What's the best pw manager?

>It's been compromised several times
THAT'S NOT HOW SOFTWARE WORKS
STOP BEING RETARDED

Still won't use lastpass, but hot fucking damn you retards really need to stop reading headlines and thinking issues being fixed = the software is suddenly obsolete. If that was the case, we wouldn't have linux at all.

It's definitely convenient. I can add a password to my pass database just by piping a password through gpg and into a file. There's not a lot of reason to implement a key-value store when there's already one available in the form of a filesystem that works fine.

I didn't understand what you said but I will investigate more about it.

Lastpass isn't software, it's a service.

I use Google, that way I can autofill in android apps as well.

It's both.

It's SOFTWARE as a SERVICE you fucking idiots.

Not him but how can you u unironically drop claims without a citation then call someone else on that on the very next line

source:me
That's how. To think a fair observation (stalled development based on a history of undelivered or delayed features, bloated code based on the size of their extensions) is equivalent to a claim that can't be observed (DEY COMPRUMIZED) is maximum retardation.

>write down all my passwords on a sticky note on my monitor
i don't trust password managers, try to hack that bitches

>what's the best pw manager?
1Password

> be tyrone
> stealin shiiieeet
> take da compyuta
> see sticky with password
> tries different banks until he finds yours
> livin liek kangz

>implying Tyrone can read
im safe

>tfw I can't get 1password browser extension to work on Solus

...

I use LastPass and pay for premium because it's so good. Literally zero reason to use anything else unless you're autistic.

I mean I'd keep it a little more hidden than a sticky note. But really anyone that could see the note would have physical access to your computer anyways.

>this shill thread, again
only fools use password managers
every time i see another one got owned i chuckle sensibly

> only people who get shit done use password managers
ftfy

> TFW 1Password became subscription based and can no longer do a one time purchase

my brain

B I T W A R D E N

wired.com/2015/06/hack-brief-password-manager-lastpass-got-breached-hard/

> "email addresses, encrypted master passwords, and the reminder words and phrases that the service asks users to create for those master passwords"
> "encrypted master passwords"
If you reset your password you lose your vault because it was encrypted correctly in the first place.

> breached hard
Fucking clickbait

keepass is the best, just use that. it's open source, free, doesn't have any cloud bullshit, and is easy to use.

48G & 46G password senbatsu.

48pedia.org

password managers are for chumps.

openssl dgst -sha1 -binary ~/Documents/meinkampf.pdf | argon2 stupidpasswordlol -t 1000 -r -l 4096 | xxd -ps -r | tr -cd [:graph:] | fold -w16 | head -n16 | nl

KeePass DX

No, I'm sorry, but literally you callled someone out on making a claim with no citation despite yourself hypocritically doing the same in the same breath.

>source:me

Do you not realize the other guy could do the exact same thing as this you unbelievable faggot

it was literally bought out by the Chinese.

Keepass.
It's open source, it's been security audited for use in corporate environements, it can be stored locally or stored on any server or cloud provider and it has plugins, browser extensions and smartphone apps.

I've switched LastPass into Dashlane this year. But it might be unnecessary.

> false equivalency

>source:me

Nice "source" you fucking nigger. That definitely proves you aren't hypocritically dropping claims without providing a supporting citation.

Bitwarden. It's FOSS but still offers a managed option in case you don't want to run your own instance. Switched from LastPass and I couldn't be happier.

Because letting the world know your encrypted master password is okay, right? More so when you're supposed to keep it secure in the first place.

...

And how useful were said passwords? Did anyone ever confirm that a single account was accessed using those credentials? It seems they did well. It's old news anyway.

keepass + self hosted nextcloud

I don't think news like "x% of LastPass users were hacked elsewhere" or similar could exist.

There is an identical alternative to LastPass, named BitWarden, that's open source.

The true answer!
Kudos for using modern hashing!

>I've heard criticism of the one file per password thing because it technically leaks information about what you have passwords for or how many you have
The pass-tomb extension solves that problem. It works great.

>bump, is Pass (CLI password manager) and its philosophy "one password, one file" good?
>philosophy
It's the same shit. Pass just uses your filesystem as the database instead of bloated sql or whatever.
You really don't need more to store your passwords plus you get nice things like git integration and all command line tools.

Dont use a password manager. Just come up with a really good password that fits login requirements.

For example (and its not mine, but same idea/formula)
1BarkingMadly*

If someone wants to hack your password they can its as simple as that. Only reason you should give a damn about passwords is because logins need them. There shouldnt even be any criteria on password requirements, ought to be able to have one as simple as you want (ie, "Alf")

Password reuse is incredibly risky.

Just one of the sites you use the password on has to fuck up and leak your password. Then hackers can try all popular services with the leaked username / password combination and bust some of your accounts.

Keepass is best. With the available browser add-ons its also really comfortable to use.

>1BarkingMadly*
I hope your real passwords are longer.

Why is nobody discussing this more? This is fucking incredible.

>If someone wants to hack your password they can
LOOOL Sup Forums IN 2017 IS NEXT LEVEL RETARDED THANKS

>1BarkingMadly*
Jesus Christ retards like are the reason we now have billions of cracked passwords
magnet:?xt=urn:btih:7ffbcd8cee06aba2ce6561688cf68ce2addca0a3&dn=BreachCompilation
Never use in your passwords words that can be googled.

So mad

>KeePass over Syncthing
>never stored on a server
>completely FOSS
>does everything LastPass does
>allows for easy keyfiling for extra security

Maybe takes five minutes more to set up, but it's better than using something proprietary that has had numerous breaches, not to mention is owned by LogMeIn.

KeepassXC + syncthing + firefox extension
ez

/thread

I just keep my passwords in GPG-encrypted text files.

someone please explain why a password manager is necessary when i could jsut open up a .txt file record my passwords on it?

A plain text file or encrypted?

>I've been using lastpass for several years
You're a fucking retard and you don't even know why. Poor you.

I just type the password in the search box and take a screenshot of my browser. Captures the password, username and the site it's supposed to be used on.

> numerous breaches
They've had two, maybe three. I don't think anyone's vault was ever compromised because of these hacks. LastPass actually did well with their security.
> proprietary
Not an argument.
> LogMeIn
We agree there.

If you mean literally a screenshot, as in an image, what's the point if you need to encrypt the thing anyway? Just use a text file with actual links you can copy. If it's somewhat figurative, as in a program that records the data, I don't understand.

>Two, maybe three
I agree that they've handled it well. However, LastPass's attack surface is still greater than with a personally-managed database (given that it takes a good password and a keyfile to open).
>Not an argument.
It IS an argument whether it compels you or not. It compels people who want to know exactly what's being done with their data when using software. People who don't care about that won't (and don't) see proprietary vs. FOSS as a worthwhile discussion.

I use KeePassX. My database file is on Google Drive. To access it on Windows, I install Google Drive. To access it on Android, I use KeePass2Android. To access it on Ubuntu, I use gdfuse and put the following in ~/.bash_aliases:
alias gdrivemount='google-drive-ocamlfuse ~/Google\ Drive'
alias gdriveumount='fusermount -u'

It's basically like those paid "cloud" password manager services, but you have direct ownership over the database file, the manager and database is free and open-source software, and everything is free.

>lastpass
>storing your passwords in a cloud based service that's been compromised multiple times

This is the correct way to do it.

Do you have any objections to syncthing?

As long as you're able to access it cross-platform, go ahead. Whatever works. The database is encrypted, so in theory (if you have a strong passphrase) it shouldn't matter where you host it, even if it's Chinese.

clever. someone should build this into a c program.

This is the first I've heard of syncthing and it sounds really appealing, I may switch from lastpass. I'll look further into it.

Care to give me some insight into why being owned by LogMeIn is a negative?

This is clever, and adjustable... I should make a sh script for it, maybe give some names behind those passwords.

Should I do that or go full hardon with C?

Just means that there's a larger company ultimately making the decisions. With proprietary software, the raw intent of the software is already unknown WITHOUT a seemingly unrelated company taking the reins.

All other password manager programs, except KeePass (and its derivatives), require you to use a master password to unlock its password database.

With KeePass (and its derivatives) you can use either a master password, or a key file, or (most importantly) both to unlock/secure your password manager database.

I thought google drive being insecure was what caused the fappening

> related
> theverge.com/platform/amp/2017/12/30/16829804/browser-password-manager-adthink-princeton-research

a piece of paper/notebook kept in a secure location in your home

You're thinking of iCloud

You could make a static name file for each entry, which would mean the password could be entered however and still produce something. As long as there isn't any hash check this could be a foolproof password setup if you think about it.

encrypted access obviously, and that password is physically written.
Plain text because it uses the lowest data.

You are right, transposing the crypto encabulator surely mips the amorphic hash.

Can anyone please explain what's going on

I don't see what it is either but I assume it's Linux-exclusive, which some other encryption option called like "luks-ds" is anyway, and I thought that was the best, but I guess user put together a better one for passwords.

I've been using dashlane for 2 years now and I'm about to switch to last pass actually.

Dashlane is annoying as shit and not worth using IMO. I wish 1password was free.

Keepass 2 + Dropbox (or self-hosted equivalent).

There's no reason to use anything else. With Dropbox (or equivalent), you can sync your files between devices as well as access them if all other devices they're synced to fail. A vault is only 2kb, so a free account is enough. KeeFox on top of that and you're set.

in laymans terms, argon2 is a KDF (key derivation function) program which takes a password and salt and scrambles it a certain number of times that requires a lot of computation, making it extremely difficult to brute force. user suggests hashing a file and combining a relatively simple password to generate an ouput of 4096 bytes, converting them to binary and filtering them to ascii for use as a password. This is called a deterministic password. Probably the most modern and secure use to date, since it takes about 5 seconds to complete, making it extremely difficult to guess.

This specific example makes 16x16 ascii char passwords securely. All you have to do is have a unique file and a relatively secure password to generate a lot of EXTREMELY secure passwords.

And password store. Because it's just wrapped gnupg so you need keys to use it.

That's irrelevant as the database is encrypted. Therefore, leakage of the database does not compromise the stored keys.

kpcli can handle keepass secure databases and is better than pass t browsing accounts