports - Access insightful reports to reveal weak, reused passwords, and other helpful security metrics
  Directory Sync - Use SCIM support or the Directory Connector to streamline user and group provisioning and maintain synchronization with your directory service
  Always-On Support - Customer Success agents are available to support you around the clock
  Detailed Event Logs - Monitor user and group access to sensitive data with audit trails
  Flexible Integrations - Unite your existing systems with Bitwarden using SSO integration, Directory services, and powerful APIs
• KeePass on avatud lähtekoodiga tarkvara, mis võimaldab teil oma paroolide andmebaasi paigutada kuhu iganes soovite - kas arvutis, USB-seadmes või pilveteenuses.

Kõik need paroolihaldurid pakuvad kõrgetasemelist turvalisust, mugavust ja kasutajasõbralikkust, kuid igaüks neist erineb natuke funktsioonide poolest.

Enne paroolihalduri valimist tuleks uurida nende eeliseid ja piiranguid ning veenduda, et valitud paroolihaldur vastab teie vajadustele ja eelistustele.

Paroolihaldureid on võimalik paigaldada ja kasutada kõikides seadmetes.

Õpetused paroolihaldurite seadistamiseks: 

• Paroolihaldur LastPass seadistamine

• Paroolihaldur BitWarden seadistamine

• Paroolihaldur KeePass seadistamine

Küsimuste korral võta ühendust arvutiabiga.

Password managers

Password managers are secure software applications that can be used to manage and securely store passwords. These apps give you the ability to create strong passwords and store them securely, so you don't have to worry about remembering or losing them.

The University of Tartu recommends password managers LastPass, BitWarden, and KeePass.

• LastPass is one of the most popular password managers that offers all the main features such as password creation and storage, password auto-fill, browser extensions and multi-factor authentication.
• BitWarden is a secure and user-friendly password manager that offers you the ability to keep your data under your control.
• KeePass is open-source software that allows you to place your password database wherever you want - whether on a computer, a USB device, or in a cloud service.

All of these password managers offer a high level of security, convenience, and user-friendliness, but each one differs slightly in terms of features.

Before choosing a password manager, you should research its advantages and limitations and make sure that the password manager you choose meets your needs and preferences.

Password managers can be used across all devices.

Guides for setting up password managers:

• Password manager LastPass setup
• Password manager BitWarden setup
• Password manager KeePass setup

If you have any questions, contact IT helpdesk.

/(Keypass lähteinfo)\

Strong Security
KeePass supports the Advanced Encryption Standard (AES, Rijndael) and the Twofish algorithm to encrypt its password databases. Both of these ciphers are regarded as being very secure. AES e.g. became effective as a U.S. Federal government standard and is approved by the National Security Agency (NSA) for top secret information.
The complete database is encrypted, not only the password fields. So, your user names, notes, etc. are encrypted, too.
SHA-256 is used to hash the master key components. SHA-256 is a 256-bit cryptographically secure one-way hash function. No attacks are known yet against SHA-256. The output is transformed using a key derivation function.
Protection against dictionary and guessing attacks: by transforming the master key component hash using a key derivation function (AES-KDF, Argon2, ...), dictionary and guessing attacks can be made harder.
Process memory protection: your passwords are encrypted while KeePass is running, so even when the operating system dumps the KeePass process to disk, your passwords aren't revealed.
[2.x] Protected in-memory streams: when loading the inner XML format, passwords are encrypted using a session key.
Security-enhanced password edit controls: KeePass is the first password manager that features security-enhanced password edit controls. None of the available password edit control spies work against these controls. The passwords entered in those controls aren't even visible in the process memory of KeePass.
The master key dialog can be shown on a secure desktop, on which almost no keylogger works. Auto-Type can be protected against keyloggers, too.
See also the security information page.

Multiple User Keys
One master password decrypts the complete database.
Alternatively you can use key files. Key files provide better security than master passwords in most cases. You only have to carry the key file with you, for example on a floppy disk, USB stick, or you can burn it onto a CD. Of course, you shouldn't lose this disk then.
For even more security you can combine the above two methods: the database then requires the key file and the password in order to be unlocked. Even if you lose your key file, the database would remain secure.
[2.x] Additionally, you can lock the database to the current Windows user account. The database can then only be opened by the same person who created it.
See also the keys information page.

Portable and No Installation Required, Accessibility
KeePass is portable: it can be carried on an USB stick and runs on Windows systems without being installed.
Installer packages are available, too, for the ones who like to have shortcuts in their Windows start menu and on the desktop.
KeePass doesn't store anything on your system. The program doesn't create any new registry keys and it doesn't create any initialization files (INI) in your Windows directory. Deleting the KeePass directory (in case you downloaded the binary ZIP package) or using the uninstaller (in case you downloaded the installer package) leaves no trace of KeePass on your system.
Ports for other systems like Android, iOS, etc. are available. See the downloads page.
[2.x] Accessibility: KeePass 2.x features an advanced option that explicitly optimizes the user interface for screen readers.

Export To TXT, HTML, XML and CSV Files
The password list can be exported to various formats like TXT, HTML, XML and CSV.
The XML output can be easily used in other applications.
The HTML output uses cascading style sheets (CSS) to format the table, so you can easily change the layout.
The CSV output is fully compatible with most other password safes like the commercial closed-source Password Keeper and the closed-source Password Agent, also the CSVs can be imported by spreadsheet applications like Microsofts Excel or OpenOffice's Calc.
Many other file formats are supported through KeePass plugins.

Import From Many File Formats
KeePass uses the common CSV export format of various passwords safes like Password Keeper and Password Agent. Exports from these programs can be easily imported to your KeePass databases.
KeePass can parse and import TXT outputs of CodeWalletPro, a commercial closed-source password safe.
KeePass can import TXT files created by Bruce Schneier's Password Safe v2.
[2.x] Out of the box, KeePass supports importing more than 35 formats (see Help: Import).
Many other file formats are supported through KeePass plugins.

Easy Database Transfer
A password database consists of only one file that can be transferred from one computer to another easily.

Support of Password Groups
You can create, modify and delete groups, in which passwords can be sorted into.
The groups can be arranged as a tree, so a group can have subgroups, those subgroups can have subgroups themselves, etc.
See also this screenshot.

Time Fields and Entry Attachments
KeePass supports time fields: creation time, last modification time, last access time and expiration time.
You can attach files to password entries (useful to store PGP signature files in KeePass for example).
[2.x] KeePass has a powerful internal viewer/editor for text files, images and documents. You don't even need to export attached files to view/edit them! For security considerations, see 'Security: Viewing/Editing Attachments'.

Auto-Type, Global Auto-Type Hot Key and Drag&Drop
KeePass can minimize itself and type the information of the currently selected entry into dialogs, webforms, etc. Of course, the typing-sequence is 100% user-customizable, read the documentation file for more.
KeePass features a global auto-type hot key. When KeePass is running in the background (with opened database) and you press the hot key, it looks up the correct entry and executes its auto-type sequence.
All fields, title, username, password, URL and notes can be drag&dropped into other windows.

Intuitive and Secure Windows Clipboard Handling
Just double-click on any field of the entry list to copy its value to the Windows clipboard.
Timed clipboard clearing: KeePass can clear the clipboard automatically some time after you've copied one of your passwords into it.

Searching and Sorting
You can search for specific entries in the databases.
To sort a password group, just click on one of the column headers in the password list, you can sort by any column.

Multi-Language Support
KeePass can be translated into other languages very easily.
Over 45 different languages are available!
See the translations page.

Strong Random Password Generator
KeePass can generate strong random passwords for you.
You can define the possible output characters of the generator (number of characters and type).
Random seeding through user input: mouse movement and random keyboard input.

Plugin Architecture
Other people can write plugins for KeePass.
Plugins can extend the functionality of KeePass, like providing additional import/export methods for other file formats.
Go to the plugins page for more information and plugin downloads.

Open Source
KeePass free and you have full access to its source code!
Open Source prevents backdoors. You can have a look at its source code and compile it yourself.
You can yourself check if the security is implemented correctly, you can, if you want, use any other encryption algorithm.
Opening the sources also encourages other people to port the application to other systems (PocketPC version already in development) or write translations.
KeePass is OSI Certified Open Source Software. OSI Certified is a certification mark of the Open Source Initiative.