Password Managers

A password manager is an application or app that stores passwords, PINs and other secrets in a safe manner. They usually require you to remember one single master password (which should be good) that grants you access to all the passwords that are stored in an encrypted database. Often this database is stored on a service and accessible over the internet for synchronization.

Security and Legal Aspects

The BOT prohibits students and members of ETH to store their passwords on services like 1Password, LastPass that store the password database on their own servers, outside Swiss jurisdiction.

Such services are also a huge target for criminals and have been compromised in the past. A resourceful attacker who can get the encrypted passwords or the encrypted master password (or a government organization legally entitled to secretly obtain them) can be expected to be able to obtain the stored credentials somehow.

The few password managers that comply to the BOT and can be configured for safe usage are:

Enpass

We recommend to use Enpass because it has all the features you would expect from a modern password manager:

  • It is available on all modern platforms, including mobile phones.
  • Integration with browsers on many platforms to fill in passwords without typing.
  • Synchronization of the data among several installed Enpass applications/apps over Polybox.
  • The mobile apps are free for storing up to 20 passwords.

Installation

Get the application from the Enpass website for the platform of your choice. The mobile apps are available from the respective app store.

When installing it for the first time, choose no synchronization method during the setup process and activate synchronization afterwards. Otherwise choose WebDav/ownCloud synchronization and use the settings below.

Synchronization over Polybox

Synchronization is recommended not only for keeping several Enpass applications in sync but to also have a backup of the database.

To synchronize over Polybox choose to sync with WebDav/ownCloud and set synchronization up as follows:

URL https://polybox.ethz.ch/remote.php/webdav/
Username your ETH user name
Password your ETH password for email

When You Leave ETH

Once you have left ETH and your ETH user accounts have been disabled, you can simply change synchronization to one of the other options such as iCloud, Dropbox, etc. to keep using Enpass.

Page URL: https://isg.inf.ethz.ch/bin/view/Main/HelpUserAccountsPasswordManagers
2019-09-18
© 2019 Eidgenössische Technische Hochschule Zürich