Avendesora Collaborative Password Manager

Version: 1.8.6
Released: 2017-12-15
Please report all bugs and suggestions at Github (or contact me directly at avendesora@nurdletech.com).

What is Avendesora?

Avendesora holds all of your online account information. In addition to the username and password, it holds any account information you might want such as account numbers, PINs, verbal passwords, one-time passwords, security questions, URLs, email addresses, phone numbers, etc. Avendesora is a secure repository for all of this information, using GPG to keep the information safe.

Account secrets, such as passwords and such can either be saved, as with password vaults, or they can be generated by Avendesora. Generation is quite flexible and is generally preferred as it makes the secrets extremely hard to predict, in most cases eliminating the risk they could be cracked. Avendesora generates secrets from a random seed. The seed can be shared with a collaborator, and once shared, either collaborator can create new shared passwords.

You can query Avendesora directly from the command line. When doing so you can either display account information or copy it to the clipboard. You can also configure a hot-key to run Avendesora, in which case it determines which information is needed from context and then fills it into the active application. In this way Avendesora can directly enter account information into your browser, email client, shell, etc. The information Avendesora provides can be used to log you in, answer security questions, enter your credit card number, etc.

Avendesora is a program that is deeply steeped in Unix traditions. It operates primarily from the command line and leans heavily on programs you are likely already familiar with, such as Python, GPG, and Vim. As such, it should be both welcoming and powerful for those that are comfortable with Unix and its utilities. Also, it is fully open source, so you can change it if you do not like some aspect of it. Please consider contributing your enhancements back to the project. Here are some of the ways Avendesora differs from other available password managers:

  1. Completely offline
  2. Linux only
  3. Command line centric
  4. Completely free (free as in freedom and free as in beer)
  5. Supports collaboration
  6. Supports time-based one-time passwords (ala Google Authenticator)
  7. Uses GPG for encryption
  8. Written in Python
  9. Provides a Python API

Quick Tour

With Avendesora you create files that contain information about your accounts. Avendesora accesses that information and shows it to you when you need it. The files can be encrypted with GPG, and so are quite secure. The information itself is grouped into accounts, with an account consisting of both secret and non-secret information. The non-secret information includes such things as user names, email addresses, phone numbers, etc. The secret information includes passwords, pins, security questions and such. Information is free form. You decide what information you want to associate with an account, what you call it, and whether it is secret or not. There are two types of secrets: remembered secrets and generated secrets.

In general, it is best to use generated secrets if you can. They are preferred for two reasons. First, generated passwords are pretty much assured of having high entropy, and entropy in your passwords is like fiber in your diet, the more the better because it results in passwords that resist cracking. Second, you can easily share generated secrets with your collaborators without risk of exposing to secrets to others.

As a demonstration, consider adding an account for FasTrak, a payment service for toll roads in the San Francisco bay area. First you would add the account:

> avendesora add website

This indicates that Avendesora should create a new account in the default accounts file based on the website template.

Avendesora responds by opening your editor with a rough template containing the fields needed for a typical website account. You should modify it to suit your needs. For example, your entry for FasTrak might look like this:

class FasTrak(Account):
    aliases = 'fastrack fasttrack'
    username = 'orchid3649'
    email = 'orchid3649@yahoo.com'
    passcode = PasswordRecipe('12 2u 2d 2s')
    discovery = RecognizeURL(
        'https://www.bayareafastrak.org',
        script='{username}{tab}{passcode}{return}'
    )
    questions = [
        Question('What city were you born in?')
        Question('What was the name of you high school?')
    ]
    pin = PIN(length=4)

This is Python code. An account is created by declaring a subclass of Account. The account information is given as class attributes. Avendesora supports string, list, and dictionary attributes. You create secrets by instantiating a Secrets class. This example uses three different secrets, all of which are generated: PasswordRecipe(), Question() and PIN(). First consider PIN(). Notice that you do not give a PIN number, you instead just specify how long it should be. Avendesora generates a PIN for you at random. With PasswordRecipe() you do not specify the password, you specify how long it should be and what kind of characters it should use (in this case, 12 long including 2 uppercase, 2 digits, and 2 symbols). Question() is used to generate random answers to security questions. Again, you do not give the answer, you give the question and the answer is generated at random. It is the unpredictability of these values that make them secure.

Once the information is entered for your account, you can see the values by running the following commands (of course if you try this example your results will differ):

> avendesora value fastrak passcode
passcode: 0GPD;mc3XC?c

> avendesora value fastrak questions.0
questions.0 (What city were you born in?): voyager interview gaudy

> avendesora value fastrak pin
pin: 2728

You can also access the account values that are not secret in a similar manner:

> avendesora value fastrak username
username: orchid3649

The difference is that Avendesora erases secrets from the screen after displaying them for a minute, which is not done with non-secrets.

There are various tricks available to reduce the amount you type. For example:

> avendesora fastrak
username: orchid3649
passcode: 0GPD;mc3XC?c

If you give an account name without a command, the credentials command is run, which displays the username and password for the specified account.

> avendesora fastrak pin pin: 2728

In this case the account and field name was given, but not a command name. When more than one argument is given, and the first is not recognized as a command, the value command is run.

The discovery attribute is used by Avendesora to associate an account to a URL or URLs. You can visit the FasTrak website using:

> avendesora b fastrak

The b is short for browse (the most common Avendesora commands have single character aliases). Running that command opens your browser if it is not already open, and navigates to the FasTrak URL. Generally you would run this command directly from your window manager, which allows you to navigate to your account without opening a shell.

The information provided to discovery also allows the desired account to be recognized, which allows you to directly enter values into an application, in this case the web browser, with a single keystroke. To do so, you would associate Avendesora with a keyboard shortcut (a hot key), such as Alt-a (‘a’ for Avendesrsora) or Alt-p (‘p’ for password). Once the webpage is open, simply click on the Username field and type your shortcut (Alt-p). This runs Avendesora, which then looks at the current environment to determine which account to use. In the case of RecognizeURL() it is looking for the URL in the browser’s window title. Avendesora checks with all the accounts and finds that only FasTrak matches, at which point it executes the given script, which produces the user name and passcode.

This approach is a very secure way to access your account because:

  1. Using the browse command assures you are using a known-good URL, preventing you from being phished.
  2. If you do fall prey to a phishing scheme, Avendesora will not recognize the URL and so will not disclose your account credentials.
  3. Avendesora warns you if you are attempting to provide your account credentials to an insecure webpage (an http page rather than an https page).

Here are some other convenient Avendesora commands.

The edit command opens an account in your editor, allowing you to update the account values:

> avendesora edit amtrak

The find command finds accounts whose name contain a string of characters in the name or alias. Notice that I tend to add common misspellings as aliases.

> avendesora find track
track:
    amtrak (amtrack)
    fastrak (fastrack, fasttrack)
    python-bug-tracker

The search command finds accounts whose attributes contain a string of characters. Only attributes whose values are not secret are examined.

> avendesora search junior
junior:
    gmail
    fidelity

The values command prints out a summary of all the account attributes. The secrets are not printed with this command.

> avendesora values fastrak
names: fastrak, fastrack, fasttrack
email: orchid3649@yahoo.com
passcode: <reveal with 'avendesora value fastrak passcode'>
pin: <reveal with 'avendesora value fastrak pin'>
questions:
    0: What city were you born in? <reveal with 'avendesora value fastrak questions.0'>
    1: What was the name of you high school? <reveal with 'avendesora value fastrak questions.1'>
username: orchid3649

Finally, you can use the help command to get information on the various commands and other useful topics.

Contents:

Indices and tables