What's the best password manager?
What's the best password manager?
Christopher Hernandez
Other urls found in this thread:
passwordstore.org
github.com
twitter.com
Christopher Bailey
2nd thread about this shit.
consider ending your life, but before doing that install KeePassX
Jordan Johnson
Google Smart Lock :^]
Carson Gray
1password by far.
Josiah Morris
Read the sticky.
Brody Roberts
KeePassXC
Caleb Butler
Notepad
Isaac Richardson
Ok, I have a stupid but maybe useful idea. What if I wrote a c++ program that prompted the user to enter a master password. If you entered the correct one it would cout a hard-coded array of strings that was your passwords and websites they are for. If you compiled it and deleted the .cpp file, while you can't add new passwords, wouldn't it be safe? What are the odds of reverse engineering?
Jackson Lee
...
Elijah Hughes
Fairly easy. You could decompile it in assembly than arrange it accordingly.
Robert Richardson
>password manager
thx goy!
Luke Diaz
an encrypted text file
Camden Robinson
keepass and it's ports
Evan Mitchell
asking a friend to remember the password for me
Ryder Jackson
Just remember your passwords. You should be intelligent enough to remember 5 or 6 passwords.
Ethan Clark
DO NOT do your own "security" there are a lot of pitfalls that layman don't even know they don't know.
Likesaid.
Or you can just inspect the memory.
Memory is a big way someone can get passwords, since they have to transfer unencrypted into/out of memory at some point.
Landon Perry
"the standard unix password manager"
passwordstore.org
Blake Hughes
Trivial, you could just run strings on the binary.
Camden Phillips
is some sort of agency really going to bother spending man hours attempting to decompile your custom encrypted program or spend time trying to backdoor popular encryption software?
Alexander Bailey
based program.
my migration went lastpass > keepass > pass. each better for me than the last.
Thomas Gray
This. It's simply great.
I migrated from lastpass to pass as well and thanks to hit I can keep everything synchronized across my devices.
The only downside, if i may say, is the basically non-existent choice of mobile clients and browser extensions for auto fill. The Android client is pretty cool and it comes on f-droid as the gpg key manager does.
Xavier Jackson
Using it the intended way leaks information about what sites you have accounts for.
Much better to keep an encrypted text file with all of your passwords in it. It's also easier to move around, and you don't have to worry about git leaking info either.
Blake Hughes
>
>Using it the intended way leaks information about what sites you have accounts for.
Please explain further, I'm interested to hear about it
Benjamin Allen
seems to me that browser extensions are such headache. just look at lastpass woes due to theirs. hard to really make it work since browsers are such a big target.
Bentley Williams
he is talking about how each filename has the username or some other identifying metadata for each account.
don't really see a problem if you keep the files in your encrypted machines only and you self-hosted a git server. there was some 'fix' for the leaking of that info last i saw, but didn't really need it so didn't check it out thoroughly.
Jose Barnes
If you have a bank-of-america pass file, then anyone can figure out you have a Bank of America account even if they can't get your password. Unless you name all of your pass files random strings. Also, you can calculate the size of the content of GPG encrypted files, so if the file is X size, then an attacker can figure out our password is less than Y long.
If you use a single encrypted file, the site names are encrypted too, and an attacker doesn't get any useful info if he can calculate that the file contents are X thousand characters long.
Leo King
>don't really see a problem if you keep the files in your encrypted machines only
If your pass files are on an encrypted machine, why are you even bothering re-encrypting them? Clearly, you are either encrypting too much or not encrypting enough, pick one.
John Wright
The encrypted file can contain any content not limited to the password, i can potentially inflate the size of the file with garbage data.
Also, let's not forget things like 2FA and common sense: first of all I'm not getting an account with a bank whose site doesn't do 2FA mandatorily, I'm also not gonna store the password in a file that's names Bank of America, nor I'm gonna keep the official username for it
Lincoln Morgan
Encrypted text file
Jordan Johnson
I'll pick both. why would i have to choose between keeping gpg encrypted files, or having my entire partition luks encrypted?
Nicholas Roberts
What do you guys think about Master Password? I was considering switching to it for simplicity's sake, but I feel like it's only a matter of time before the algorithm is cracked and then everything is fucked and blown wide open. What do you think?
Thomas Lopez
Lesspass, a syncless password manager
Jonathan Adams
Google Docs
David Taylor
It fixes something that isn't broken. Instead of only having to remember your password, you now also have to remember what key you used for which site. And if you have to change your password for one site, now you need to think of and remember a new key.
Parker Moore
Since we're having a passwords thread, how would one make mutt remember passwords the way Outlook and the like do? I'd like to only type in a password when it's been changed but all I can find is using gpg (have to retype password every ten minutes or something) or storing as plaintext (not secure).
Jason Rodriguez
A physical notebook.
Joseph Allen
>take it with you
>easily susceptible to being lost/stolen
>always leave it at home
>unable to log into your accounts unless at home
>at risk of losing it in case of fire or burglars stealing it
It's not the worst, but it's not the best either.
Jason Mitchell
Surely this is a troll
Ethan Gomez
Ayden Smith
Botnet
Use enpass