Keepass

Why the fuck would you need a password manager when two step authentication exists?

Yea should record them analog.

>The desktop version or one of the many apps?

the autoupdate feature connects over http allowing someone with access to your network or connection to keepass (say, isp, either on your end or the keepass servers provider end, or something) to MITM the update

if you download from sourceforge(https) and update manually you shouldn't have a problem

the apps may not be affected because they'll update through the play store or apple's equivalent

>Why the fuck would you need a password manager when two step authentication exists?

because two step authentication doesn't prevent against website's being hacked leaking your passwords

That's why I'm using my own python+tk password manager. I fully understand the code.

>he saved his passwords in THE CLOUD

that's just it, keepass is a local password manager.

it's just the update function and their site is using http.

not problems if you are using a package manager like any decent human being should.

>the autoupdate feature connects over http
There is no automated updating on keepass. You always have to manually download and run the installer. Keepass only tells you that there is an update and sends you to the website if you choose to.

The only thing keepass has is an automated update check, but it does nothing on it's own.

laughed loud d;

Never understood he need for managers.
Have a throw away for shit you're never going to use again(forums for one time answers,websites that require X likes or X comments, etc)

Then have your actual passwords
BU BU BU BU BUT ITS HURD TO UNNASAN DIM PAATURDZ.
It really isnt, if you're going to use the website constantly or be part of the community, remembering passwords is not difficult

correcthorsebatterystaple.net/

I have a password book which I use for individual websites and websites are written twice, at the beginning row to row it says on which page I wrote the website (basically an index) and on the page with the website I write everything that was related to that website registration. Password, security questions, fake birthday if any, recovery e-mail (have 4 e-mails) etc. etc. I feel this is much safer as having something stolen digitally is typically out of your means to protect all the time but a responsibility given to the program operator, similar to how LastPass was hacked, you can't entrust yourself with the security of your passwords all that well. Meanwhile my book has a regular (fake) book cover in my bookshelf and I access it whenever I need access to some high value accounts with unique passwords. Otherwise low value accounts (like accounts made "just to be" or to check something out) are made with a shared password I could not possibly care less about being hacked, so I don't need to index every single website in the world I have registered into.

We said KeypassX, not keypass. The distinction is important.

>not using a book cipher

Try remembering 30 different passwords

Duuuude I have like 100 online accounts for job boards and shit. The amount of things you have to register for now is astounding.

KeePass is a godsend for this.

Associte a 4-6 letter acronym to that website
Do you have problems remembering 7+ digit phone numbers ,or 3+ numbers + 3+ letters in your address?
Can you not remember shitposting acronyms?
Can you not remember cpu acronyms?

Checkmate.

>30
I highly doubt you frequent 30 websites, let alone all of them needing a password

>register for
Such as?
I doubt you maintain 90% of those

Well my keypassX database as 30 sites in it.

And how many do you frequent daily?

That's why you use KeePassX instead.

ITT: Single point of failure.

>keep a little piece of paper with with passwords in wallet and lighter in pocket
>if get in trouble burn paper

wheres the problem faggots

>indeed
>reed
>monster
>totaljobs etc.

Not to mention individual company websites, smaller obscure job boards, various agencies.

Lets throw in all the various shopping websites, gaming service accounts, video streaming services, email accounts, cloud storage, shit like Adobe Cloud and other various botnets that require registration etc. you can very easily end up with a hundred different logins to remember.

>because two step authentication doesn't prevent against website's being hacked leaking your passwords

And you think a password manager would prevent a site being hacked?

en.wikipedia.org/wiki/Gator_E-wallet

>__________ developer overlooks security hole to preserve ads

Ad lib that can accurately describe

Not everything uses that, and I personally don't want to rely on a cellphone.

Try burn a paper when seven well hung dudes are fucking you in every sexual hole you have. See if you can.

I'd love to try to

I guess you're right. If I can remember a ten digit number then I can remember q_EV;SG>:E9zK#KQU1;?F%CXo^Z,xL}p74_0Yf,2JhQ&)m8rqcmV*OgXh&Tg3IvC{(Ey}AQkIs:fhbxxd9UM!DwJv]30l0EZj>\.iPh3JZ83!72GI/e,B0F9lkSi/*TuQs!o@G$.8!n[&/K.p>yxg6r

Right, but the fact that the dev thinks it's okay would make me trust the app far less.

This.

Just remember your passwords, retards
>needing a password manager
>not using the same password for every site with a slight variation
Kill yourselves.

NIH syndrome is hitting me hard. I'm rather tempted to write my own, very simple, password manager.

Windows doesn't have this though.

I use Keepassx.

He thinks it's okay because he trusts that he users aren't retards.

>shopping OVER THE INTERNET
its like you morons dont know things can be encrypted.

>$CURRENT_YEAR
>OS with no package manager

>r-right?
yes. The application can be forked. This is not the case with nonfree software.
Regardless, your package manager should be ensuring your applications are not tampered with in transit.

I'll take WORD MANGLING for $400, Alex

>the only reason this was discovered is because it was open source
if it wasn't open source, like coldfusion, it'd have security bugs for root access for the past 7 years, like coldfusion does.

>using windows

no, the traffic was inspected and intercepted

bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/

>Automatic Update Vulnerability

>There have been some articles about automatic KeePass updates being vulnerable. This section clarifies the situation and its resolution.

>[...]

>Resolution. In order to prevent a man in the middle from making KeePass display incorrect version information (even though this does not imply a successful attack, see above), the version information file is now digitally signed (using RSA-2048 and SHA-512). KeePass 2.34 and higher only accept such a digitally signed version information file. Furthermore, the version information file is now downloaded over HTTPS.

keepass.info/help/kb/sec_issues.html#updsig

>He can't even remember his passwords

>tfw no libreboot thinkpad

lol , so much fail. all is lost to the common man who will never know there loss.

Because it's a fucking hassle.

How come no one uses Dashlane? I just got it today and I really like it.

>password manager
>not open source
o god burn it

What's that picture? Some sort of satellite pass? Is it even radio?

> not having redundancies

Nice one senpai

And what exactly does that accomplish?

baudline
It's the doppler effect, iirc

Why would I use KeepAss? If my system is compromised all of my pwds will be gone.

echo | gpg -e -o .gpg

nice bash history

If your system is compromised then they are all gone anyway, retard.

Also Keepass encrypts your shit, and you can just backup your file. Why are retards commenting on shit they can't possibly understand?

I sometimes work with an elderly sysadmin who speaks credit card info over POTS when ordering from tigerdirect because she doesn't fully grasp this.

Password managers are too sketchy. What I do is record audio of me reading my passwords and include it in my phone's music folder with a made-up name. Nobody would think to look there.

Are you normie? 30 isn't even a large number. I use shared password for numerous low importance forum account but still have nearly that amount of password

Open Sores

>>/soc/

If it's open source why not just fork a version with no ads?

I keep my passwords in a text file on an encrypted usb stick.

works for me.

Open source does not equal free software, so if KeePass is proprietary then you can't do much.

>Windows

Never heard that one before, creative.

If you don't have enough brainpower to even remember all your passphrases, then how do we even allow you into the internet?

>I highly doubt you frequent 30 websites, let alone all of them needing a password

I have 100+ passwords in Keepass.

Why would I save them?

I really would like more sites to adopt a 2-step authentication via the google authenticator app. I have it active where possible, but sites like my country's amazon still doesn't have it available, and shitty paypal only has its own security SMS system.

howtogeek.com/212219/here’s-how-an-attacker-can-bypass-your-two-factor-authentication/

chocolatey.org/packages?q=KeepassX

But it does and KeePassX is in it

That's with a phone number you stupid nigger.

I'm no opensourcefag but this sounds cuck tier

>using a phone in the first place

It's like you are criminally retarded.

There are no ads in Keepass. It's about the website not using HTTPS because ads, and that affecting update checks. Please at least partially understand the subject before posting.

>Open source wins again guys, r-right?

OpenSSL had something like a 20 year old bug.

>20 year old bug

I'm not using a phone you dumb piece of shit. What don't you understand?

>not using a phone in 2016

It's like you're a socially retarded luddite.

>I don't know what I'm reading but I'm going to comment anyway

OPEN SORES FILLED WITH PUSS

If you don't frequent the sites daily, all the more reason to use a password manager to keep track of login info for them as it'll be harder to remember without repetition.

I only need to know the passwords of my user account on the computer, the primary email and the keepassx decryption key. It contains somewhere between 100 and 200 site logins, both user names and passwords randomly generated strings, 20+ characters long for the latter. There's no reason I should have to remember all of that by myself. Why are you even on a computer if you're not going to use it to perform tasks for you?

This is almost good: it needs to add a placeholder for the initials of the service you're making it for. Then you can re-use the same few patterns of different difficulty and only need to remember those while still having a different password for everything. That's what I do and I've never needed a password manager, yet all my 100+ passwords are unique and actually hard to crack (depending on the base pattern of course). Letting my browser remember them was merely a convenience

>and actually hard to crack

What's your entropy? Don't tell me your passwords are less than 30 characters.

I've been using the same password with slight variation on all my online accounts since my first one on nickelodeon.com when I was like 9

What's the best manager?

KeePassX?

What's the problem with keeping a PGP encrypted file filled with randomly generated 32-64 characters long passwords?