I’m sure most people these days are familiar with how important using strong passwords are – don’t use common words, don’t have a short password and, probably the most important one – never reuse passwords between online accounts…
Now it’s all well and good to be using unique and hard-to-remember passwords for all your accounts, but with it arises the issue of remembering them. Unless you’re some form of cyborg, you can’t – especially considering the amount of online accounts individuals have these days. I have 80+ in my password manager alone, and I’m sure that’s probably not all of them.
Writing your passwords down on paper could be a way to go, but you always run the risk of either losing the paper they’re written on or even worse, some nasty person gets hold of it.
Password managers have increased in popularity in recent years, and have come along way over the last decade or so. LastPass and Dashlane are the most popular multi-platform password managers, utilising the cloud to store your passwords – which are protected by a master password and two-factor authentication. My OS X and Windows machines are running Dashlane, which is pretty nifty in that it auto-populates login fields on the Internet – but it doesn’t cover me when I’m using my RISC OS machines…
So I thought I’d take a look at what options we have available to us on RISC OS, all of which store passwords locally on your machine – which although it’s considered a security risk on other platforms, the risk of your passwords being obtained maliciously from your RISC OS machine as a result of malware or an unauthorised access attack is relatively low.
Passman by Kevin Wells – Developed natively by Kevin Wells, Passman is a desktop utility for RISC OS that is designed to serve as a single user password manager. Specifically geared towards login fields on websites, it makes it easy to enter the username/password combo for a previously stored website by allowing you to put the cursor in the username field for the site, and then clicking the relevant button in Passman.
The one downside is that although Passman is secured by a master password, the passwords it stores aren’t encrypted, so although RISC OS is relatively safe from malware attacks and vulnerability exploits, the passwords can still be obtained by malicious 3rd party if they really want to get their hands on them.
Compatibility-wise, the application runs well on my Raspberry Pi 2 running RISC OS 5.22 and has also not had any issues running on my RiscPC running RISC OS 4.
Qupzilla, ported by Chris Gransden – QupZilla is a lightweight, fast web browsed based on the QtWebEngine browser, it’s come a long way since it was first released in 2010. It now features an RSS reader, Extension Support, a spell checker and, a Password Manager. Ported to RISC OS a few months ago by Chris Gransden, Qupzilla runs on any modern version of RISC OS – I tested this on my Raspberry Pi 2 running RISC OS 5.22 without encountering any problems. It won’t be compatible with older, 26-bit systems like the RiscPC however.
The browser’s built-in password manager stores passwords locally, and just like Passman, it requires a master password to get into your password list. Unfortunately, passwords are not encrypted but as it’s an in-browser feature it makes it very easy to copy over passwords into login forms, and adds an added level of convenience when compared to using a separate passwords manager application.
Overall, password management on RISC OS has improved massively over the last few years, with two free and very usable software solutions out there. The only downside is that both solutions don’t currently encrypt the passwords, which could mean a malicious third party could nab the file(s) containing the passwords if they put their mind to it.
Most tenured RISC OS users will undoubtedly have used telnet in the past in order to obtain command line access to systems. Access machines via telnet however is somewhat of a big no-no these days due to the protocol’s vulnerability to attack from a number of different angles.
SSH however, is a far more capable protocol, that allows for a secure, encrypted connection between the client and server.
OpenSSH and PuTTY are the most widely used SSH clients across all major platforms. Both have been ported to RISC OS, although they’re not the only options available for anyone looking to administer servers or other remote machines from their RISC OS desktop.
Nettle has been the dominant terminal emulator and telnet client for RISC OS for decades – with its speedy display as well as fast native implementation it’s ease of use has surpassed other alternatives.
More recently, Nettle has supported SSH2 natively – allowing for easy SSH access in a full colour GUI enviroment.
A nice feature with Nettle is its Hotlist feature, which gives you the ability to save connections that you connect to regularly to save typing in host details every time you want to connect.
Without a doubt this is the most complete SSH client available on RISC OS today. The only features it lacks compared to say PuTTY on Windows is the ability use authentication keys and utilise the use of proxies to access the remote server.
Natively supported in their terminal offerings by most Linux distributions, OS X and more recently Windows (Powershell), Open SSH is a set of network-level utilities – namely ssh, scp and sftp amongst other utilities.
A command line port of OpenSSH is available for RISC OS, it can be run from the TaskWindow (F12) and uses the same commands as you would on Linux or OS X implementation of OpenSSH.
Operationally, the RISC OS port works well. I have used it in length and it hasn’t thrown up any issues – although graphically it is not great to look at and it doesn’t offer any bells and whistles that you might get with graphical clients.
OpenSSH comes in very useful if you’re wanting to transfer files to remote machines through rsync – which depends on the suite.
One problem however is the RISC OS version is not up-to-date, which could be a big red flag for a security conscious user. The RISC OS port is currently at version 6.0p1-1 where as the main version is currently at 7.2p2.
The popular client for Windows was ported to RISC OS in 2005 – but it is no longer available officially, presumably because it lacked a frontend and was a port of an old version – which would make it vulnerable to a whole host of known vulnerabilities with older versions of the program.
Theo Markettos, who ported PuTTY to RISC OS, has however released ports of other PuTTY tools that are still available for download (pscp, psftp etc).
RISCOS Ltd and Castle Technology were fighting with their own branches of the operating system, 26-bit RISC OS 4 & 6 and 32-bit RISC OS 5. Both closed source, and both running on limited hardware. Your choice was to run RISC OS 5 on an Iyonix, a sort-of 32-bit version of RISC OS Adjust on the A9Home or you’d have to opt for a legacy machine, a such as the RiscPC. All of which were not the cheapest to get your hands on, especially if you opted for a MicroDigital Omega and never saw your machine or your money again.
Thankfully, things have moved on massively since – and not only is RISC OS now open-source, it is developing at an ever-growing pace. The range of hardware to run it on is now mind-blowing, be it a DIY option such as a Beagle/Pandaboard or the Raspberry Pi, or a commercial solution such as the ARMX6 or the Rapido IG.
None of this could have been possible without the tireless work from the guys over at RISC OS Open – who since their inception have worked has been an enterprise powered by the efforts of people working in their spare-time and not for a profit.
RISC OS has never been in better shape – the userbase is growing, software development is active, heck there’s even a commercial games scene now – a sight I never thought I’d see again after the Artex Software’s departure from the RISC OS market following the release of TEK 1608 in 2002.
Thanks for the hard work ROOL – and here’s to the next ten years!