Quantcast
[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr / vt ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Due to resource constraints, /g/ and /tg/ will no longer be archived or available. Other archivers continue to archive these boards.Become a Patron!

/g/ - Technology


View post   

[ Toggle deleted replies ]
File: 76 KB, 640x400, serveimage-4.png [View same] [iqdb] [saucenao] [google] [report]
66032353 No.66032353 [Reply] [Original] [archived.moe] [rbt]

Does /g/ use a password manager?
Which one?
Why?
Do you host it yourself?

>> No.66032403

>>66032353
KeePass. Actually one of the big reasons I like it is because it doesn't bother with needing to "host" anything. It's an application that stores things in an encrypted file. It doesn't try to sync that file or do anything over the network or any other bullshit, and I can sync or back up or do whatever with it on my own like any other file.

>> No.66032414

>>66032403
That's how keepass works? Why is there like 10 different versions?

I like bitwarden cause it just werks plus open source.

>> No.66032448

>>66032353
>Which one?
KeePass
>Why?
Works on all my devices: laptop running Debian, desktop running Windows, phone running Android...
>Do you host it yourself?
I upload the encrypted password database to Dropbox. I have the database setup so that you need a password and a keyfile to decrypt. I carry the keyfile on a usb on a keychain and on my phone.

>> No.66032491

>>66032353
KeePass between my laptop and desktop synced through SSH with keyfile on a 8MB SD card.

>> No.66032499

>>66032448
>I upload the encrypted password database to Dropbox.
YIKES

>> No.66032509

>>66032414
Well first it was a Windows application (KeePass 1.x) Then the dev wanted to switch to a new framework for more features and made 2.x, but kept maintaining 1.x for people who didn't need that stuff. (I think it also broke compatibility with old versions of windows, but I forget) Then there was KeePassX, which was the cross-platform port that brought it to Linux. Then the guy who was maintaining KeePassX stopped keeping it updated in a timely fashion, so some people forked it, hence KeePassXC.

Everything uses the same database file format except KeePass 1.x. All the versions of it can import KeePass 1.x databases though. You can use one password database across all platforms, it's just that the ports to those platforms got called different things.

>>66032491
>8MB SD card
I didn't know they ever made them that small

>> No.66032541

>>66032414
>Why is there like 10 different versions?
It's open source so there's a few different versions maintained by different people. Most common ones are KeePass 1, KeePass2, and KeePassX.

KeePass 1 was great but didn't run on Mac or Linux, so KeePassX was made to add more operating system support. KeePass 2 was made which added on a ton of extra features, one of which was Max/Linux support. However, I found KeePass 2 ran rather slow on my Linux machine so I use KeePassX on it instead.

>> No.66032546

>>66032509
It came with a digital camera I bought in 2004.

>> No.66032554
File: 5 KB, 243x207, index.jpg [View same] [iqdb] [saucenao] [google] [report]
66032554

>>66032448

>encrypted password database
>to dropbox

>> No.66032572

>he doesnt trust an open source password manager
>but he trusts an 'encrypted' database being uploaded to dropbox (some of these open source password managers do exactly this)
why are keepass fags so retarded?
what can we do to help them?

>> No.66032573

>>66032499
>YIKES
You realize you're eventually going to send your password to a website anyways right? YIKES.

>> No.66032575

>>66032353
password manager?--I BARELY KNOW HER

>> No.66032585

>>66032554
Please hack me. Steal all my passwords, Anon.

>> No.66032593

Yes.
My human brain.
It always works when I am in a state where I would need a to enter a password.
Yes, I host it inside my skull.

>> No.66032601

>>66032573
>it's better that my passwords are all in one place in comparison to various websites
Whoa who let this genius in here

>> No.66032647
File: 76 KB, 703x911, 1518983009751.png [View same] [iqdb] [saucenao] [google] [report]
66032647

>>66032593
>he uses weak passwords
>he reuses passwords across sites
>all so he can memorize them
>when he's using a computer that can store huge amounts of information flawlessly

>> No.66032649

>>66032601
It's a tradeoff between security and convenience. I could keep the database on an encrpyted harddrive, inside a briefcase, handcuffed to my wrists at all times, but that's inconvenient. The passwords are encrypted. There's a chance that my encrypted passwords could be leaked but I'm hoping if a leak does happen I get some notice so I can proceed to change all my passwords before the encryption is cracked.

>> No.66032678

>>66032647
My passwords are not weak, the important ones are unique and for the non-important shit I use the first password I ever came up with.

>> No.66032684

>>66032353
if it's something that doesn't matter, just think of a password.

if it's something that matters, see if you can get multifactor authentication and used key-based authentication.

if it's ultra important LUKS in ephemeral storage and hope it never goes down

>> No.66032716

>>66032554
>>66032499
If you don't trust the encryption of your db or don't use a massive master password, then what is even the point?

>> No.66032730

>>66032541
And now KeepassXCE is batnaching off of X

>> No.66032735

>>66032678
If you can memorize them, they're weak. The thing that makes them weak is that people who crack leaked lists of password hashes know what kinds of passwords people tend to choose to make them more memorable. Human brains are very, very non-random.

Also all your passwords are important enough to be unique. Especially because the only reason for them not to be is memorability, which is the burden a password manager relieves you of. Why take some small risk on some sites when you could, with greater convenience, take no risk on any site?

>> No.66032751

>>66032716
Because you're giving someone infinite amount of time to crack your db

> might as well use lastpass

>> No.66032762

My Brain.
Also, a physical notebook for random passwords that I only use a couple times.

>> No.66032772

>>66032353
Brain.bat

>> No.66032775

Is bitwarden any good?

>> No.66032811

I use a txt file

>> No.66032973

How do you use keepass across multiple devices? It seems like a pain to constantly move an encrypted file around.

>> No.66032985

>>66032649
An unnecessary tradeoff just so you can say you use keepass.
Isn't that weird?

>> No.66033020

>>66032775
I use it. It's pretty good, open source and doesn't require money to sync between PCs and phones.
You can self host your own passwords too.

>> No.66033080

>>66032985
I'm not trying to impress strangers on the internet by using keepass. I use it because its a convenient password manager but I want to be able to access my database of passwords from anywhere on any device. Uploading the database to dropbox allows that to happen. I realize it opens up the possibility of my password database of being stolen but I'm fine with that. If you don't approve I don't really care. It works for me. You can do whatever you want to do.

>> No.66033114

>>66033080
are you dense motherfucker
he's literally saying there are alternatives that do exactly what you're doing in far fewer steps
so is it really about convenience when you literally add in additional steps for absolutely no reason other than to use keepass over alternatives?
what in the flying fuck do you think bitwarden does?
dont play off that i dont really care bullshit you've stuck around this long

>> No.66033117

>>66032353
SQL table

>> No.66033119

KeePassXC

>> No.66033144

>>66032353
iCloud Keychain (macOS + iOS)
stores web passwords, network share credentials, mobile app passwords etc

it just werks

>> No.66033167

>[phrase]servicename[number]

How in fuck's name do you retarded cunts do anything different? I don't have to remember anything and my passwords are beyond guessable.

>> No.66033180

>>66032735
I have two passwords memorized that score 100% on password meter. I'm sorry you're just a brainlet.

>> No.66033261

I use bitwarden. It's great, and more than secure enough.

I'd use keepass, but the nice UI and cross-platform/device support seal the deal for me.

>> No.66033275

>having a second point of failure
no thanks, if the computers compromised you are fucked with or without a password manager.

>> No.66033288

>>66033114
>he's literally saying there are alternatives that do exactly what you're doing in far fewer steps
Well he's not literally saying that cause if he did than I would have agreed. I use Keepass because it's what I always used and I haven't researched a lot of the alternatives. OP was just "what password manager do you use?" not "what is the best way of storing passwords?" If Bitwarden is just Keepass that automatically uploads your password database to dropbox than it would be more convenient to use it over doing it manually.

Could have just said
"Why do you use keepass if you're going to upload your database manually all the time? Bitwarden is the same thing in less steps!"
And I would have said
"Neat, I didn't know that. Thanks, Anon."

>> No.66033345

>>66033275
this is retarded. if your computer is comprised, then it doesnt fucking matter what password storing method you use. the instant you enter it, it's going to be logged.

>> No.66033530

>>66032414
All produce same file format (.kbdx) /g/ only argue which better for the luls

>> No.66033551

Gnu Pass backed up to gitlab

>> No.66033578
File: 40 KB, 500x500, 84cc3e7c620f75370057719171aac408.jpg [View same] [iqdb] [saucenao] [google] [report]
66033578

>>66032353
>do you host it yourself
I host my password database on a private git repo somewhere. How compromised am I?

>> No.66033960

>>66033345
This. Doesn't matter if you store it on your computer or memorize it, you're just as fucked either way.
2FA or nothing. Preferably with a offline authenticator app because SMS 2FA is laughably insecure.

>> No.66033971

>>66032353
>not remembering your 20+ character passwords
>relying on botnet software to store your passwords

oh boy is it summer already?

>> No.66034058

>>66033960
Not every site has 2FA though.

>> No.66034061

keepass

>> No.66034119

>>66034058
The most important ones (email, bank, etc) do. Ones that would cause you intense butthurt if you had the credentials to stolen.

>> No.66034183

>>66032735
>I am dumb normie
>you must be dumb normie
I obviously won't give you my password, but some are along these lines "[email protected]!", crack that, faggot.

>> No.66034377

https://www.passwordstore.org/ + git

>> No.66034814

>>66032593
Wow you're relying on a notoriously insecure single point of failure for all of your passwords?

>> No.66034849
File: 36 KB, 622x352, aHR0cDovL21lZGlhLmJlc3RvZm1pY3JvLmNvbS9BLzkvNzMwMDE3L29yaWdpbmFsL0xpdmVzY3JpYmUtMy1TbWFydHBlbi1CbGFjay1FZGl0aW9uLTE2eDktMDA3LmpwZw==.jpg [View same] [iqdb] [saucenao] [google] [report]
66034849

>storing your passwords on a computer
lmao dumbfucks

>> No.66035256

>me
>stores passwords to a txt file and save it in some flashdrive
10/10 i could say

>> No.66035411

>>66032353
Keepass 2 installed by Chocolatey as password manager.
Self hosted Nextcloud to sync.
KyPass on iPhone.

>> No.66035443

>>66032499
>>66032554
You chuckleheads realize the database is useless with out the password and, in
>>66032448
case, a second keyfile. It doesn't matter if he saved the damn thing to google drive, unless they get his password and keyfile its useless.

>> No.66035461

>>66032353

I memorize all my passwords
so you can say self-hosted

>> No.66035492

Unix pass + browserpass-ce + private git meme + password store android

>> No.66035539

>>66033180
>I have two passwords memorized
Yeah, good job with that. And my password manager has 624 currently.

>> No.66035663
File: 125 KB, 1280x852, CC.jpg [View same] [iqdb] [saucenao] [google] [report]
66035663

>have a keypass but barely uses it
>have a written notebook with my administrative documents with key passwords encrypted with a basic Caesar cipher

How retarded am I ?

>> No.66035690

Ever heard of a piece of paper and a safe?

>> No.66035717

For websites that have unlimited length passwords, I find the readme from a random program and copy and paste the whole thing into the password slot.
For others, I use some random letters I typed a few years ago and memorized. It's basically a flawless password, but I need to come up with a new one because using the same password for all my bank/credit card things kind of scares me.

>> No.66035784

keepass(xc) and syncthing

the versioning system in syncthing is about as good as it can be for versioning an encrypted file, not sure I'd trust it if I were updating passwords on different machines simultaneously, but it does the job otherwise.

>> No.66035860

>>66032353
> Which one?
1password
> Why?
Supported across all my devices (iOS and macOS)
> Do you host it yourself?
I use iCloud for that

>> No.66035972

>>66032353
I use an encrypted text file

>> No.66036141

>>66032353
I use BitWarden. All open source. I pay 10 bucks per year but don't use the paid features. I want 2FAA to be separated from them.

>> No.66036245

>>66032353
Been using 1Password for years now but it seems (((AglieBits))) changed shit up regarding pricing with the new version so I'm now looking at alternatives. I'm seeing BitWarden get mentioned most besides KeePass and its variants.

>> No.66036262

>>66036245
>BitWarden
Has anything you need if you're too poor to pay. Open source but more professional than Keepass.

>> No.66036348

>>66032353
Keepass
Synced between devices with Onedrive

>> No.66036360

Okay I have a noob question. I sync my keypass database through syncthing to my seedbox which is hosted by a seedbox company.

Whats wrong with doing this? I think I have a strong password and it's encrypted.

What alternatives should I do? I guess I could use syncthing only between the devices I own but with the server one device is always online. What is bitwarden?

>> No.66036419

Any thoughts on MacPass for us Applel faggots? Looks like a nicer front end to KeePass https://macpassapp.org/

>> No.66036429

>>66034849
eggs ACK LEE

>> No.66036528

chad Dashlane

>> No.66036554

>>66033167
Added this pattern, thanks anon.
If you have scheme for passwords, never tell anyone.

>> No.66036770

>>66032973
get the google sync plugin

everytime you save your database, it'll be saved on google drive

>> No.66036824

>needing to "host" a password manager
Anyway, yes, I use KeePassX. Brainlets who don't use a password manager in 2018 either have to remember only their Facebook passwords or use insecure passwords.

>> No.66036841

>>66036360
As long as the database is encrypted and its master password is strong enough (although it would be even better to also use a key file) I think you should be safe. Even if they were hacked and criminals got access to your keepass database, it's useless for them if they can't decrypt it.

>> No.66036848

>>66035690
Can a piece of paper automatically generate strong passwords?

>> No.66038553

>>66032353
>Which one?
keep ass
>Why?
no botnet
>Do you host it yourself?
>host

>> No.66039005

ok I've used lastpass for years

redpill me on it, since none of you nerds seem to be using it

>> No.66039170

>>66032448
You know that encryption algorithms sometimes are broken right?

>> No.66039224

>>66032353
>not use password.txt

>> No.66039244

masterpassword.app
No need to sync because the password is re-generated each time via an algorithm.

>> No.66039270
File: 78 KB, 470x595, Devilish_4a1cb5_6238404[1].jpg [View same] [iqdb] [saucenao] [google] [report]
66039270

i have both my keepass database and keyfile uploaded to onedrive

>> No.66039271

>>66039005
it actually just works and is secure so /g/ hates it because it does it's job without autistic tinkering and configuring.

>> No.66039466
File: 1.31 MB, 450x450, 1526901984697.gif [View same] [iqdb] [saucenao] [google] [report]
66039466

I have a clear list on my gDrive.
I just write password hints.

One part is online, one part in my head.
No third party app or shit that can access everything.

>>66033167
Mine is like

[num]serveiceinitials[phrase]C====3

, but it's the same idea.
No site has the same password. Uppercase, symbol and number requirement met with the 6 last characters.
Easy to remember.

>> No.66039594

>>66033117

Encrypted?

>> No.66039722

keepass
keepass2android
sync via dropbox

>> No.66039885

lmao, might as well use one password only.

back to /a/ or /v/

>> No.66040022

.txt in encrypted file container (with key files)

>> No.66041927

>>66034814
Wow you're relying on a networked machine?

>> No.66042354

I feel like I should definitely start using a password manager but changing my passwords for all the sites would take effort.

>> No.66042780

>>66042354
Not more then an hour honestly. Only change the ones which you deem critical, i.e. payservices, social net accs and so on. Ignore websites with no important data access to you, you know anonymous boards etc

At most you have to change your mail, 3 social net including google, paypal and Amazon mayhaps

>> No.66042803

>>66033530
t. person who doesnt know the difference between KP2, KPX, and KPXC

>> No.66044571

>>66036770
So why wouldn't you just use bitwarden at that point? It seems more convenient.

>> No.66044588

>>66042803
I'm breddy sure all 3 can open the same encrypted database files so in reality I'd say the differences are largely cosmetic.

>> No.66045243

>>66032973
rsync

>> No.66045270

>>66044588
XC has a ssh agent built in that i make use of

>> No.66045428

Open source with a goof FLOSS license is the only way to go. There are only 2.5 sub categories under this.

First is something online/hosted. These must be end to end encrypted and do all decrypt locally. Right now only Bitwarden and Passman qualify. Bitwarden is it's own app / server you can host or use theirs, Passman is an app for Nextcloud so you need a Nextcloud instance somewhere.

Second is database style of which KeePass is probably the best. There are various apps that can open latest gen KeePass databases depending on platform. I suggest either KeePass 2.xx ( from KeePass.info) or KeepassXC on PCs, and Keepass2Android or KeePassDX on Android. There are ancellary plugins and utils too giving tons of function.

Last part is not recommended, which is a password hasher like supergenpass or master password. These have some weaknesses in that you can't save any real info on the site / entry etc and that all of your passwords are hashed from a single unchangeable hash/master password.

>> No.66045470
File: 1.99 MB, 3351x2219, swings-and-roundabouts-4f006c2ad8eed_hires (1).jpg [View same] [iqdb] [saucenao] [google] [report]
66045470

>>66032973
dropbox. Even if someone manages to hack my dropbox (& tbhm8 I've got bigger problems then than them getting my 9gag login!) it's still encrypted. If you're really paranoid pop it into an encrypted zip or rar...

>> No.66045548

>>66032353
Keepass. I would never consider allowing someone or some shit ass web service run out of a garage to do this for me.

>> No.66045580

Index cards nigga

>> No.66047000

>>66036141
>>66032414
>>66033020
>>66032353
You all realize that bit warden is actually just one guy?
Go look at the github project.

>> No.66047234

>>66034183
Takes maybe a few minutes with a modern dictionary/permutation cracker.

>> No.66047253

>i only use the open soiurce and 100% safe keepass softwere to save my passwobs
>password mangager
>2018
literally pen and paper is safer than any password mananger ever
let's face it, you're a /g/ tech enthousiast not an fbi wanted criminal
no one is ever going to seach your home searching for passwords

>> No.66047273

>>66032353
I used to use Bitwarden, but I ended up switching back to Keepass XC. Bitwarden has no minimizing to tray, so it was constantly open.

>> No.66047370

>>66047273
>leaving your password manager open at all times
That's like leaving your notebook with passwords written in it open on your desk.

>> No.66047386

>>66047370
>he doesn't live alone
Anon... I...

>> No.66047399

>>66047386
You only run the password manager and nothing else (not even an OS) on your computer? Keep in mind any app can potentially read the working memory of another app.

>> No.66047445

>>66047399
I don't run much in the way of non-FOSS applications. If my OS is reading my memory, even a moment of having the database open would be enough for my passwords to be harvested. Might as well just keep it open.

>> No.66047463

>>66047445
>even a moment of having my front door unlocked would be enough for a mugger to come in and stab me so i might as well leave it unlocked

>> No.66047485

>>66047463
I have a firewall to block unwanted network connections (in the case of the few non-FOSS applications and my OS itself), run certain things sandboxed, and use common sense for anything else.

>> No.66047543

>>66047273
why just not use browser addon?

>> No.66047803

>>66047234
and I'm the pope.

>>
Name (leave empty)
Comment (leave empty)
Name
E-mail
Subject
Comment
Password [?]Password used for file deletion.
Captcha
Action