>using a password manager instead of hashing an easy to remember password with SHA-256
Is there ANY reason to use a password manager at all?
Using a password manager instead of hashing an easy to remember password with SHA-256
Other urls found in this thread:
Yeah, so you can lose them all when their database eventually gets hacked.
Because you should have more than one password so that if a site gets hacked your password for everything isn't leaked.
Use a local password manager like keepass.
Xenakis, nice.
>their database
But my passwords are on a git repository on my own server.
>2017
>putting your password into the clipboard of a potentially compromised OS
>this is more secure than just remembering a password
>saving passwords at all when access to your email can recover 90% of your other accounts
Password managers are great if you like single points of failure
sha256("samecomplicatedpasswordeverywhere"+"sitename"+"small unique string that's easy to remember")
I think I'm safe. Although maybe I should use bcrypt or a hash function that supports variable output sizes.
passwordstore.org
this one uses gpg to encrypt local db that has your passwords.
Potential hazards
you operate it with terminal so your history file
extension if you use them, for example there's firefox extension for it
I though about writing crypted sqlite db that stores each place and the password that it uses. So if I'm afraid of leak I can see all places that need password change, also to have totally random generated password instead of based on remembable pattern. But passwordstore seems to provide all I want.
Anybody used it?
Reusing the same password is a much worse single point of failure since it's completely out of your hands.
>this one uses gpg to encrypt local db that has your passwords.
Password-store has no database. It's based on a directory structure.
>you operate it with terminal so your history file
You can let it directly copy to clipboard, so it doesn't show the password in the terminal.
>Anybody used it?
Yes.
>Anybody used it?
>Yes.
So it sucks, FUCK
Use a salted password, like "nahWsrbzUhLnDp968psc"+"qwerty", after hashing it's irrecoverable.
I'd rather have a single point of failure that's encrypted and stored locally than have to use simple and easy to remember passwords for every site which creates multiple points of failure all over the internet.
I just use a long sentence as my password... and I switch a couple letters too to keep things interesting.
>myhorcehacagiant5ockthatithinklookcprettydicgucting
I can use a different 64 character password for everything and not have to remember them.
are we xenakisposting itt?
I just use the same password for everything.
i use it woth rofi-pass, pretty comfy
>worries about putting password in because the clipboard will be compromised
>no problem just typing it into that system