[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr / vt ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Due to resource constraints, /g/ and /tg/ will no longer be archived or available. Other archivers continue to archive these boards.Become a Patron!

/g/ - Technology

View post   

[ Toggle deleted replies ]
File: 76 KB, 640x400, serveimage-4.png [View same] [iqdb] [saucenao] [google] [report]
66032353 No.66032353 [Reply] [Original] [archived.moe] [rbt]

Does /g/ use a password manager?
Which one?
Do you host it yourself?

>> No.66032403

KeePass. Actually one of the big reasons I like it is because it doesn't bother with needing to "host" anything. It's an application that stores things in an encrypted file. It doesn't try to sync that file or do anything over the network or any other bullshit, and I can sync or back up or do whatever with it on my own like any other file.

>> No.66032414

That's how keepass works? Why is there like 10 different versions?

I like bitwarden cause it just werks plus open source.

>> No.66032448

>Which one?
Works on all my devices: laptop running Debian, desktop running Windows, phone running Android...
>Do you host it yourself?
I upload the encrypted password database to Dropbox. I have the database setup so that you need a password and a keyfile to decrypt. I carry the keyfile on a usb on a keychain and on my phone.

>> No.66032491

KeePass between my laptop and desktop synced through SSH with keyfile on a 8MB SD card.

>> No.66032499

>I upload the encrypted password database to Dropbox.

>> No.66032509

Well first it was a Windows application (KeePass 1.x) Then the dev wanted to switch to a new framework for more features and made 2.x, but kept maintaining 1.x for people who didn't need that stuff. (I think it also broke compatibility with old versions of windows, but I forget) Then there was KeePassX, which was the cross-platform port that brought it to Linux. Then the guy who was maintaining KeePassX stopped keeping it updated in a timely fashion, so some people forked it, hence KeePassXC.

Everything uses the same database file format except KeePass 1.x. All the versions of it can import KeePass 1.x databases though. You can use one password database across all platforms, it's just that the ports to those platforms got called different things.

>8MB SD card
I didn't know they ever made them that small

>> No.66032541

>Why is there like 10 different versions?
It's open source so there's a few different versions maintained by different people. Most common ones are KeePass 1, KeePass2, and KeePassX.

KeePass 1 was great but didn't run on Mac or Linux, so KeePassX was made to add more operating system support. KeePass 2 was made which added on a ton of extra features, one of which was Max/Linux support. However, I found KeePass 2 ran rather slow on my Linux machine so I use KeePassX on it instead.

>> No.66032546

It came with a digital camera I bought in 2004.

>> No.66032554
File: 5 KB, 243x207, index.jpg [View same] [iqdb] [saucenao] [google] [report]


>encrypted password database
>to dropbox

>> No.66032572

>he doesnt trust an open source password manager
>but he trusts an 'encrypted' database being uploaded to dropbox (some of these open source password managers do exactly this)
why are keepass fags so retarded?
what can we do to help them?

>> No.66032573

You realize you're eventually going to send your password to a website anyways right? YIKES.

>> No.66032575

password manager?--I BARELY KNOW HER

>> No.66032585

Please hack me. Steal all my passwords, Anon.

>> No.66032593

My human brain.
It always works when I am in a state where I would need a to enter a password.
Yes, I host it inside my skull.

>> No.66032601

>it's better that my passwords are all in one place in comparison to various websites
Whoa who let this genius in here

>> No.66032647
File: 76 KB, 703x911, 1518983009751.png [View same] [iqdb] [saucenao] [google] [report]

>he uses weak passwords
>he reuses passwords across sites
>all so he can memorize them
>when he's using a computer that can store huge amounts of information flawlessly

>> No.66032649

It's a tradeoff between security and convenience. I could keep the database on an encrpyted harddrive, inside a briefcase, handcuffed to my wrists at all times, but that's inconvenient. The passwords are encrypted. There's a chance that my encrypted passwords could be leaked but I'm hoping if a leak does happen I get some notice so I can proceed to change all my passwords before the encryption is cracked.

>> No.66032678

My passwords are not weak, the important ones are unique and for the non-important shit I use the first password I ever came up with.

>> No.66032684

if it's something that doesn't matter, just think of a password.

if it's something that matters, see if you can get multifactor authentication and used key-based authentication.

if it's ultra important LUKS in ephemeral storage and hope it never goes down

>> No.66032716

If you don't trust the encryption of your db or don't use a massive master password, then what is even the point?

>> No.66032730

And now KeepassXCE is batnaching off of X

>> No.66032735

If you can memorize them, they're weak. The thing that makes them weak is that people who crack leaked lists of password hashes know what kinds of passwords people tend to choose to make them more memorable. Human brains are very, very non-random.

Also all your passwords are important enough to be unique. Especially because the only reason for them not to be is memorability, which is the burden a password manager relieves you of. Why take some small risk on some sites when you could, with greater convenience, take no risk on any site?

>> No.66032751

Because you're giving someone infinite amount of time to crack your db

> might as well use lastpass

>> No.66032762

My Brain.
Also, a physical notebook for random passwords that I only use a couple times.

>> No.66032772


>> No.66032775

Is bitwarden any good?

>> No.66032811

I use a txt file

>> No.66032973

How do you use keepass across multiple devices? It seems like a pain to constantly move an encrypted file around.

>> No.66032985

An unnecessary tradeoff just so you can say you use keepass.
Isn't that weird?

>> No.66033020

I use it. It's pretty good, open source and doesn't require money to sync between PCs and phones.
You can self host your own passwords too.

>> No.66033080

I'm not trying to impress strangers on the internet by using keepass. I use it because its a convenient password manager but I want to be able to access my database of passwords from anywhere on any device. Uploading the database to dropbox allows that to happen. I realize it opens up the possibility of my password database of being stolen but I'm fine with that. If you don't approve I don't really care. It works for me. You can do whatever you want to do.

>> No.66033114

are you dense motherfucker
he's literally saying there are alternatives that do exactly what you're doing in far fewer steps
so is it really about convenience when you literally add in additional steps for absolutely no reason other than to use keepass over alternatives?
what in the flying fuck do you think bitwarden does?
dont play off that i dont really care bullshit you've stuck around this long

>> No.66033117

SQL table

>> No.66033119


>> No.66033144

iCloud Keychain (macOS + iOS)
stores web passwords, network share credentials, mobile app passwords etc

it just werks

>> No.66033167


How in fuck's name do you retarded cunts do anything different? I don't have to remember anything and my passwords are beyond guessable.

>> No.66033180

I have two passwords memorized that score 100% on password meter. I'm sorry you're just a brainlet.

>> No.66033261

I use bitwarden. It's great, and more than secure enough.

I'd use keepass, but the nice UI and cross-platform/device support seal the deal for me.

>> No.66033275

>having a second point of failure
no thanks, if the computers compromised you are fucked with or without a password manager.

>> No.66033288

>he's literally saying there are alternatives that do exactly what you're doing in far fewer steps
Well he's not literally saying that cause if he did than I would have agreed. I use Keepass because it's what I always used and I haven't researched a lot of the alternatives. OP was just "what password manager do you use?" not "what is the best way of storing passwords?" If Bitwarden is just Keepass that automatically uploads your password database to dropbox than it would be more convenient to use it over doing it manually.

Could have just said
"Why do you use keepass if you're going to upload your database manually all the time? Bitwarden is the same thing in less steps!"
And I would have said
"Neat, I didn't know that. Thanks, Anon."

>> No.66033345

this is retarded. if your computer is comprised, then it doesnt fucking matter what password storing method you use. the instant you enter it, it's going to be logged.

>> No.66033530

All produce same file format (.kbdx) /g/ only argue which better for the luls

>> No.66033551

Gnu Pass backed up to gitlab

>> No.66033578
File: 40 KB, 500x500, 84cc3e7c620f75370057719171aac408.jpg [View same] [iqdb] [saucenao] [google] [report]

>do you host it yourself
I host my password database on a private git repo somewhere. How compromised am I?

>> No.66033960

This. Doesn't matter if you store it on your computer or memorize it, you're just as fucked either way.
2FA or nothing. Preferably with a offline authenticator app because SMS 2FA is laughably insecure.

>> No.66033971

>not remembering your 20+ character passwords
>relying on botnet software to store your passwords

oh boy is it summer already?

>> No.66034058

Not every site has 2FA though.

>> No.66034061


>> No.66034119

The most important ones (email, bank, etc) do. Ones that would cause you intense butthurt if you had the credentials to stolen.

>> No.66034183

>I am dumb normie
>you must be dumb normie
I obviously won't give you my password, but some are along these lines "[email protected]!", crack that, faggot.

>> No.66034377

https://www.passwordstore.org/ + git

>> No.66034814

Wow you're relying on a notoriously insecure single point of failure for all of your passwords?

>> No.66034849
File: 36 KB, 622x352, aHR0cDovL21lZGlhLmJlc3RvZm1pY3JvLmNvbS9BLzkvNzMwMDE3L29yaWdpbmFsL0xpdmVzY3JpYmUtMy1TbWFydHBlbi1CbGFjay1FZGl0aW9uLTE2eDktMDA3LmpwZw==.jpg [View same] [iqdb] [saucenao] [google] [report]

>storing your passwords on a computer
lmao dumbfucks

>> No.66035256

>stores passwords to a txt file and save it in some flashdrive
10/10 i could say

>> No.66035411

Keepass 2 installed by Chocolatey as password manager.
Self hosted Nextcloud to sync.
KyPass on iPhone.

>> No.66035443

You chuckleheads realize the database is useless with out the password and, in
case, a second keyfile. It doesn't matter if he saved the damn thing to google drive, unless they get his password and keyfile its useless.

>> No.66035461


I memorize all my passwords
so you can say self-hosted

>> No.66035492

Unix pass + browserpass-ce + private git meme + password store android

>> No.66035539

>I have two passwords memorized
Yeah, good job with that. And my password manager has 624 currently.

>> No.66035663
File: 125 KB, 1280x852, CC.jpg [View same] [iqdb] [saucenao] [google] [report]

>have a keypass but barely uses it
>have a written notebook with my administrative documents with key passwords encrypted with a basic Caesar cipher

How retarded am I ?

>> No.66035690

Ever heard of a piece of paper and a safe?

>> No.66035717

For websites that have unlimited length passwords, I find the readme from a random program and copy and paste the whole thing into the password slot.
For others, I use some random letters I typed a few years ago and memorized. It's basically a flawless password, but I need to come up with a new one because using the same password for all my bank/credit card things kind of scares me.

>> No.66035784

keepass(xc) and syncthing

the versioning system in syncthing is about as good as it can be for versioning an encrypted file, not sure I'd trust it if I were updating passwords on different machines simultaneously, but it does the job otherwise.

>> No.66035860

> Which one?
> Why?
Supported across all my devices (iOS and macOS)
> Do you host it yourself?
I use iCloud for that

>> No.66035972

I use an encrypted text file

>> No.66036141

I use BitWarden. All open source. I pay 10 bucks per year but don't use the paid features. I want 2FAA to be separated from them.

>> No.66036245

Been using 1Password for years now but it seems (((AglieBits))) changed shit up regarding pricing with the new version so I'm now looking at alternatives. I'm seeing BitWarden get mentioned most besides KeePass and its variants.

>> No.66036262

Has anything you need if you're too poor to pay. Open source but more professional than Keepass.

>> No.66036348

Synced between devices with Onedrive

>> No.66036360

Okay I have a noob question. I sync my keypass database through syncthing to my seedbox which is hosted by a seedbox company.

Whats wrong with doing this? I think I have a strong password and it's encrypted.

What alternatives should I do? I guess I could use syncthing only between the devices I own but with the server one device is always online. What is bitwarden?

>> No.66036419

Any thoughts on MacPass for us Applel faggots? Looks like a nicer front end to KeePass https://macpassapp.org/

>> No.66036429

eggs ACK LEE

>> No.66036528

chad Dashlane

>> No.66036554

Added this pattern, thanks anon.
If you have scheme for passwords, never tell anyone.

>> No.66036770

get the google sync plugin

everytime you save your database, it'll be saved on google drive

>> No.66036824

>needing to "host" a password manager
Anyway, yes, I use KeePassX. Brainlets who don't use a password manager in 2018 either have to remember only their Facebook passwords or use insecure passwords.

>> No.66036841

As long as the database is encrypted and its master password is strong enough (although it would be even better to also use a key file) I think you should be safe. Even if they were hacked and criminals got access to your keepass database, it's useless for them if they can't decrypt it.

>> No.66036848

Can a piece of paper automatically generate strong passwords?

>> No.66038553

>Which one?
keep ass
no botnet
>Do you host it yourself?

>> No.66039005

ok I've used lastpass for years

redpill me on it, since none of you nerds seem to be using it

>> No.66039170

You know that encryption algorithms sometimes are broken right?

>> No.66039224

>not use password.txt

>> No.66039244

No need to sync because the password is re-generated each time via an algorithm.

>> No.66039270
File: 78 KB, 470x595, Devilish_4a1cb5_6238404[1].jpg [View same] [iqdb] [saucenao] [google] [report]

i have both my keepass database and keyfile uploaded to onedrive

>> No.66039271

it actually just works and is secure so /g/ hates it because it does it's job without autistic tinkering and configuring.

>> No.66039466
File: 1.31 MB, 450x450, 1526901984697.gif [View same] [iqdb] [saucenao] [google] [report]

I have a clear list on my gDrive.
I just write password hints.

One part is online, one part in my head.
No third party app or shit that can access everything.

Mine is like


, but it's the same idea.
No site has the same password. Uppercase, symbol and number requirement met with the 6 last characters.
Easy to remember.

>> No.66039594



>> No.66039722

sync via dropbox

>> No.66039885

lmao, might as well use one password only.

back to /a/ or /v/

>> No.66040022

.txt in encrypted file container (with key files)

>> No.66041927

Wow you're relying on a networked machine?

>> No.66042354

I feel like I should definitely start using a password manager but changing my passwords for all the sites would take effort.

>> No.66042780

Not more then an hour honestly. Only change the ones which you deem critical, i.e. payservices, social net accs and so on. Ignore websites with no important data access to you, you know anonymous boards etc

At most you have to change your mail, 3 social net including google, paypal and Amazon mayhaps

>> No.66042803

t. person who doesnt know the difference between KP2, KPX, and KPXC

>> No.66044571

So why wouldn't you just use bitwarden at that point? It seems more convenient.

>> No.66044588

I'm breddy sure all 3 can open the same encrypted database files so in reality I'd say the differences are largely cosmetic.

>> No.66045243


>> No.66045270

XC has a ssh agent built in that i make use of

>> No.66045428

Open source with a goof FLOSS license is the only way to go. There are only 2.5 sub categories under this.

First is something online/hosted. These must be end to end encrypted and do all decrypt locally. Right now only Bitwarden and Passman qualify. Bitwarden is it's own app / server you can host or use theirs, Passman is an app for Nextcloud so you need a Nextcloud instance somewhere.

Second is database style of which KeePass is probably the best. There are various apps that can open latest gen KeePass databases depending on platform. I suggest either KeePass 2.xx ( from KeePass.info) or KeepassXC on PCs, and Keepass2Android or KeePassDX on Android. There are ancellary plugins and utils too giving tons of function.

Last part is not recommended, which is a password hasher like supergenpass or master password. These have some weaknesses in that you can't save any real info on the site / entry etc and that all of your passwords are hashed from a single unchangeable hash/master password.

>> No.66045470
File: 1.99 MB, 3351x2219, swings-and-roundabouts-4f006c2ad8eed_hires (1).jpg [View same] [iqdb] [saucenao] [google] [report]

dropbox. Even if someone manages to hack my dropbox (& tbhm8 I've got bigger problems then than them getting my 9gag login!) it's still encrypted. If you're really paranoid pop it into an encrypted zip or rar...

>> No.66045548

Keepass. I would never consider allowing someone or some shit ass web service run out of a garage to do this for me.

>> No.66045580

Index cards nigga

>> No.66047000

You all realize that bit warden is actually just one guy?
Go look at the github project.

>> No.66047234

Takes maybe a few minutes with a modern dictionary/permutation cracker.

>> No.66047253

>i only use the open soiurce and 100% safe keepass softwere to save my passwobs
>password mangager
literally pen and paper is safer than any password mananger ever
let's face it, you're a /g/ tech enthousiast not an fbi wanted criminal
no one is ever going to seach your home searching for passwords

>> No.66047273

I used to use Bitwarden, but I ended up switching back to Keepass XC. Bitwarden has no minimizing to tray, so it was constantly open.

>> No.66047370

>leaving your password manager open at all times
That's like leaving your notebook with passwords written in it open on your desk.

>> No.66047386

>he doesn't live alone
Anon... I...

>> No.66047399

You only run the password manager and nothing else (not even an OS) on your computer? Keep in mind any app can potentially read the working memory of another app.

>> No.66047445

I don't run much in the way of non-FOSS applications. If my OS is reading my memory, even a moment of having the database open would be enough for my passwords to be harvested. Might as well just keep it open.

>> No.66047463

>even a moment of having my front door unlocked would be enough for a mugger to come in and stab me so i might as well leave it unlocked

>> No.66047485

I have a firewall to block unwanted network connections (in the case of the few non-FOSS applications and my OS itself), run certain things sandboxed, and use common sense for anything else.

>> No.66047543

why just not use browser addon?

>> No.66047803

and I'm the pope.

Name (leave empty)
Comment (leave empty)
Password [?]Password used for file deletion.