Password Managers General:

I'm pretty happy with KeePassX (PC) and KeePassDroid, but what does Sup Forums think of this Master Password shizzle?

It generates passwords on the spot using 1 'master' password and a name. Thoughts?

Other urls found in this thread:

truekey.com/
passwordmaker.org
ssl.masterpasswordapp.com/
twitter.com/SFWRedditImages

Is it safe?

LastPass is superior

Btw, what does Sup Forums think of True Key?
truekey.com/

You're kidding me, right? They fell victim to a massive data breach over a year ago. Never trusted them since.

>current year
>using password managers

I'm surrounded by idiots

Writing all of your passwords on a piece of paper and hiding it on your person/in a safe is literally thousands of times safer than giving your data to this botnet shit.

>truekey.com/

No.
1. Face verification can be hacked with a photo.
2. Scanning your fingerprints to the botnet?

It's Open Source and has been audited.

No botnet, just a local database protected by a strong password.

>mfw literally using steganography to store all my passwords in this image

I previous was using LastPass until they had that massive data breach. I believe it happened twice to them. Currently, I use 1Password and like it but feel like I'm on a botnet password collector. I've read up that KeePass is one of the best ones regarding security and privacy because it is open source and been audited but the problem is syncing that to the cloud for me to use on my phone and desktop. What does /g suggest?

Keepass is great, I'm a bit sad it's shit on linux and I have to use KeepassX instead. I don't really think there's a match for it to be honest. Using KeepassDroid too.

I use passwordmaker.org to generate a unique password for every site based on a hashed master password.

I don't store the master or the generated passwords anywhere

Depends how autistic you are.

KeePass + Android/iOS App works fine, as long as you back up your encrypted database file regularly. The whole point is to not use a cloud service, you can back it up to multiple external HDD's/USB's and store them safely. As long as you have few 'main' emails with chains of emails/accounts connected to them, recovery should not be an issue for any accounts and you can update them every 1-6 months etc.

If you insist on using a cloud, which defeats the purpose, don't be a retard and use Dropbox, Onedrive or Google Drive.

Use Syncany or Syncthing, or even self-hots (I think with ownCloud?)

I think Master Password works on the same principle. ssl.masterpasswordapp.com/

The problem I have is I sometimes use obscure usernames, e-mails names, secret answers and might need to write down some notes in the entries.

Plus, you need to carry a device (phone) to generate the passwords on the spot and if you do that, then it might as well be a phone with the kpassapp.

True, you can use their website to generate your password without a phone, but imagine a key-logger at your internet cafe? It would fucking destroy you.

You make some valid points. I'm going to give KeePass a shot. I can sacrifice convenience for better security. I have thought about using ownCloud but wasn't sure how security it is.

I use it myself but I wish I didn't. I could have just used the same easy to remember password for everything I sign up to online that wouldn't matter if someone knew the password because it isn't connected to money or my identity. For important passwords which won't be many, you can just make a hard password with numbers and capitals.

>I don't store the master or the generated passwords anywhere
So what good does that do you?

is oneSafe for iOS any good? I like it's features and UI the best of any other manager I've tried, but there's little info about it on the internet, the app haven't been updated in months, and there's no windows 10 version, which seems a bit sketchy

>storing all of the passwords within a program with a single password.

I just use a system for my passwords. They all follow a logical pattern so they are easy to remember. I have a top tier level for main email password, second tier for secondary emails, third tier for banking and fourth tier for everything else

Something like

>email: 155FALK-a+b
>secondary: 166KOPO-c+d

And so on

It keeps the attack vector limited to keylogging if I'm using a public computer, or to my phone being compromised. I don't want to be hacked the way LastPass users were

what do you think of Blur from Abine?

only secure thing is your own brain.

But keepass has an inbuilt password generator that you can configure to generate passwords using whatever length and characters to use.

I just store my encrypted password files in Google Drive (or your cloud service of choice) and then save a local copy to whatever devices you want

So what? I can give you my lastpass blob right now and there's nothing you could do with it

That's the entire point, it's essentially keepass except they sync it for you

>Master Password
Instead of losing password db + encryption file + master password, you have to lose only the last. Plus if one account gets compromised you have to change your password for everything. Good way of getting fucked.

the greatest source of safety with passwords is obscuring that they are passwords, I'd never trust an application dedicated to storing passwords for that reason

security by obscurity is not real security.

how so?

The best way to hide is in plain site

...

Can be useful to use a different complicated password for each site.

Password Managers are for retards.