clearly KeePass 2 is the superior program and all others are outdated ports and insecure, but what other software make it more useful? here's a small list of issues i have encountered while using it: >unversity or other public computers requiring login i'm not going to unlock my entire datebase on a potentially botnetted computer, and a password like vz$6sqVrQB'!egYw&5'on/@= is cumbersome to type in or remember. >constant syncing upon saving with a relatively simplistic password for that sync service i do not know the answer to this. i simply keep copies of my latest database on all applicable devices. >easily sharing wifi passwords among devices i hope this can be done simply, because insecure persons generally get upset when i tell them the password is dBTPmnIpL9I3ujpY. QR codes would be an option if i didn't have persons that used Kindles and other e-readers on network.
Also, general password management thread.
LastPass botnet users will be laughed at and ignored. Same-password-for-everything faggots will be laughed at and ignored. KeePass fork/alternative software promoters will be laughed at and ignored unless concrete evidence is provided showing they are superior is KeePass 2.37
>lastpass ff plugin broke >"fine, time to port everything to keepass" >export goes fine, using some magical little tool called lastpass pocket >pocket.exe is a portable keepass-alike tool that can save local copies of your db encrypted or in .csv >ineverknew.bmp >import works great too, organizing happens >keepass-favicon-downloader >my PWs have never been more organized >this all happened around 2 weeks ago
Yup yup. Now how do I keepass android?
Parker Evans
>Now how do I keepass android? There is an f-droid version, but either the f-droid buildbot or the main developer is a fucknut and doesn't push necessary updates fast enough. It took him several months to get an update that supports the latests kbdx format on the repo. Here is the link for that: f-droid.org/en/packages/com.android.keepass/ The one I prefer--because it is updated frequently enough to be usable--is on the google botnet here: play.google.com/store/apps/details?id=keepass2android.keepass2android_nonet&hl=en it's still FOSS, but being hosted on the google botnet who knows what was surreptitiously included.
Blake Mitchell
>Password management tools Oh good, it's nice to see people completely oblivious to how security leaks happen. Protip: Nobody is going to try and guess or bruteforce your obscure fucking password, they're going to use exploits to bypass and leak the entire database they want.
Kayden Ross
t. uses [Animalname][0-9]! for everything enjoy having every single account you own getting pwned you fucking retard. also, unless the retards maintaining the pw database store everything in plaintext, they do have to bruteforce, and it is much easier to bruteforce Al3x123$ than "7k'tZ/e\KA$1ST&u`OzAR_DTSN2ui1w02+W5OX:YIq@H~A,k&23":;=*@wNC7$l
David Kelly
It's also incredible difficult to bruteforce ani!!mal::hor[]se%%sta.,ple''bat==ery Except that version is human readable and rememberable, and doesnt rely on OTHER SOFTWARE that could be just as fucking vulnerable to exploits.
>dismissing somebodys opinion for using a well-circulated example of a hard-to-bruteforce password The point is you split natural words in half and separate them with punctuation you find easy to remember, you fucking mongoloid. Get your head out of your gaping asshole.
Ryder Bailey
>well-circulated it has been objectively proven wrong though, which is why you are a pseud. didn't read past here, by the way. go ahead and google why "correct horse staple battery" is wrong and educate yourself.
the guy who runs xkcd is very knowledgeable about somethings; others he knows nothing about,
Christian Nguyen
Whoops there aren't any exploits. AES256 is AES256.
Lincoln Reyes
It's a well circulated example you fucking retard, jesus christ. What did you want me to write instead? you::are::a:fag::got? Would that make you happier you autist dipshit?
You don't need to break the encryption to exploit the software, otherwise we'd never experience these breaches.
if this isn't enough to convince you then kindly kill yourself because you are too stupid to continue living.
Joseph Gomez
bump
Jordan Martinez
idiot
software dev here, i've worked with people who are sure its a security risk to allow copy paste on online login pages :^)))))))
Blake Gray
Should I get a password manager? Most of my passwords right now are {my name}.{something relating to website/service/ect} Which most cites tell me is pretty secure (especially since I have a very uncommon name). What's keeping me from making the switch is mosty the problem of logging in on school/friend's computers. Should I just switch, even if I don't have trouble remembering my passwords?
Sebastian Morris
>Should I get a password manager? the answer is always yes, and never an online one like lastpass (who've have security leaks).
Ryan Gomez
KeePass DX you smelly niggers
Elijah Cooper
>KeePass DX as i said in the OP, unless you can provide concrete evidence for why this is more secure than the mainline keepass2, you can eat shit and move right on.
Jordan Scott
When we look at AES (Rijndael to be more precise) and Twofish, in the roughly equivalent KeePass and Bruce Schneier's Password Safe, both these symmetric block ciphers have been heavily studied and are considered resistant to cryptanalysis.
Maybe the *implementation* will yield a fault via side-channel attacks, absurd coding error, etc, but it is FAR more likely that a breach will come from endpoint compromise.
There are many ways to skin a cat, but the easiest way is to rubber hose it or drop a keylogger on the device.
Thomas Ross
So, ignoring the retard that spawned the off-topic discussion, what are your favorite solutions to the issues posed in the OP? >Needing the login for a public access computer For example, my university requires me to log into their computer lab equipment if I want to use Windows only software. Typing gibberish is quite cumbersome, but at the same time I do not wish to change the university login to something simplistic because there are sensitive data in the email account using the same login. >syncing Yes, this could be done with dropbox or some other botnet, but are there any alternatives? I have heard syncthing passed around.
Jordan Rivera
Using pw managers for your online shit is literally not about not being weak to bruteforce, it's to allow you to use unique passwords, that are also strong, for everything. Using the same pw for multiple things is simply a vulnerability, and good luck remembering 20 different non-trivial passwords.
Henry Brooks
Just let it branch out m8. However:
> Typing gibberish is quite cumbersome If you want a strong password you're going to have to type a tedious and complex one - that's just how it is.
> syncing If you trust the implementation then it really doesn't matter; you could literally make it public. OwnCloud/NextCloud if you want that "control" of your cloud storage.
Nicholas Lee
>clearly KeePass 2 is the superior program and all others are outdated ports and insecure KeePassXC says hellow.
Zachary Stewart
>If you want a strong password you're going to have to type a tedious and complex one - that's just how it is. guess i'll have to carry around a pendrive with a single file containing the password and turn 2FA on for my email. oh well. >KeePassXC as i said in the OP, unless you can provide proof that KeePassXC is superior to the mainline your opinion will be discarded :^)
Sebastian Gutierrez
>as i said in the OP, unless you can provide proof that KeePassXC is superior to the mainline your opinion will be discarded :^) It just works a fuckload better on Linux than KeePass 2, the UI is a lot nicer too. Also I prefer its password generator for new entries.
Ayden Smith
Keepass1 is better than 2. faster, less resources, just as secure (since it's updated in tandem with keepass2)
Jaxson Campbell
>It just works
Oliver Sanders
I don't need you to use the software I like user. If you don't care about possible superiors then whatever.
Michael Garcia
>If you don't care about possible superiors But I clearly do care about possible superiors. You simply have yet to provide one. KeePass2 works absolutely flawlessly for me on my GNU/Linux distribution of choice.
Also, complaining about UI in a password manager is like redditors complaining about Sup Forums's UI. It's entirely subjective, and KP2 works just fine.
Asher Morgan
>who knows what was surreptitiously included Does google even have the right to do that?
Elijah Taylor
>it just works Then why do you even care.
Jackson Wilson
because "it just works" is not an argument unless you're an applel user.
Wyatt Carter
Why did you use it in this post then Your argument for KP2 is literally that 'it just works'.
Nolan Lopez
bitwarden
Chase Martinez
>>Your argument for KP2 is literally that 'it just works'. My argument for KP2 is that it is a continuation of the original. KPX was originally a port for GNU/Linux and is now deprecated at best, and KPDX is some kind of android port despite there being android ports built almost directly from KP2. KP2 is already established as the top-dog. The other two ports are not.
Julian Miller
Dashlane is what I use. I have a lot of devices and use many browsers. It's cross platform and pretty good so far
Wyatt Edwards
>KPX was originally a port for GNU/Linux and is now deprecated at best I know. That's why I recommended KeePassXC.
Either look into it or ignore my posts, I'm not going to spoonfeed you, I already gave you advice.
Colton Brooks
I use my brain to store my password.
Jaxson Price
but KPXC is just the crossplatform version of KPX. KP2 is already crossplatform. what exactly what KPXC offer that KP2 does not aside from potential insecurity?
Nicholas Moore
>but KPXC is just the crossplatform version of KPX No it's not. It's cross platform but the main purpose of KPXC was to actually continue development and implement PRs that KPX was not because it's a dead project.
Christopher Rivera
Cool. Why are you here though - not everyone has that type of memory...
Unless, don't tell me you're using the same password across multiple sites!!!
>don't tell me you're using the same password across multiple sites Why is it bad, though? A strong af password that's hard to guess and hard to crack is better than multiple passwords that are easy to remember and easy to crack.
Daniel Young
Because it only takes a single site that you thought had good security to use weakass salts and suddenly your long 'secure' password is on a russian list, being sold for a few rubules.
>Why is it bad, though? because the moment some retards like equifax/target/whatever store all of your login information in plaintext and get pwned those same hackers will immediately try to gain access to every commonly used service. if you have a unique password for everything all the thieves get access to is whatever useless information you have on your PSN account,
Michael Powell
Because all it takes is one site not storing your password correctly or being compromised and suddenly all your accounts are broken,
