Hey everyone!

If server passwords are kept in a normal txt file, which OS will give them the best protection?

For example, consider the newest version of Microsoft Windows with all updates installed, plus a third-party antivirus and firewall.

Or the Linux system, maybe Debian, Fedora, or even the security-focused Kali Linux.

There's also the free UNIX-based OS from Berkeley University - FreeBSD, and its security-focused buddy, OpenBSD.

And as usual, here's a question in the question: Where will passwords be stolen quicker? In the saved sessions of programs used to connect to the server, like WinSCP, Total Commander, PuTTY or just a plain text file stored on your PC?

Thanks in advance for all your responses and opinions!

If we compare various operating systems and their ability to protect such a file, here's how they stack up:

Microsoft Windows: Even with the latest updates and third-party antivirus software, Windows can be vulnerable due to its large user base and frequent attacks. A plain text file with passwords can be easily accessed if an attacker gains access to the system. The Windows file system, especially if not properly configured, can also allow unauthorized access to such files.

Linux (Debian, Fedora, Kali): Linux distributions offer more robust file permission systems compared to Windows. However, the security of a plain text file still depends on proper file permissions and user access controls. Kali Linux, being a penetration testing distribution, might not be the best choice for regular use due to its inherent focus on security testing rather than everyday security. Debian and Fedora, while more general-purpose, still require proper configuration to protect sensitive information.

FreeBSD: This OS is known for its stability and strong security features. However, like Linux, protecting a plain text file would depend on correct file permissions and user management. FreeBSD generally has robust security practices but doesn't inherently protect a plain text file from being accessed if someone gains the necessary permissions.

OpenBSD: OpenBSD is renowned for its focus on security and has a strong track record of minimizing vulnerabilities. It has numerous built-in security features and defaults designed to protect system files and data. Nonetheless, a plain text file with passwords is still vulnerable if not properly protected with file permissions and encryption.

Session Saved Programs: Tools like WinSCP, Total Commander, and PuTTY often save session details, which may include passwords. These saved sessions can be a significant risk, especially if the application does not encrypt its configuration files or if the saved sessions are not secured by strong encryption. Such programs might store credentials in a less protected manner compared to OS-level file protections.

Among the operating systems and scenarios mentioned, OpenBSD would offer the best protection for a plain text file due to its rigorous security measures, but it still relies on correct file permissions and encryption. Conversely, a plain text file on Windows might be stolen quicker due to its general susceptibility to attacks and less stringent default security settings. For better security, passwords should always be stored using strong encryption methods, regardless of the operating system.

Look, if you're handling .txt files, then you're actually better off saving them on the operating system they was originally made for, like CP/M. This way, it's pretty much guaranteed that nobody's gonna steal or peek into them. The files will be so old school that modern attackers won't even know how to access them! Also, using such vintage systems adds a fun layer of security by obscurity, even if it's not the most practical solution.

If you're dealing with critical data, it's best to jot down your passwords in a notebook right next to your PC. Nowadays, we have tools like Google Authenticator, Ya.Klyuch, and dual-factor authentication using SMS. You shouldn't be using the same password across all platforms, because it's simply impossible to remember them all.

Speaking of the original post, on any OS, this device must be completely offline from the Internet to ensure security.

Linux distributions like Debian or Fedora provide a more robust security model, particularly when configured with proper permissions and user roles. FreeBSD and OpenBSD take it a step further with their security-focused design, making them less prone to exploits. However, storing passwords in plain text is inherently insecure regardless of the OS.

Passwords stored in applications like WinSCP or PuTTY can be more secure if these applications implement encryption and session management correctly. Yet, if a user's session is compromised, those credentials can be snatched quickly. Ultimately, avoiding plain text storage and using encrypted password managers is the best practice across all platforms.

The best OS for securing server passwords stored in text files is Linux, especially when configured with encryption (LUKS) and secure file permissions. Password managers also enhance security.

Linux is generally considered best for protecting server passwords in text files due to its robust file permission system and security tools. Using proper permissions, encryption, and security modules like SELinux further enhances password protection.