• Do you use a password manager?

    From Unbreakable Disease@21:1/5 to All on Mon Jul 12 09:53:00 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here including
    my financial passwords and credit card data, with the exception of
    passwords that I would have to remember anyway (full-disk encryption,
    login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10
    complicated passwords that you use everyday than 100+ simple passwords
    you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.
    --
    Tip me: bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

    bitcoin:bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Wade Garrett@21:1/5 to Unbreakable Disease on Mon Jul 12 07:37:35 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On 7/12/21 5:53 AM, Unbreakable Disease wrote:
    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here including
    my financial passwords and credit card data, with the exception of
    passwords that I would have to remember anyway (full-disk encryption,
    login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10 complicated passwords that you use everyday than 100+ simple passwords
    you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.

    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    If there's one that keeps the data just on the local machine, I'd be interested.

    I keep a spreadsheet with my PWs on my FileVault-encrypted iMac hard
    drive and copy/paste to logins that need to stay secure- financial,
    vendors, healthcare, etc.

    I always log out before leaving the house.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From nospam@21:1/5 to All on Mon Jul 12 07:41:19 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    In article <sch9i1$k05$1@dont-email.me>, Wade Garrett <wade@cooler.net>
    wrote:

    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    If there's one that keeps the data just on the local machine, I'd be interested.

    most do, but that means syncing between devices will be limited or non-existent.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andy K.@21:1/5 to All on Mon Jul 12 15:14:49 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    T24gTW9uLCAxMiBKdWwgMjAyMSAwNzozNzozNSAtMDQwMA0KV2FkZSBHYXJyZXR0IHdyb3RlOg0K DQo+IE9uIDcvMTIvMjEgNTo1MyBBTSwgVW5icmVha2FibGUgRGlzZWFzZSB3cm90ZToNCj4gPiBN eSA1MC15ZWFyIG9sZCBicmFpbiBpc24ndCBjYXBhYmxlIG9mIG1lbW9yaXppbmcgdGhhdCBtYW55 IHBhc3N3b3JkcyANCj4gPiBhbnltb3JlLCBzbyBJIHVzZSBLZWVQYXNzWEMuIEkga2VlcCBiYXNp Y2FsbHkgZXZlcnl0aGluZyBoZXJlIGluY2x1ZGluZyANCj4gPiBteSBmaW5hbmNpYWwgcGFzc3dv cmRzIGFuZCBjcmVkaXQgY2FyZCBkYXRhLCB3aXRoIHRoZSBleGNlcHRpb24gb2YgDQo+ID4gcGFz c3dvcmRzIHRoYXQgSSB3b3VsZCBoYXZlIHRvIHJlbWVtYmVyIGFueXdheSAoZnVsbC1kaXNrIGVu Y3J5cHRpb24sIA0KPiA+IGxvZ2luLCBwcmltYXJ5IGUtbWFpbCBwYXNzd29yZHMsIGV0Yy4pDQo+ ID4gDQo+ID4gT3ZlcmFsbCwgaXQncyBtdWNoIGVhc2llciB0byByZW1lbWJlciBhbmQgbXVjaCBo YXJkZXIgdG8gZm9yZ2V0IDEwIA0KPiA+IGNvbXBsaWNhdGVkIHBhc3N3b3JkcyB0aGF0IHlvdSB1 c2UgZXZlcnlkYXkgdGhhbiAxMDArIHNpbXBsZSBwYXNzd29yZHMgDQo+ID4geW91IHVzZSBldmVy eSBtb250aCBvciBldmVuIGxlc3MuDQo+ID4gDQo+ID4gSSBjYW4ndCBzcGVhayBhYm91dCBXaW5k b3dzIHZlcnNpb24gb2YgS2VlUGFzcywgYmVjYXVzZSB3aXRoIHRoZSANCj4gPiBleGNlcHRpb24g b2YgcGxheWluZyBnYW1lcyBub3QgYXZhaWxhYmxlIG9uIE1hY2ludG9zaCwgSSBoYXZlbid0IHVz ZWQgDQo+ID4gb25lIHNpbmNlIFdpbmRvd3MgOTUgZGF5cy4gIA0KPiANCj4gSSdkIGxpa2UgdG8g dXNlIGEgcGFzc3dvcmQgbWFuYWdlciBidXQgSSdtIG5vdCBjb21mb3J0YWJsZSB3aXRoIHRoYXQg DQo+IGRhdGEgYmVpbmcgb24gc29tZSBzZXJ2ZXIgc29tZXdoZXJlLSBhbGxlZ2VkbHkgZW5jcnlw dGVkIG9yIG5vdC4NCj4gDQo+IElmIHRoZXJlJ3Mgb25lIHRoYXQga2VlcHMgdGhlIGRhdGEganVz dCBvbiB0aGUgbG9jYWwgbWFjaGluZSwgSSdkIGJlIA0KPiBpbnRlcmVzdGVkLg0KPiANCj4gSSBr ZWVwIGEgc3ByZWFkc2hlZXQgd2l0aCBteSBQV3Mgb24gbXkgRmlsZVZhdWx0LWVuY3J5cHRlZCBp TWFjIGhhcmQgDQo+IGRyaXZlIGFuZCBjb3B5L3Bhc3RlIHRvIGxvZ2lucyB0aGF0IG5lZWQgdG8g c3RheSBzZWN1cmUtIGZpbmFuY2lhbCwgDQo+IHZlbmRvcnMsIGhlYWx0aGNhcmUsIGV0Yy4NCj4g DQo+IEkgYWx3YXlzIGxvZyBvdXQgYmVmb3JlIGxlYXZpbmcgdGhlIGhvdXNlLg0KDQpJJ20gdXNp bmcgS2VlcGFzc1ggd2hpY2ggaXMgcHVyZWx5IGxvY2FsLCBhbmQgYW0gdmVyeSBoYXBweSB3aXRo IGl0Lg0KDQpBbmR5Sw0K

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jolly Roger@21:1/5 to Unbreakable Disease on Mon Jul 12 15:28:30 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On 2021-07-12, Unbreakable Disease <unbreakable@secmail.pro> wrote:
    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here
    including my financial passwords and credit card data, with the
    exception of passwords that I would have to remember anyway (full-disk encryption, login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10 complicated passwords that you use everyday than 100+ simple passwords
    you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.

    I don't see anything wrong with using Apple's built-in Keychain password manager. The only drawback it has is that it's Apple-only, and that has
    never been a reason not to use it for me. Most of my family uses it and
    is happy with it.

    The iCloud Keychain service is optional and seamlessly synchronizes your password database between all of your Apple devices. It is also highly encrypted using end-to-end encryption so that it cannot be accessed by
    anyone but you.

    Others here will recommend cross-platform solutions, but if you have no
    need for synchronizing your password database to other platforms,
    Apple's built-in Keychain is quite a secure and capable solution, and
    it's integrated with all of Apple's operating systems by default.

    --
    E-mail sent to this address may be devoured by my ravenous SPAM filter.
    I often ignore posts from Google. Use a real news client instead.

    JR

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Scott Alfter@21:1/5 to wade@cooler.net on Mon Jul 12 15:17:43 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    In article <sch9i1$k05$1@dont-email.me>, Wade Garrett <wade@cooler.net> wrote: >On 7/12/21 5:53 AM, Unbreakable Disease wrote:
    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here including
    my financial passwords and credit card data, with the exception of
    passwords that I would have to remember anyway (full-disk encryption,
    login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10
    complicated passwords that you use everyday than 100+ simple passwords
    you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.

    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    If there's one that keeps the data just on the local machine, I'd be >interested.

    KeePass stores its file wherever you tell it. It could be local storage, storage on a server you control (as on a VPS or a dedicated server), or whatever cloud storage is supported on the OS you're using. I use a WebDAV share on a VPS. It's accessible to my phone and my computers, but not to others. (I suppose Linode could grab the file, but without the password to unlock it, it's useless to anybody else.)

    _/_
    / v \ Scott Alfter (remove the obvious to send mail)
    (IIGS( https://alfter.us/ Top-posting!
    \_^_/ >What's the most annoying thing on Usenet?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lamey@21:1/5 to scott@alfter.diespammersdie.us on Mon Jul 12 09:36:32 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On Mon, 12 Jul 2021 15:17:43 GMT, Scott Alfter
    <scott@alfter.diespammersdie.us> wrote:

    In article <sch9i1$k05$1@dont-email.me>, Wade Garrett <wade@cooler.net> wrote:
    On 7/12/21 5:53 AM, Unbreakable Disease wrote:
    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here including
    my financial passwords and credit card data, with the exception of
    passwords that I would have to remember anyway (full-disk encryption,
    login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10
    complicated passwords that you use everyday than 100+ simple passwords
    you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.

    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    If there's one that keeps the data just on the local machine, I'd be >>interested.

    KeePass stores its file wherever you tell it. It could be local storage, >storage on a server you control (as on a VPS or a dedicated server), or >whatever cloud storage is supported on the OS you're using. I use a WebDAV >share on a VPS. It's accessible to my phone and my computers, but not to >others. (I suppose Linode could grab the file, but without the password to >unlock it, it's useless to anybody else.)

    If it's out there than people can access it if they want.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rich@21:1/5 to Wade Garrett on Mon Jul 12 15:40:37 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    In comp.misc Wade Garrett <wade@cooler.net> wrote:
    On 7/12/21 5:53 AM, Unbreakable Disease wrote:
    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here including
    my financial passwords and credit card data, with the exception of
    passwords that I would have to remember anyway (full-disk encryption,
    login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10
    complicated passwords that you use everyday than 100+ simple passwords
    you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.

    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    If there's one that keeps the data just on the local machine, I'd be interested.

    This one stores everything locally:
    https://github.com/zdia/gorilla

    There are probably others that do so as well.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Keith Thompson@21:1/5 to Wade Garrett on Mon Jul 12 11:52:32 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    [I don't know why the OP cross-posted to alt.atheism. I've dropped it]

    Wade Garrett <wade@cooler.net> writes:
    On 7/12/21 5:53 AM, Unbreakable Disease wrote:
    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here
    including my financial passwords and credit card data, with the
    exception of passwords that I would have to remember anyway
    (full-disk encryption, login, primary e-mail passwords, etc.)
    Overall, it's much easier to remember and much harder to forget 10
    complicated passwords that you use everyday than 100+ simple
    passwords you use every month or even less.
    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't
    used one since Windows 95 days.

    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    If there's one that keeps the data just on the local machine, I'd be interested.

    I keep a spreadsheet with my PWs on my FileVault-encrypted iMac hard
    drive and copy/paste to logins that need to stay secure- financial,
    vendors, healthcare, etc.

    I always log out before leaving the house.

    I use PasswordSafe https://pwsafe.org/ .

    It's a Windows application with clones available for Android, iOS, and Mac.

    There's a Linux version, available as "passwordsafe" in the Ubuntu repos
    (and presumably others), but I haven't gotten it to work.

    password-gorilla is a Linux application that uses the same file format
    and should be available in the package repos for most distributions.

    Keeping the database synchronized across devices is left as an exercise.

    --
    Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
    Working, but not speaking, for Philips
    void Void(void) { Void(); } /* The recursive call of the void */

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lewis@21:1/5 to Keith Thompson on Mon Jul 12 19:58:43 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    In message <874kcz5pqn.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
    [I don't know why the OP cross-posted to alt.atheism. I've dropped it]

    Wade Garrett <wade@cooler.net> writes:
    On 7/12/21 5:53 AM, Unbreakable Disease wrote:
    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here
    including my financial passwords and credit card data, with the
    exception of passwords that I would have to remember anyway
    (full-disk encryption, login, primary e-mail passwords, etc.)
    Overall, it's much easier to remember and much harder to forget 10
    complicated passwords that you use everyday than 100+ simple
    passwords you use every month or even less.
    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't
    used one since Windows 95 days.

    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    There is no "allegedly" about the encryption with LastPass, 1password,
    or BitWarden. I know all three of these have been certified and tested
    by third parties.

    Having them on a server makes it simple to sync them to multiple
    devices. At least 1Password can be synced manaully, and I would not be surprised if the others allowed this in some way as well.

    I keep a spreadsheet with my PWs on my FileVault-encrypted iMac hard
    drive and copy/paste to logins that need to stay secure- financial,
    vendors, healthcare, etc.

    That is a very inefficient system, but it is a lot better than what
    some people do. It also encourages patterns of passwords. One of the
    main advantages of a manager is truly random passwords.

    I use PasswordSafe https://pwsafe.org/ .

    It's a Windows application with clones available for Android, iOS, and Mac.

    There's a Linux version, available as "passwordsafe" in the Ubuntu repos
    (and presumably others), but I haven't gotten it to work.

    password-gorilla is a Linux application that uses the same file format
    and should be available in the package repos for most distributions.

    Keeping the database synchronized across devices is left as an exercise.

    And that means you end up with not having the password you need unless
    you limit your use of the Internet to a single machine.


    --
    Everything you say is so boring, I replace it with dubstep.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From nospam@21:1/5 to Keith.S.Thompson+u@gmail.com on Mon Jul 12 16:27:01 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    In article <87zgur47bv.fsf@nosuchdomain.example.com>, Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:

    Keeping the database synchronized across devices is left as an exercise.

    And that means you end up with not having the password you need unless
    you limit your use of the Internet to a single machine.

    Not if I replicate the encrypted database across the machines I use.
    I understand that that could open a potential security hole if
    I'm not sufficiently careful. But if I *am* sufficiently careful,
    my database doesn't exist on anyone else's server.

    and if you forget to sync it, murphy's law states that you won't have
    the password you need.

    computers are there to do work *for* you.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Keith Thompson@21:1/5 to Lewis on Mon Jul 12 13:15:32 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    Lewis <g.kreme@kreme.dont-email.me> writes:
    In message <874kcz5pqn.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
    [...]
    I use PasswordSafe https://pwsafe.org/ .

    It's a Windows application with clones available for Android, iOS, and Mac.

    There's a Linux version, available as "passwordsafe" in the Ubuntu repos
    (and presumably others), but I haven't gotten it to work.

    password-gorilla is a Linux application that uses the same file format
    and should be available in the package repos for most distributions.

    Keeping the database synchronized across devices is left as an exercise.

    And that means you end up with not having the password you need unless
    you limit your use of the Internet to a single machine.

    Not if I replicate the encrypted database across the machines I use.
    I understand that that could open a potential security hole if
    I'm not sufficiently careful. But if I *am* sufficiently careful,
    my database doesn't exist on anyone else's server.

    --
    Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
    Working, but not speaking, for Philips
    void Void(void) { Void(); } /* The recursive call of the void */

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Keith Thompson@21:1/5 to nospam on Mon Jul 12 13:48:14 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    nospam <nospam@nospam.invalid> writes:
    In article <87zgur47bv.fsf@nosuchdomain.example.com>, Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
    Keeping the database synchronized across devices is left as an exercise. >> >
    And that means you end up with not having the password you need unless
    you limit your use of the Internet to a single machine.

    Not if I replicate the encrypted database across the machines I use.
    I understand that that could open a potential security hole if
    I'm not sufficiently careful. But if I *am* sufficiently careful,
    my database doesn't exist on anyone else's server.

    and if you forget to sync it, murphy's law states that you won't have
    the password you need.

    Of course. That happens now and then. The solution is to go back and
    sync it.

    computers are there to do work *for* you.

    I'm not going to go into too much detail about *how* I synchronize my
    password database. I'm not confident that my method is sufficiently
    secure. (Yes, I'm doing "security through obscurity", but only as a
    layer on top of other methods.)

    I'm comfortable with the amount of manual work my method requires.
    Others won't be.

    But what do you suggest?

    --
    Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
    Working, but not speaking, for Philips
    void Void(void) { Void(); } /* The recursive call of the void */

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From nospam@21:1/5 to Keith.S.Thompson+u@gmail.com on Mon Jul 12 17:14:27 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    In article <87v95f45td.fsf@nosuchdomain.example.com>, Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:

    Keeping the database synchronized across devices is left as an exercise.

    And that means you end up with not having the password you need unless >> > you limit your use of the Internet to a single machine.

    Not if I replicate the encrypted database across the machines I use.
    I understand that that could open a potential security hole if
    I'm not sufficiently careful. But if I *am* sufficiently careful,
    my database doesn't exist on anyone else's server.

    and if you forget to sync it, murphy's law states that you won't have
    the password you need.

    Of course. That happens now and then. The solution is to go back and
    sync it.

    no, the solution is to have it automatically sync.

    computers are there to do work *for* you.

    ^^this^^

    I'm not going to go into too much detail about *how* I synchronize my password database

    you already said how: you manually sync it.

    automatically syncing means a new or changed entry is available on
    other devices within seconds, no additional effort required.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Unbreakable Disease@21:1/5 to Jolly Roger on Mon Jul 12 21:51:00 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On 12.07.2021 15:28, Jolly Roger wrote:
    On 2021-07-12, Unbreakable Disease <unbreakable@secmail.pro> wrote:
    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here
    including my financial passwords and credit card data, with the
    exception of passwords that I would have to remember anyway (full-disk
    encryption, login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10
    complicated passwords that you use everyday than 100+ simple passwords
    you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.

    I don't see anything wrong with using Apple's built-in Keychain password manager. The only drawback it has is that it's Apple-only, and that has
    never been a reason not to use it for me. Most of my family uses it and
    is happy with it.

    The iCloud Keychain service is optional and seamlessly synchronizes your password database between all of your Apple devices. It is also highly encrypted using end-to-end encryption so that it cannot be accessed by
    anyone but you.

    Others here will recommend cross-platform solutions, but if you have no
    need for synchronizing your password database to other platforms,
    Apple's built-in Keychain is quite a secure and capable solution, and
    it's integrated with all of Apple's operating systems by default.

    I need to use my database on both Mac OS and Linux, so I use KeePassXC.
    And what if you are left with the Keychain file and Apple goes south?
    How you will migrate to KeePassXC? Your file is going to be nothing more
    than useless junk, so at least call Apple or e-mail Tim Cook directly at timcook@apple.com to allow to export Keychain data to other password
    managers. I doubt that Apple will listen to us, but trying is better
    than simply giving up.

    --
    Tip me: bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

    bitcoin:bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Unbreakable Disease@21:1/5 to Lamey on Mon Jul 12 21:46:00 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On 12.07.2021 15:36, Lamey wrote:
    On Mon, 12 Jul 2021 15:17:43 GMT, Scott Alfter <scott@alfter.diespammersdie.us> wrote:

    In article <sch9i1$k05$1@dont-email.me>, Wade Garrett <wade@cooler.net> wrote:
    On 7/12/21 5:53 AM, Unbreakable Disease wrote:
    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here including >>>> my financial passwords and credit card data, with the exception of
    passwords that I would have to remember anyway (full-disk encryption,
    login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10
    complicated passwords that you use everyday than 100+ simple passwords >>>> you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.

    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    If there's one that keeps the data just on the local machine, I'd be
    interested.

    KeePass stores its file wherever you tell it. It could be local storage,
    storage on a server you control (as on a VPS or a dedicated server), or
    whatever cloud storage is supported on the OS you're using. I use a WebDAV >> share on a VPS. It's accessible to my phone and my computers, but not to
    others. (I suppose Linode could grab the file, but without the password to >> unlock it, it's useless to anybody else.)

    If it's out there than people can access it if they want.
    Hackers are looking out for easy targets, almost nobody is going to
    chase Scott Alfter. Too much risk and unknown benefits.

    --
    Tip me: bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

    bitcoin:bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Unbreakable Disease@21:1/5 to Andy K. on Mon Jul 12 21:45:00 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On 12.07.2021 13:14, Andy K. wrote:
    On Mon, 12 Jul 2021 07:37:35 -0400
    Wade Garrett wrote:

    On 7/12/21 5:53 AM, Unbreakable Disease wrote:
    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here including
    my financial passwords and credit card data, with the exception of
    passwords that I would have to remember anyway (full-disk encryption,
    login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10
    complicated passwords that you use everyday than 100+ simple passwords
    you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.

    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    If there's one that keeps the data just on the local machine, I'd be
    interested.

    I keep a spreadsheet with my PWs on my FileVault-encrypted iMac hard
    drive and copy/paste to logins that need to stay secure- financial,
    vendors, healthcare, etc.

    I always log out before leaving the house.

    I'm using KeepassX which is purely local, and am very happy with it.

    AndyK

    I use KeePassXC which is a modernized version of KeepassX. Can be also cloudified if you put the database on Dropbox (which I don't recommend)
    or somewhere else.

    --
    Tip me: bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

    bitcoin:bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Keith Thompson@21:1/5 to nospam on Mon Jul 12 14:43:25 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    nospam <nospam@nospam.invalid> writes:
    In article <87v95f45td.fsf@nosuchdomain.example.com>, Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
    Keeping the database synchronized across devices is left as an exercise.

    And that means you end up with not having the password you need unless >> >> > you limit your use of the Internet to a single machine.

    Not if I replicate the encrypted database across the machines I use.
    I understand that that could open a potential security hole if
    I'm not sufficiently careful. But if I *am* sufficiently careful,
    my database doesn't exist on anyone else's server.

    and if you forget to sync it, murphy's law states that you won't have
    the password you need.

    Of course. That happens now and then. The solution is to go back and
    sync it.

    no, the solution is to have it automatically sync.

    The solution *I use* is to go back and sync it. It works.

    computers are there to do work *for* you.

    ^^this^^

    I'm not going to go into too much detail about *how* I synchronize my
    password database

    you already said how: you manually sync it.

    There's more to it than that.

    automatically syncing means a new or changed entry is available on
    other devices within seconds, no additional effort required.

    I know what "automatically syncing" means. You haven't said anything
    about how to do that. (I use Ubuntu, Windows, and Android.)

    For my situation, I've decided (so far) that automation would be more
    effort than it's worth *for me*. I'm willing to change my mind if
    presented with new information. If you have none to offer, that's fine.

    --
    Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
    Working, but not speaking, for Philips
    void Void(void) { Void(); } /* The recursive call of the void */

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From nospam@21:1/5 to Keith.S.Thompson+u@gmail.com on Mon Jul 12 18:11:18 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    In article <87r1g3439e.fsf@nosuchdomain.example.com>, Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:

    Keeping the database synchronized across devices is left as an
    exercise.

    And that means you end up with not having the password you need unless
    you limit your use of the Internet to a single machine.

    Not if I replicate the encrypted database across the machines I use.
    I understand that that could open a potential security hole if
    I'm not sufficiently careful. But if I *am* sufficiently careful,
    my database doesn't exist on anyone else's server.

    and if you forget to sync it, murphy's law states that you won't have
    the password you need.

    Of course. That happens now and then. The solution is to go back and
    sync it.

    no, the solution is to have it automatically sync.

    The solution *I use* is to go back and sync it. It works.

    except when it doesn't, which you admit happens 'now and then'.

    computers are there to do work *for* you.

    ^^this^^

    I'm not going to go into too much detail about *how* I synchronize my
    password database

    you already said how: you manually sync it.

    There's more to it than that.

    those details are irrelevant. the fact is that it's manual which means
    it's a lot of extra work with the opportunity to screw it up.

    i suspect whatever system you're using does not properly handle merges.

    automatically syncing means a new or changed entry is available on
    other devices within seconds, no additional effort required.

    I know what "automatically syncing" means.

    then why not use it?

    You haven't said anything
    about how to do that. (I use Ubuntu, Windows, and Android.)

    what's to know? choose a password manager that offers automatic sync.
    done.

    For my situation, I've decided (so far) that automation would be more
    effort than it's worth *for me*. I'm willing to change my mind if
    presented with new information. If you have none to offer, that's fine.

    what effort? download a new password manager app that offers syncing,
    then export passwords from your existing password manager and import
    them to the new one. it should take a minute or two.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Keith Thompson@21:1/5 to nospam on Mon Jul 12 15:52:20 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    nospam <nospam@nospam.invalid> writes:
    In article <87r1g3439e.fsf@nosuchdomain.example.com>, Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
    Keeping the database synchronized across devices is left as an
    exercise.

    And that means you end up with not having the password you need unless
    you limit your use of the Internet to a single machine.

    Not if I replicate the encrypted database across the machines I use. >> >> >> I understand that that could open a potential security hole if
    I'm not sufficiently careful. But if I *am* sufficiently careful,
    my database doesn't exist on anyone else's server.

    and if you forget to sync it, murphy's law states that you won't have >> >> > the password you need.

    Of course. That happens now and then. The solution is to go back and
    sync it.

    no, the solution is to have it automatically sync.

    The solution *I use* is to go back and sync it. It works.

    except when it doesn't, which you admit happens 'now and then'.

    computers are there to do work *for* you.

    ^^this^^

    I'm not going to go into too much detail about *how* I synchronize my
    password database

    you already said how: you manually sync it.

    There's more to it than that.

    those details are irrelevant. the fact is that it's manual which means
    it's a lot of extra work with the opportunity to screw it up.

    i suspect whatever system you're using does not properly handle merges.

    It does not, and I did run into a problem with that not too long ago.
    It took some manual work to resolve it.

    automatically syncing means a new or changed entry is available on
    other devices within seconds, no additional effort required.

    I know what "automatically syncing" means.

    then why not use it?

    You haven't said anything
    about how to do that. (I use Ubuntu, Windows, and Android.)

    what's to know? choose a password manager that offers automatic sync.
    done.

    I've spent *some* time looking into alternatives, but perhaps not
    enough. The password manager I use uses a local file. Others I've
    looked at store data "in the cloud", i.e., on someone else's computer.
    I've decided *for myself* that I don't want to store my passwords in the
    cloud, and that I'm willing to pay the price of more difficult local
    updates.

    For my situation, I've decided (so far) that automation would be more
    effort than it's worth *for me*. I'm willing to change my mind if
    presented with new information. If you have none to offer, that's fine.

    what effort? download a new password manager app that offers syncing,
    then export passwords from your existing password manager and import
    them to the new one. it should take a minute or two.

    And install it on all my devices, and learn how to use it -- plus
    convincing myself that it's sufficiently secure. Much more than
    "a minute or two".

    Is there a password manager that supports automatic sync among Linux,
    Android, and Windows *without* storing any of my information in the
    cloud (i.e., on someone else's computer)? (It's possible that I hadn't
    made it clear enough that I don't want to use cloud storage.)

    --
    Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
    Working, but not speaking, for Philips
    void Void(void) { Void(); } /* The recursive call of the void */

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From nospam@21:1/5 to Keith.S.Thompson+u@gmail.com on Mon Jul 12 19:18:00 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    In article <87mtqr402j.fsf@nosuchdomain.example.com>, Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:

    Keeping the database synchronized across devices is left as an
    exercise.

    And that means you end up with not having the password you need
    unless
    you limit your use of the Internet to a single machine.

    Not if I replicate the encrypted database across the machines I use. >> >> >> I understand that that could open a potential security hole if
    I'm not sufficiently careful. But if I *am* sufficiently careful, >> >> >> my database doesn't exist on anyone else's server.

    and if you forget to sync it, murphy's law states that you won't have >> >> > the password you need.

    Of course. That happens now and then. The solution is to go back and >> >> sync it.

    no, the solution is to have it automatically sync.

    The solution *I use* is to go back and sync it. It works.

    except when it doesn't, which you admit happens 'now and then'.

    computers are there to do work *for* you.

    ^^this^^

    I'm not going to go into too much detail about *how* I synchronize my >> >> password database

    you already said how: you manually sync it.

    There's more to it than that.

    those details are irrelevant. the fact is that it's manual which means
    it's a lot of extra work with the opportunity to screw it up.

    i suspect whatever system you're using does not properly handle merges.

    It does not, and I did run into a problem with that not too long ago.
    It took some manual work to resolve it.

    automatically syncing means a new or changed entry is available on
    other devices within seconds, no additional effort required.

    I know what "automatically syncing" means.

    then why not use it?

    You haven't said anything
    about how to do that. (I use Ubuntu, Windows, and Android.)

    what's to know? choose a password manager that offers automatic sync.
    done.

    I've spent *some* time looking into alternatives, but perhaps not
    enough. The password manager I use uses a local file. Others I've
    looked at store data "in the cloud", i.e., on someone else's computer.
    I've decided *for myself* that I don't want to store my passwords in the cloud, and that I'm willing to pay the price of more difficult local
    updates.

    some store it in the cloud, some store it on a local server. some do
    either.

    another option is set up a personal cloud hosted on your own hardware,
    over which you have full control, which has many other benefits than
    just password syncing.

    in every case, it's encrypted, so even if someone did gain access to
    the database, they won't get the actual passwords, at least not without
    a shitload of effort trying to crack it (assuming you used a good
    master passphrase).

    keep in mind that any of your hardware is lost or stolen, someone will
    have easy access to that database, no hacking of cloud servers
    required.

    nothing is 100% safe.

    For my situation, I've decided (so far) that automation would be more
    effort than it's worth *for me*. I'm willing to change my mind if
    presented with new information. If you have none to offer, that's fine.

    what effort? download a new password manager app that offers syncing,
    then export passwords from your existing password manager and import
    them to the new one. it should take a minute or two.

    And install it on all my devices, and learn how to use it -- plus
    convincing myself that it's sufficiently secure. Much more than
    "a minute or two".

    true, but that's the easy part. download a bunch, try them out, put in
    some random passwords and see which ones fit your workflow.

    Is there a password manager that supports automatic sync among Linux, Android, and Windows *without* storing any of my information in the
    cloud (i.e., on someone else's computer)? (It's possible that I hadn't
    made it clear enough that I don't want to use cloud storage.)

    there are several, each with different mixes of features, some with
    better integration than others, and only you can decide which one fits
    your needs.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Keith Thompson@21:1/5 to nospam on Mon Jul 12 16:57:50 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    nospam <nospam@nospam.invalid> writes:
    In article <87mtqr402j.fsf@nosuchdomain.example.com>, Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
    [...]
    Is there a password manager that supports automatic sync among Linux,
    Android, and Windows *without* storing any of my information in the
    cloud (i.e., on someone else's computer)? (It's possible that I hadn't
    made it clear enough that I don't want to use cloud storage.)

    there are several, each with different mixes of features, some with
    better integration than others, and only you can decide which one fits
    your needs.

    Are you unwilling to give examples? Is there one that you use (or do
    you use a cloud solution)?

    I tried KeePass a while ago, and it doesn't do what I want. (One
    feature of the Android version of PasswordSave that I like is that it implements a virtual keyboard, so passwords don't have to go through the
    system clipboard.) Someone here mentioned KeePassXC, which I might try,
    but I don't see an Android version.

    I just found a reference to something called Syncthing, which I'll also
    look into; it's a continuous file synchronization program, not
    specifically related to passwords.

    --
    Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
    Working, but not speaking, for Philips
    void Void(void) { Void(); } /* The recursive call of the void */

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rich@21:1/5 to Keith Thompson on Tue Jul 13 01:08:24 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    In comp.misc Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
    nospam <nospam@nospam.invalid> writes:
    In article <87mtqr402j.fsf@nosuchdomain.example.com>, Keith Thompson
    <Keith.S.Thompson+u@gmail.com> wrote:
    [...]
    Is there a password manager that supports automatic sync among Linux,
    Android, and Windows *without* storing any of my information in the
    cloud (i.e., on someone else's computer)? (It's possible that I hadn't
    made it clear enough that I don't want to use cloud storage.)

    there are several, each with different mixes of features, some with
    better integration than others, and only you can decide which one fits
    your needs.

    Are you unwilling to give examples? Is there one that you use (or do
    you use a cloud solution)?

    I tried KeePass a while ago, and it doesn't do what I want. (One
    feature of the Android version of PasswordSave that I like is that it implements a virtual keyboard, so passwords don't have to go through the system clipboard.) Someone here mentioned KeePassXC, which I might try,
    but I don't see an Android version.

    I just found a reference to something called Syncthing, which I'll also
    look into; it's a continuous file synchronization program, not
    specifically related to passwords.

    You mentioned password-gorilla in an earlier message. It contains a
    "merge" feature that somewhat reduces the burden in manually
    maintaining sync across devices.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From nospam@21:1/5 to Keith.S.Thompson+u@gmail.com on Mon Jul 12 20:25:42 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    In article <87im1f3x1d.fsf@nosuchdomain.example.com>, Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:

    Is there a password manager that supports automatic sync among Linux,
    Android, and Windows *without* storing any of my information in the
    cloud (i.e., on someone else's computer)? (It's possible that I hadn't
    made it clear enough that I don't want to use cloud storage.)

    there are several, each with different mixes of features, some with
    better integration than others, and only you can decide which one fits
    your needs.

    Are you unwilling to give examples? Is there one that you use (or do
    you use a cloud solution)?

    i use 1password and keep everything on my devices, however, it does
    sync via the cloud. there is (was) a way to sync locally but that had
    some limitations and i'm not sure if that's even still an option.

    they also offer a cloud version (their servers) but that's not required.

    it does look like they now have linux support but i don't know how good
    that is. that's relatively recent.

    I tried KeePass a while ago, and it doesn't do what I want. (One
    feature of the Android version of PasswordSave that I like is that it implements a virtual keyboard, so passwords don't have to go through the system clipboard.) Someone here mentioned KeePassXC, which I might try,
    but I don't see an Android version.

    1password has a background process which directly communicates with
    browser extension, skipping the clipboard entirely.

    some use the system clipboard which is then auto-erased moments later.

    I just found a reference to something called Syncthing, which I'll also
    look into; it's a continuous file synchronization program, not
    specifically related to passwords.

    syncthing is good. also check out nextcloud, which can be installed on
    a variety of hardware as well as in a docker container or even a
    raspberry pi (although that's not exactly fast).

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Keith Thompson@21:1/5 to nospam on Mon Jul 12 21:41:59 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    nospam <nospam@nospam.invalid> writes:
    In article <87im1f3x1d.fsf@nosuchdomain.example.com>, Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
    Is there a password manager that supports automatic sync among Linux,
    Android, and Windows *without* storing any of my information in the
    cloud (i.e., on someone else's computer)? (It's possible that I hadn't >> >> made it clear enough that I don't want to use cloud storage.)

    there are several, each with different mixes of features, some with
    better integration than others, and only you can decide which one fits
    your needs.

    Are you unwilling to give examples? Is there one that you use (or do
    you use a cloud solution)?

    i use 1password and keep everything on my devices, however, it does
    sync via the cloud. there is (was) a way to sync locally but that had
    some limitations and i'm not sure if that's even still an option.

    they also offer a cloud version (their servers) but that's not required.

    it does look like they now have linux support but i don't know how good
    that is. that's relatively recent.

    I tried KeePass a while ago, and it doesn't do what I want. (One
    feature of the Android version of PasswordSave that I like is that it
    implements a virtual keyboard, so passwords don't have to go through the
    system clipboard.) Someone here mentioned KeePassXC, which I might try,
    but I don't see an Android version.

    1password has a background process which directly communicates with
    browser extension, skipping the clipboard entirely.

    When I tried KeePass on Android, I didn't find a way to copy a password
    or other text from KeePass to another arbitrary application. Possibly I
    didn't spend enough time exploring it. Something that *only* uses a
    browser extension would not be useful to me.

    some use the system clipboard which is then auto-erased moments later.

    I just found a reference to something called Syncthing, which I'll also
    look into; it's a continuous file synchronization program, not
    specifically related to passwords.

    syncthing is good. also check out nextcloud, which can be installed on
    a variety of hardware as well as in a docker container or even a
    raspberry pi (although that's not exactly fast).

    Yes, I have a NextCloud instance, but I'm not sure I want to store (even encrypted) passwords on it.

    --
    Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
    Working, but not speaking, for Philips
    void Void(void) { Void(); } /* The recursive call of the void */

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Michael Trew@21:1/5 to Unbreakable Disease on Tue Jul 13 01:56:05 2021
    On 7/12/2021 5:53 AM, Unbreakable Disease wrote:
    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here including
    my financial passwords and credit card data, with the exception of
    passwords that I would have to remember anyway (full-disk encryption,
    login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10 complicated passwords that you use everyday than 100+ simple passwords
    you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.


    I like the concept of it, but I refuse to trust some server to store my passwords.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Scott Alfter@21:1/5 to Keith.S.Thompson+u@gmail.com on Tue Jul 13 14:43:37 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    In article <87im1f3x1d.fsf@nosuchdomain.example.com>,
    Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
    I tried KeePass a while ago, and it doesn't do what I want. (One
    feature of the Android version of PasswordSave that I like is that it >implements a virtual keyboard, so passwords don't have to go through the >system clipboard.)

    Keepass2Android does that. It interoperates just fine with KeePass, which I run on Windows and Linux (it's a .NET binary, so it runs fine on both).

    _/_
    / v \ Scott Alfter (remove the obvious to send mail)
    (IIGS( https://alfter.us/ Top-posting!
    \_^_/ >What's the most annoying thing on Usenet?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lewis@21:1/5 to Keith Thompson on Tue Jul 13 15:48:12 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    In message <87zgur47bv.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
    Lewis <g.kreme@kreme.dont-email.me> writes:
    In message <874kcz5pqn.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
    [...]
    I use PasswordSafe https://pwsafe.org/ .

    It's a Windows application with clones available for Android, iOS, and Mac. >>
    There's a Linux version, available as "passwordsafe" in the Ubuntu repos >>> (and presumably others), but I haven't gotten it to work.

    password-gorilla is a Linux application that uses the same file format
    and should be available in the package repos for most distributions.

    Keeping the database synchronized across devices is left as an exercise.

    And that means you end up with not having the password you need unless
    you limit your use of the Internet to a single machine.

    Not if I replicate the encrypted database across the machines I use.

    Yes, because you are perfect and will ALWAYS sync on EVERY change.

    Not going to happen. You will forget and you will will be caught out
    without some recent change or update because you are NOT perfect. Sorry,
    but those are just facts.

    I understand that that could open a potential security hole if
    I'm not sufficiently careful. But if I *am* sufficiently careful,
    my database doesn't exist on anyone else's server.

    Whopdie doo. That doesn’t make it more secure, you know, just more
    obscure, more fragile, more prone to failure, and more likely that you
    do not have the information you need when you need it.


    --
    'Now what?' it said. IT'S UP TO YOU. IT'S ALWAYS UP TO YOU.
    --Maskerade

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lewis@21:1/5 to Keith Thompson on Tue Jul 13 15:59:00 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    In message <87im1f3x1d.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
    nospam <nospam@nospam.invalid> writes:
    In article <87mtqr402j.fsf@nosuchdomain.example.com>, Keith Thompson
    <Keith.S.Thompson+u@gmail.com> wrote:
    [...]
    Is there a password manager that supports automatic sync among Linux,
    Android, and Windows *without* storing any of my information in the
    cloud (i.e., on someone else's computer)? (It's possible that I hadn't
    made it clear enough that I don't want to use cloud storage.)

    there are several, each with different mixes of features, some with
    better integration than others, and only you can decide which one fits
    your needs.

    Are you unwilling to give examples? Is there one that you use (or do
    you use a cloud solution)?

    Examples have been given. You see to think that using a system that you yourself admit is inferior and prone to failure is somehow a virtue, so
    you are unlikely to care about other solutions and that holds up since
    you have ignored the other solutions offered.

    I tried KeePass a while ago, and it doesn't do what I want.

    Has anyone mentioned KeePass? I know I haven;ts since I have never used
    it, and I don't recall anyone else mentioning it in this thread. I do
    not recall that Keepass does syncing, you hae to sync the database
    yourself.

    but I don't see an Android version.

    If you are trusting Android to store your password files you should have
    no issue with FAR more secure and tested cloud storage.

    I just found a reference to something called Syncthing, which I'll also
    look into; it's a continuous file synchronization program, not
    specifically related to passwords.

    If it cannot manage merges, it is useless for password management.

    --
    Hello Diane, I'm Bucky Goldstein

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jolly Roger@21:1/5 to Unbreakable Disease on Tue Jul 13 17:15:10 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    On 2021-07-12, Unbreakable Disease <unbreakable@secmail.pro> wrote:
    On 12.07.2021 15:28, Jolly Roger wrote:
    On 2021-07-12, Unbreakable Disease <unbreakable@secmail.pro> wrote:

    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here
    including my financial passwords and credit card data, with the
    exception of passwords that I would have to remember anyway
    (full-disk encryption, login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10
    complicated passwords that you use everyday than 100+ simple
    passwords you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't
    used one since Windows 95 days.

    I don't see anything wrong with using Apple's built-in Keychain
    password manager. The only drawback it has is that it's Apple-only,
    and that has never been a reason not to use it for me. Most of my
    family uses it and is happy with it.

    The iCloud Keychain service is optional and seamlessly synchronizes
    your password database between all of your Apple devices. It is also
    highly encrypted using end-to-end encryption so that it cannot be
    accessed by anyone but you.

    Others here will recommend cross-platform solutions, but if you have
    no need for synchronizing your password database to other platforms,
    Apple's built-in Keychain is quite a secure and capable solution, and
    it's integrated with all of Apple's operating systems by default.

    I need to use my database on both Mac OS and Linux, so I use
    KeePassXC.

    And I don't need to use my password database on Linux, so I use
    Keychain. With Keychain. I have all of my passwords with me on my iPhone
    at all times anyway. WHen I need a password on my Linux, Windows, etc
    systems, I can just pick up my phone and there it is. ¯\_(ツ)_/¯

    We can go back and forth like this all day if it suits you, but I don't
    really see the point.

    And what if you are left with the Keychain file and Apple goes south?

    Apple isn't going South anytime soon. That's a pipe dream.

    How you will migrate to KeePassXC?

    In your hypothetical scenario, I'd have moved my passwords out of
    Keychain and into something better long before Apple goes South.

    Your file is going to be nothing more than useless junk

    I mean, as long as we are daydreaming, the same could be said if
    KeePassXC mysteriously went South overnight.

    Back here in the real world, though, things don't just vanish overnight,
    and we have plenty of notice before such things happen, giving us ample
    time to move to something better. Such is the way with natural
    obsolescence - it tends to happen rather slowly.

    so at least call Apple or e-mail Tim Cook directly at
    timcook@apple.com to allow to export Keychain data to other password managers. I doubt that Apple will listen to us, but trying is better
    than simply giving up.

    What are you going on about? Get a grip, my dude.

    It's great that you have the option of using KeePass. Am I afforded the
    option of *not* using it in your world, or is that absolutely not
    allowed?

    --
    E-mail sent to this address may be devoured by my ravenous SPAM filter.
    I often ignore posts from Google. Use a real news client instead.

    JR

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Keith Thompson@21:1/5 to Lewis on Tue Jul 13 13:55:18 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    Lewis <g.kreme@kreme.dont-email.me> writes:
    In message <87im1f3x1d.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
    nospam <nospam@nospam.invalid> writes:
    In article <87mtqr402j.fsf@nosuchdomain.example.com>, Keith Thompson
    <Keith.S.Thompson+u@gmail.com> wrote:
    [...]
    Is there a password manager that supports automatic sync among Linux,
    Android, and Windows *without* storing any of my information in the
    cloud (i.e., on someone else's computer)? (It's possible that I hadn't >>>> made it clear enough that I don't want to use cloud storage.)

    there are several, each with different mixes of features, some with
    better integration than others, and only you can decide which one fits
    your needs.

    Are you unwilling to give examples? Is there one that you use (or do
    you use a cloud solution)?

    Examples have been given. You see to think that using a system that you yourself admit is inferior and prone to failure is somehow a virtue, so
    you are unlikely to care about other solutions and that holds up since
    you have ignored the other solutions offered.

    I don't believe anything I've written here could reasonably be read to
    imply that I think the system I use is "somehow a virtue". It works for
    me. I'm more than willing to consider better ideas.

    I've had occasional problems with the setup I use. Those problems have
    not included a loss of information and are not likely to.

    I tried KeePass a while ago, and it doesn't do what I want.

    Has anyone mentioned KeePass? I know I haven;ts since I have never used
    it, and I don't recall anyone else mentioning it in this thread. I do
    not recall that Keepass does syncing, you hae to sync the database
    yourself.

    Yes, I mentioned KeePass. Am I not allowed to mention something that
    wasn't mentioned before?

    but I don't see an Android version.

    If you are trusting Android to store your password files you should have
    no issue with FAR more secure and tested cloud storage.

    Opinion noted.

    "Cloud storage" is not a single thing that is "secure and tested". It's
    likely that some of the cloud storage solutions are sufficiently secure,
    but I haven't been using cloud storage and am hesitant to start, since,
    as I've said several times, my current system works for me.

    I just found a reference to something called Syncthing, which I'll also
    look into; it's a continuous file synchronization program, not
    specifically related to passwords.

    If it cannot manage merges, it is useless for password management.

    I have not found that to be the case.

    Perhaps you could offer advice rather than just shooting down ideas you
    don't like.

    --
    Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
    Working, but not speaking, for Philips
    void Void(void) { Void(); } /* The recursive call of the void */

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From %@21:1/5 to Oregonian Haruspex on Tue Jul 13 18:43:35 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On 2021-07-13 6:29 p.m., Oregonian Haruspex wrote:
    I use an old electronic organizer to store my passwords, and I keep a
    printed hard copy locked in my safe. I don’t trust anything more technological than that combination.

    i don't use anything i have no passwords

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Oregonian Haruspex@21:1/5 to All on Wed Jul 14 01:29:31 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    I use an old electronic organizer to store my passwords, and I keep a
    printed hard copy locked in my safe. I don’t trust anything more technological than that combination.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Unbreakable Disease@21:1/5 to Lewis on Wed Jul 14 07:04:00 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    On 13.07.2021 15:48, Lewis wrote:
    In message <87zgur47bv.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
    Lewis <g.kreme@kreme.dont-email.me> writes:
    In message <874kcz5pqn.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
    [...]
    I use PasswordSafe https://pwsafe.org/ .

    It's a Windows application with clones available for Android, iOS, and Mac.

    There's a Linux version, available as "passwordsafe" in the Ubuntu repos >>>> (and presumably others), but I haven't gotten it to work.

    password-gorilla is a Linux application that uses the same file format >>>> and should be available in the package repos for most distributions.

    Keeping the database synchronized across devices is left as an exercise. >>>
    And that means you end up with not having the password you need unless
    you limit your use of the Internet to a single machine.

    Not if I replicate the encrypted database across the machines I use.

    Yes, because you are perfect and will ALWAYS sync on EVERY change.

    Not going to happen. You will forget and you will will be caught out
    without some recent change or update because you are NOT perfect. Sorry,
    but those are just facts.

    I understand that that could open a potential security hole if
    I'm not sufficiently careful. But if I *am* sufficiently careful,
    my database doesn't exist on anyone else's server.

    Whopdie doo. That doesn’t make it more secure, you know, just more
    obscure, more fragile, more prone to failure, and more likely that you
    do not have the information you need when you need it.


    Well, the biggest security hole is most of the time an user itself.
    You'd be better off syncing your password manager file through the cloud.

    --
    Tip me: bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

    bitcoin:bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Unbreakable Disease@21:1/5 to All on Wed Jul 14 07:00:00 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On 14.07.2021 01:43, % wrote:
    On 2021-07-13 6:29 p.m., Oregonian Haruspex wrote:
    I use an old electronic organizer to store my passwords, and I keep a
    printed hard copy locked in my safe. I don’t trust anything more
    technological than that combination.

    i don't use anything i have no passwords
    Because you instead use your DNA to log in to your accounts.

    --
    Tip me: bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

    bitcoin:bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Unbreakable Disease@21:1/5 to Keith Thompson on Wed Jul 14 07:10:00 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    On 13.07.2021 04:41, Keith Thompson wrote:
    nospam <nospam@nospam.invalid> writes:
    In article <87im1f3x1d.fsf@nosuchdomain.example.com>, Keith Thompson
    <Keith.S.Thompson+u@gmail.com> wrote:
    Is there a password manager that supports automatic sync among Linux, >>>>> Android, and Windows *without* storing any of my information in the
    cloud (i.e., on someone else's computer)? (It's possible that I hadn't >>>>> made it clear enough that I don't want to use cloud storage.)

    there are several, each with different mixes of features, some with
    better integration than others, and only you can decide which one fits >>>> your needs.

    Are you unwilling to give examples? Is there one that you use (or do
    you use a cloud solution)?

    i use 1password and keep everything on my devices, however, it does
    sync via the cloud. there is (was) a way to sync locally but that had
    some limitations and i'm not sure if that's even still an option.

    they also offer a cloud version (their servers) but that's not required.

    it does look like they now have linux support but i don't know how good
    that is. that's relatively recent.

    I tried KeePass a while ago, and it doesn't do what I want. (One
    feature of the Android version of PasswordSave that I like is that it
    implements a virtual keyboard, so passwords don't have to go through the >>> system clipboard.) Someone here mentioned KeePassXC, which I might try, >>> but I don't see an Android version.

    1password has a background process which directly communicates with
    browser extension, skipping the clipboard entirely.

    When I tried KeePass on Android, I didn't find a way to copy a password
    or other text from KeePass to another arbitrary application. Possibly I didn't spend enough time exploring it. Something that *only* uses a
    browser extension would not be useful to me.

    some use the system clipboard which is then auto-erased moments later.

    I just found a reference to something called Syncthing, which I'll also
    look into; it's a continuous file synchronization program, not
    specifically related to passwords.

    syncthing is good. also check out nextcloud, which can be installed on
    a variety of hardware as well as in a docker container or even a
    raspberry pi (although that's not exactly fast).

    Yes, I have a NextCloud instance, but I'm not sure I want to store (even encrypted) passwords on it.

    You can use Syncthing if you are paranoid. That would probably be the
    best compromise between usability and security.

    If you are even more paranoid, you can keep manually syncing, but keep
    in mind that once you get malware or somebody takes a physical control
    over your device, you are pwned anyway no matter how much security
    measures you take.

    --
    Tip me: bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

    bitcoin:bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Otto J. Makela@21:1/5 to Wade Garrett on Fri Jul 16 16:34:09 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    Wade Garrett <wade@cooler.net> wrote:

    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    If there's one that keeps the data just on the local machine, I'd be interested.

    I believe the classic "pass" (based on pgp) is available on various Unix implementations, including MacOS.

    https://www.passwordstore.org/
    --
    /* * * Otto J. Makela <om@iki.fi> * * * * * * * * * */
    /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */
    /* Mail: Mechelininkatu 26 B 27, FI-00100 Helsinki */
    /* * * Computers Rule 01001111 01001011 * * * * * * */

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bob Eager@21:1/5 to Otto J. Makela on Fri Jul 16 15:06:17 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    On Fri, 16 Jul 2021 16:34:09 +0300, Otto J. Makela wrote:

    Wade Garrett <wade@cooler.net> wrote:

    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    If there's one that keeps the data just on the local machine, I'd be
    interested.

    I believe the classic "pass" (based on pgp) is available on various Unix implementations, including MacOS.

    https://www.passwordstore.org/

    Indeed. I use it all the time. And it would be easy to do automatic
    replication to anything that supported a shell.

    --
    Using UNIX since v6 (1975)...

    Use the BIG mirror service in the UK:
    http://www.mirrorservice.org

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Wade Garrett@21:1/5 to Otto J. Makela on Fri Jul 16 11:19:21 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    On 7/16/21 9:34 AM, Otto J. Makela wrote:
    Wade Garrett <wade@cooler.net> wrote:

    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    If there's one that keeps the data just on the local machine, I'd be
    interested.

    I believe the classic "pass" (based on pgp) is available on various Unix implementations, including MacOS.

    https://www.passwordstore.org/

    Thanks- but use/setup looks a bit above my pay grade :-)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lewis@21:1/5 to Bob Eager on Fri Jul 16 20:10:38 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    In message <ildlj9Fna39U1@mid.individual.net> Bob Eager <news0009@eager.cx> wrote:
    On Fri, 16 Jul 2021 16:34:09 +0300, Otto J. Makela wrote:

    Wade Garrett <wade@cooler.net> wrote:

    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    If there's one that keeps the data just on the local machine, I'd be
    interested.

    I believe the classic "pass" (based on pgp) is available on various Unix
    implementations, including MacOS.

    https://www.passwordstore.org/

    Indeed. I use it all the time. And it would be easy to do automatic replication to anything that supported a shell.

    I find this works well if I don't happen to have 1Password available
    (like on a remote machine, for example)

    uuidgen| sha256sum| cut -c -24

    (or any number from 16 on up to 64, though i do not need a 64 hex digit password, ever.)

    But I add those passwords to my password manager immediately, of course.

    --
    Hey kids, shake it loose together the spotlight's hitting something
    That's been known to change the weather we'll kill the fatted
    calf tonight So stick around you're gonna hear electric music:
    Solid walls of sound

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bob Eager@21:1/5 to Lewis on Fri Jul 16 21:51:53 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    On Fri, 16 Jul 2021 20:10:38 +0000, Lewis wrote:

    In message <ildlj9Fna39U1@mid.individual.net> Bob Eager
    <news0009@eager.cx> wrote:
    On Fri, 16 Jul 2021 16:34:09 +0300, Otto J. Makela wrote:

    Wade Garrett <wade@cooler.net> wrote:

    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    If there's one that keeps the data just on the local machine, I'd be
    interested.

    I believe the classic "pass" (based on pgp) is available on various
    Unix implementations, including MacOS.

    https://www.passwordstore.org/

    Indeed. I use it all the time. And it would be easy to do automatic
    replication to anything that supported a shell.

    I find this works well if I don't happen to have 1Password available
    (like on a remote machine, for example)

    uuidgen| sha256sum| cut -c -24

    (or any number from 16 on up to 64, though i do not need a 64 hex digit password, ever.)

    But I add those passwords to my password manager immediately, of course.

    Mine, in that situation, is:

    dd if=/dev/random count=1 bs=16 2>/dev/null | b64encode - | \
    sed -e 's/=*$//' -e '/^begin/d' -e '/^$/d'



    --
    Using UNIX since v6 (1975)...

    Use the BIG mirror service in the UK:
    http://www.mirrorservice.org

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lewis@21:1/5 to Bob Eager on Fri Jul 16 22:05:44 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    In message <iledbpFna39U4@mid.individual.net> Bob Eager <news0009@eager.cx> wrote:
    On Fri, 16 Jul 2021 20:10:38 +0000, Lewis wrote:

    In message <ildlj9Fna39U1@mid.individual.net> Bob Eager
    <news0009@eager.cx> wrote:
    On Fri, 16 Jul 2021 16:34:09 +0300, Otto J. Makela wrote:

    Wade Garrett <wade@cooler.net> wrote:

    I'd like to use a password manager but I'm not comfortable with that >>>>> data being on some server somewhere- allegedly encrypted or not.

    If there's one that keeps the data just on the local machine, I'd be >>>>> interested.

    I believe the classic "pass" (based on pgp) is available on various
    Unix implementations, including MacOS.

    https://www.passwordstore.org/

    Indeed. I use it all the time. And it would be easy to do automatic
    replication to anything that supported a shell.

    I find this works well if I don't happen to have 1Password available
    (like on a remote machine, for example)

    uuidgen| sha256sum| cut -c -24

    (or any number from 16 on up to 64, though i do not need a 64 hex digit
    password, ever.)

    But I add those passwords to my password manager immediately, of course.

    Mine, in that situation, is:

    dd if=/dev/random count=1 bs=16 2>/dev/null | b64encode - | \
    sed -e 's/=*$//' -e '/^begin/d' -e '/^$/d'

    There's no "b64encode" on my macOS.


    --
    'They say that whoever pays the piper calls the tune.' 'But,
    gentlemen,' said Mr Saveloy, 'whoever holds a knife to the
    piper's throat writes the symphony.' --Interesting Times

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bob Eager@21:1/5 to Lewis on Fri Jul 16 22:19:14 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    On Fri, 16 Jul 2021 22:05:44 +0000, Lewis wrote:

    In message <iledbpFna39U4@mid.individual.net> Bob Eager
    <news0009@eager.cx> wrote:
    On Fri, 16 Jul 2021 20:10:38 +0000, Lewis wrote:

    In message <ildlj9Fna39U1@mid.individual.net> Bob Eager
    <news0009@eager.cx> wrote:
    On Fri, 16 Jul 2021 16:34:09 +0300, Otto J. Makela wrote:

    Wade Garrett <wade@cooler.net> wrote:

    I'd like to use a password manager but I'm not comfortable with
    that data being on some server somewhere- allegedly encrypted or
    not.

    If there's one that keeps the data just on the local machine, I'd
    be interested.

    I believe the classic "pass" (based on pgp) is available on various
    Unix implementations, including MacOS.

    https://www.passwordstore.org/

    Indeed. I use it all the time. And it would be easy to do automatic
    replication to anything that supported a shell.

    I find this works well if I don't happen to have 1Password available
    (like on a remote machine, for example)

    uuidgen| sha256sum| cut -c -24

    (or any number from 16 on up to 64, though i do not need a 64 hex
    digit password, ever.)

    But I add those passwords to my password manager immediately, of
    course.

    Mine, in that situation, is:

    dd if=/dev/random count=1 bs=16 2>/dev/null | b64encode - | \
    sed -e 's/=*$//' -e '/^begin/d' -e '/^$/d'

    There's no "b64encode" on my macOS.

    Sorry - it's a FreeBSD command, equivalent to uuencode -m (which you may
    or may not have). I like the general idea of using /dev/random, though.



    --
    Using UNIX since v6 (1975)...

    Use the BIG mirror service in the UK:
    http://www.mirrorservice.org

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Scott Dorsey@21:1/5 to mt999999@ymail.com on Sat Jul 17 15:18:32 2021
    Michael Trew <mt999999@ymail.com> wrote:

    I like the concept of it, but I refuse to trust some server to store my >passwords.

    Just write it on your office whiteboard like everyone else. Kevin Mitnick
    says one out of every three whiteboards has a password on it somewhere.
    --scott
    --
    "C'est un Nagra. C'est suisse, et tres, tres precis."

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Alan Browne@21:1/5 to Unbreakable Disease on Mon Jul 19 10:40:09 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On 2021-07-12 05:53, Unbreakable Disease wrote:
    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here including
    my financial passwords and credit card data, with the exception of
    passwords that I would have to remember anyway (full-disk encryption,
    login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10 complicated passwords that you use everyday than 100+ simple passwords
    you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.

    I use 1Password. Be careful of the option you select. They are leaning towards "rent" model which I despise.

    You can keep the encrypted master file on iCloud or Dropbox so it's
    available to all of your devices. Avoid the 'rent' model if possible.

    --
    "...there are many humorous things in this world; among them the white
    man's notion that he is less savage than the other savages."
    -Samuel Clemens

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Alan Browne@21:1/5 to Lamey on Mon Jul 19 10:43:40 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On 2021-07-12 11:36, Lamey wrote:
    On Mon, 12 Jul 2021 15:17:43 GMT, Scott Alfter <scott@alfter.diespammersdie.us> wrote:

    In article <sch9i1$k05$1@dont-email.me>, Wade Garrett <wade@cooler.net> wrote:
    On 7/12/21 5:53 AM, Unbreakable Disease wrote:
    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here including >>>> my financial passwords and credit card data, with the exception of
    passwords that I would have to remember anyway (full-disk encryption,
    login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10
    complicated passwords that you use everyday than 100+ simple passwords >>>> you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.

    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    If there's one that keeps the data just on the local machine, I'd be
    interested.

    KeePass stores its file wherever you tell it. It could be local storage,
    storage on a server you control (as on a VPS or a dedicated server), or
    whatever cloud storage is supported on the OS you're using. I use a WebDAV >> share on a VPS. It's accessible to my phone and my computers, but not to
    others. (I suppose Linode could grab the file, but without the password to >> unlock it, it's useless to anybody else.)

    If it's out there than people can access it if they want.

    Access ≠ decryption.


    --
    "...there are many humorous things in this world; among them the white
    man's notion that he is less savage than the other savages."
    -Samuel Clemens

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Alan Browne@21:1/5 to Wade Garrett on Mon Jul 19 10:42:43 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On 2021-07-12 07:37, Wade Garrett wrote:
    On 7/12/21 5:53 AM, Unbreakable Disease wrote:
    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here
    including my financial passwords and credit card data, with the
    exception of passwords that I would have to remember anyway (full-disk
    encryption, login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10
    complicated passwords that you use everyday than 100+ simple passwords
    you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.

    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    256 bit AES encryption not good enough for you?


    If there's one that keeps the data just on the local machine, I'd be interested.

    1Password has that option as well as using a local server.


    I keep a spreadsheet with my PWs on my FileVault-encrypted iMac hard
    drive and copy/paste to logins that need to stay secure- financial,
    vendors, healthcare, etc.

    Not very secure. Of course it's your house and that has some security.

    But far better to use a manager - even if only on your machine.


    I always log out before leaving the house.

    My computer does that for me ... well, might be a few minutes after I
    leave...



    --
    "...there are many humorous things in this world; among them the white
    man's notion that he is less savage than the other savages."
    -Samuel Clemens

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From nospam@21:1/5 to Keith.S.Thompson+u@gmail.com on Mon Jul 19 14:12:46 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    In article <87r1fu18j7.fsf@nosuchdomain.example.com>, Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:

    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    256 bit AES encryption not good enough for you?

    The weak link is not the encryption algorithm, but the key used to
    decrypt the data.

    that's up to you to choose something complex.

    hint: don't use 'password123'

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Keith Thompson@21:1/5 to Alan Browne on Mon Jul 19 11:08:12 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    Alan Browne <bitbucket@blackhole.com> writes:
    On 2021-07-12 07:37, Wade Garrett wrote:
    [...]
    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    256 bit AES encryption not good enough for you?

    The weak link is not the encryption algorithm, but the key used to
    decrypt the data.

    [...]

    --
    Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
    Working, but not speaking, for Philips
    void Void(void) { Void(); } /* The recursive call of the void */

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lewis@21:1/5 to Keith Thompson on Mon Jul 19 20:07:46 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    In message <87r1fu18j7.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
    Alan Browne <bitbucket@blackhole.com> writes:
    On 2021-07-12 07:37, Wade Garrett wrote:
    [...]
    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    256 bit AES encryption not good enough for you?

    The weak link is not the encryption algorithm, but the key used to
    decrypt the data.

    Which the user chooses.

    Have you done any actual research into this or have you just read
    know-nothing clickbait shit?

    --
    And the three men I admire most, the father son and the holly ghost
    they caught the last train for the coast...

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Keith Thompson@21:1/5 to Lewis on Mon Jul 19 14:15:33 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    Lewis <g.kreme@kreme.dont-email.me> writes:
    In message <87r1fu18j7.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
    Alan Browne <bitbucket@blackhole.com> writes:
    On 2021-07-12 07:37, Wade Garrett wrote:
    [...]
    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    256 bit AES encryption not good enough for you?

    The weak link is not the encryption algorithm, but the key used to
    decrypt the data.

    Which the user chooses.

    Yes, of course.

    Have you done any actual research into this or have you just read know-nothing clickbait shit?

    Be less rude. If I'm wrong, say so and tell us what's right.

    --
    Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
    Working, but not speaking, for Philips
    void Void(void) { Void(); } /* The recursive call of the void */

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Richard Kettlewell@21:1/5 to Keith Thompson on Tue Jul 20 09:15:39 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    Keith Thompson <Keith.S.Thompson+u@gmail.com> writes:
    Alan Browne <bitbucket@blackhole.com> writes:
    On 2021-07-12 07:37, Wade Garrett wrote:
    [...]
    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    256 bit AES encryption not good enough for you?

    The weak link is not the encryption algorithm, but the key used to
    decrypt the data.

    There’s lots of possible weak links.

    - The key may be stored insecurely.
    - If the key is derived from a password then the user may choose a weak
    password.
    - It’s easy to make a bad choice of KDF.
    - The choice of cipher mode matters.
    - For some cipher modes, how you choose the parameters matters.
    - Some ciphers (including AES) are prone to side channels.

    How much each of these matters is situational, but “256 bit AES
    encryption” is not a complete description and may indeed not be good
    enough, depending on the missing details.

    --
    https://www.greenend.org.uk/rjk/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lewis@21:1/5 to Richard Kettlewell on Tue Jul 20 20:13:10 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    In message <8735s99z9w.fsf@LkoBDZeT.terraraq.uk> Richard Kettlewell <invalid@invalid.invalid> wrote:
    Keith Thompson <Keith.S.Thompson+u@gmail.com> writes:
    Alan Browne <bitbucket@blackhole.com> writes:
    On 2021-07-12 07:37, Wade Garrett wrote:
    [...]
    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    256 bit AES encryption not good enough for you?

    The weak link is not the encryption algorithm, but the key used to
    decrypt the data.

    There’s lots of possible weak links.

    - The key may be stored insecurely.

    The key is not stored at all. The key is the password that that the user selects.

    - If the key is derived from a password then the user may choose a weak
    password.

    Nothing anyone can do about that.

    - It’s easy to make a bad choice of KDF.
    - The choice of cipher mode matters.

    Which is why these tools are audited by third parties and you should
    only use tools that have been audited.

    - For some cipher modes, how you choose the parameters matters.

    Ibid.

    - Some ciphers (including AES) are prone to side channels.

    Ibid.

    How much each of these matters is situational, but “256 bit AES encryption” is not a complete description and may indeed not be good enough, depending on the missing details.

    Ibid.


    --
    you cannot code around infinite implementations of OCD -John C Welch

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Alan Browne@21:1/5 to Keith Thompson on Tue Jul 20 16:39:38 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    On 2021-07-19 14:08, Keith Thompson wrote:
    Alan Browne <bitbucket@blackhole.com> writes:
    On 2021-07-12 07:37, Wade Garrett wrote:
    [...]
    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    256 bit AES encryption not good enough for you?

    The weak link is not the encryption algorithm, but the key used to
    decrypt the data.

    First off there is a difference between a "key" and a "password".

    If the password is "a", the key will still be extremely strong at 256
    bits and would look completely different to the key for password "b".
    Of course that is not a recommendation.

    As to passwords, it's trivial to make strong and easy to remember
    passwords with a few misspelled words, mixed case, some symbols and digits.


    --
    "...there are many humorous things in this world; among them the white
    man's notion that he is less savage than the other savages."
    -Samuel Clemens

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Keith Thompson@21:1/5 to Alan Browne on Tue Jul 20 15:52:43 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    Alan Browne <bitbucket@blackhole.com> writes:
    On 2021-07-19 14:08, Keith Thompson wrote:
    Alan Browne <bitbucket@blackhole.com> writes:
    On 2021-07-12 07:37, Wade Garrett wrote:
    [...]
    I'd like to use a password manager but I'm not comfortable with that
    data being on some server somewhere- allegedly encrypted or not.

    256 bit AES encryption not good enough for you?
    The weak link is not the encryption algorithm, but the key used to
    decrypt the data.

    First off there is a difference between a "key" and a "password".

    Sure (but sometimes they can be the same, right?).

    If the password is "a", the key will still be extremely strong at 256
    bits and would look completely different to the key for password "b".
    Of course that is not a recommendation.

    Are you talking about a key being algorithmically derived from the
    password? If the string "a" is all the information you need to unlock
    an encrypted file, then an attacker is going to be able to unlock it,
    whether it first has to be translated to a 256-bit key or not. (Or I'm
    missing something.)

    As to passwords, it's trivial to make strong and easy to remember
    passwords with a few misspelled words, mixed case, some symbols and
    digits.

    Sure. It's also easy for a password to leak in any of a number of ways.

    --
    Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
    Working, but not speaking, for Philips
    void Void(void) { Void(); } /* The recursive call of the void */

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Dreamer In Colore@21:1/5 to unbreakable@secmail.pro on Wed Jul 21 13:28:57 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On Mon, 12 Jul 2021 09:53:00 +0000, Unbreakable Disease <unbreakable@secmail.pro> wrote:

    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here including
    my financial passwords and credit card data, with the exception of
    passwords that I would have to remember anyway (full-disk encryption,
    login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10 >complicated passwords that you use everyday than 100+ simple passwords
    you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.

    For what it's worth, I like LastPass. I'm not crazy about the fact
    that I can't use it on multiple devices without having to pay for it,
    but I can't begrudge the software developers over there the right to
    earn a living.

    The best strengths in current password technology are in passphrases:

    https://useapassphrase.com

    There's some great stats in there, such as the amount of time it takes
    to crack common spatial word passwords such as "qwerty" or "aaaaaa"...
    10 milliseconds.

    Or how long it takes to crack a password that's a date like
    "03261981"... 2.213 seconds.

    However, if you use a sequence of four randomly chosen words like
    "mergers decade labeled manager", it'll take 6 million centuries to
    crack.

    So.

    I've converted all my passwords to sequences of four to six words; and
    I have an email account at a provider that I've never used to send
    email to anyone, or to use as the id for any website. There, I have a
    draft of an email saved that holds the information.

    I now only need to remember one password, and I can get to everything.
    As for the remote chance that the email provider will cease to exist,
    I made backup accounts with other major providers, because paranoia.

    I don't use email apps to access my password storage account; and I
    use Tor to get to it for the sake of anonymity. I'd be fairly
    impressed if someone got through that level of security, and it's
    probably overkill, but why take the risk?

    While I'm at it... does everyone know about

    https://haveibeenpwned.com

    You can put your email address in there, and see if it's been involved
    in any large-scale thefts. It's got records going back years, and I
    was fairly shocked to see that my wife's account had been hacked years
    ago.

    --
    Cheers,
    Dreamer
    AA 2306

    "The fact that a believer is happier than a skeptic is no
    more to the point than the fact that a drunken man is
    happier than a sober one. The happiness of credulity is a
    cheap and dangerous quality of happiness, and by no means
    a necessity of life."

    George Bernard Shaw
    Androcles and the Lion

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Keith Thompson@21:1/5 to Dreamer In Colore on Wed Jul 21 12:31:11 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    Dreamer In Colore <dreamerincolore@hotmail.com> writes:
    On Mon, 12 Jul 2021 09:53:00 +0000, Unbreakable Disease <unbreakable@secmail.pro> wrote:
    My 50-year old brain isn't capable of memorizing that many passwords >>anymore, so I use KeePassXC. I keep basically everything here including
    my financial passwords and credit card data, with the exception of >>passwords that I would have to remember anyway (full-disk encryption, >>login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10 >>complicated passwords that you use everyday than 100+ simple passwords
    you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.

    For what it's worth, I like LastPass. I'm not crazy about the fact
    that I can't use it on multiple devices without having to pay for it,
    but I can't begrudge the software developers over there the right to
    earn a living.

    The best strengths in current password technology are in passphrases:

    https://useapassphrase.com

    There's some great stats in there, such as the amount of time it takes
    to crack common spatial word passwords such as "qwerty" or "aaaaaa"...
    10 milliseconds.

    Or how long it takes to crack a password that's a date like
    "03261981"... 2.213 seconds.

    However, if you use a sequence of four randomly chosen words like
    "mergers decade labeled manager", it'll take 6 million centuries to
    crack.

    So.

    I've converted all my passwords to sequences of four to six words; and
    I have an email account at a provider that I've never used to send
    email to anyone, or to use as the id for any website. There, I have a
    draft of an email saved that holds the information.

    I now only need to remember one password, and I can get to everything.
    As for the remote chance that the email provider will cease to exist,
    I made backup accounts with other major providers, because paranoia.

    I don't use email apps to access my password storage account; and I
    use Tor to get to it for the sake of anonymity. I'd be fairly
    impressed if someone got through that level of security, and it's
    probably overkill, but why take the risk?

    While I'm at it... does everyone know about

    https://haveibeenpwned.com

    You can put your email address in there, and see if it's been involved
    in any large-scale thefts. It's got records going back years, and I
    was fairly shocked to see that my wife's account had been hacked years
    ago.

    I use a couple of programs I wrote to generate random passwords and passphrases:

    https://github.com/Keith-S-Thompson/random-passwords

    It's two Perl scripts. gen-password generates random passwords with
    specified criteria, and gen-passphrase generates xkcd-style random word sequences using the system dictionary or a specified one.

    --
    Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
    Working, but not speaking, for Philips
    void Void(void) { Void(); } /* The recursive call of the void */

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bob Eager@21:1/5 to Keith Thompson on Wed Jul 21 21:00:31 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On Wed, 21 Jul 2021 12:31:11 -0700, Keith Thompson wrote:

    I use a couple of programs I wrote to generate random passwords and passphrases:

    https://github.com/Keith-S-Thompson/random-passwords

    It's two Perl scripts. gen-password generates random passwords with specified criteria, and gen-passphrase generates xkcd-style random word sequences using the system dictionary or a specified one.

    I use dicewords and a set of casino dice.

    --
    Using UNIX since v6 (1975)...

    Use the BIG mirror service in the UK:
    http://www.mirrorservice.org

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ben Bacarisse@21:1/5 to Bob Eager on Thu Jul 22 01:23:46 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    Bob Eager <news0009@eager.cx> writes:

    On Wed, 21 Jul 2021 12:31:11 -0700, Keith Thompson wrote:

    I use a couple of programs I wrote to generate random passwords and
    passphrases:

    https://github.com/Keith-S-Thompson/random-passwords

    It's two Perl scripts. gen-password generates random passwords with
    specified criteria, and gen-passphrase generates xkcd-style random word
    sequences using the system dictionary or a specified one.

    I use dicewords and a set of casino dice.

    What do you do when the password is restricted as is so often the case?

    --
    Ben.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bob Eager@21:1/5 to Ben Bacarisse on Thu Jul 22 08:46:19 2021
    XPost: comp.sys.mac.system, comp.sys.mac.misc, comp.unix.misc

    On Thu, 22 Jul 2021 01:23:46 +0100, Ben Bacarisse wrote:

    Bob Eager <news0009@eager.cx> writes:

    On Wed, 21 Jul 2021 12:31:11 -0700, Keith Thompson wrote:

    I use a couple of programs I wrote to generate random passwords and
    passphrases:

    https://github.com/Keith-S-Thompson/random-passwords

    It's two Perl scripts. gen-password generates random passwords with
    specified criteria, and gen-passphrase generates xkcd-style random
    word sequences using the system dictionary or a specified one.

    I use dicewords and a set of casino dice.

    What do you do when the password is restricted as is so often the case?

    It provides a basis to which I add stuff.

    Jitsi does similar when choosing a random 'room' name, although I haven't looked at the code.



    --
    Using UNIX since v6 (1975)...

    Use the BIG mirror service in the UK:
    http://www.mirrorservice.org

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Unbreakable Disease@21:1/5 to Alan Browne on Thu Jul 22 08:52:00 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On 19.07.2021 14:40, Alan Browne wrote:
    On 2021-07-12 05:53, Unbreakable Disease wrote:
    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here
    including my financial passwords and credit card data, with the
    exception of passwords that I would have to remember anyway (full-disk
    encryption, login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10
    complicated passwords that you use everyday than 100+ simple passwords
    you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.

    I use 1Password.  Be careful of the option you select.  They are leaning towards "rent" model which I despise.

    You can keep the encrypted master file on iCloud or Dropbox so it's
    available to all of your devices.  Avoid the 'rent' model if possible.

    You can use any FOSS password manager. For me, anything that is not FOSS
    is automatically suspicious (including 1Password). I don't trust
    proprietary software and try to reduce its usage to minimum.

    --
    Tip me: bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

    bitcoin:bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Alan Browne@21:1/5 to Unbreakable Disease on Thu Jul 22 09:52:51 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On 2021-07-22 04:52, Unbreakable Disease wrote:
    On 19.07.2021 14:40, Alan Browne wrote:

    You can keep the encrypted master file on iCloud or Dropbox so it's
    available to all of your devices.  Avoid the 'rent' model if possible.

    You can use any FOSS password manager. For me, anything that is not FOSS
    is automatically suspicious (including 1Password). I don't trust
    proprietary software and try to reduce its usage to minimum.

    1Password has proven itself over time. I like companies that pay
    employees to do things right when it's a critical component.

    Free? You get what you pay for. So unless it's a wildly widespread and popular package with many people maintaining it, it tends to crud.

    The Gimp refers.


    --
    "...there are many humorous things in this world; among them the white
    man's notion that he is less savage than the other savages."
    -Samuel Clemens

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Unbreakable Disease@21:1/5 to Alan Browne on Tue Jul 27 11:27:00 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On 22.07.2021 13:52, Alan Browne wrote:
    On 2021-07-22 04:52, Unbreakable Disease wrote:
    On 19.07.2021 14:40, Alan Browne wrote:

    You can keep the encrypted master file on iCloud or Dropbox so it's
    available to all of your devices.  Avoid the 'rent' model if possible.

    You can use any FOSS password manager. For me, anything that is not
    FOSS is automatically suspicious (including 1Password). I don't trust
    proprietary software and try to reduce its usage to minimum.

    1Password has proven itself over time.  I like companies that pay
    employees to do things right when it's a critical component.

    Free?  You get what you pay for.  So unless it's a wildly widespread and popular package with many people maintaining it, it tends to crud.

    The Gimp refers.


    Well, I like free software. It's not always of the same quality as
    commercial software, but at least its security can be tested by many
    experts in the industry easily as anyone has access to the source code.
    Anyone can read and edit it... understanding and making it work not so much.

    --
    Tip me: bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f bitcoin:bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

    Secmail.pro is down, please mail me at current address instead

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Your Name@21:1/5 to Unbreakable Disease on Wed Jul 28 08:30:16 2021
    XPost: comp.sys.mac.misc, comp.sys.mac.system

    On 2021-07-27 11:27:00 +0000, Unbreakable Disease said:
    On 22.07.2021 13:52, Alan Browne wrote:
    On 2021-07-22 04:52, Unbreakable Disease wrote:
    On 19.07.2021 14:40, Alan Browne wrote:

    You can keep the encrypted master file on iCloud or Dropbox so it's
    available to all of your devices.  Avoid the 'rent' model if possible. >>>
    You can use any FOSS password manager. For me, anything that is not
    FOSS is automatically suspicious (including 1Password). I don't trust
    proprietary software and try to reduce its usage to minimum.

    1Password has proven itself over time. I like companies that pay
    employees to do things right when it's a critical component.

    Free? "You get what you pay for." So unless it's a wildly widespread
    and popular package with many people maintaining it, it tends to crud.

    The Gimp refers.

    Well, I like free software. It's not always of the same quality as
    commercial software, but at least its security can be tested by many
    experts in the industry easily as anyone has access to the source code. Anyone can read and edit it... understanding and making it work not so
    much.

    With the source code available for free, it also means the hackers can
    more easily work out how to steal your information. Using open source
    or hacked pirated versions for anything even remotely to do with
    security is simply incredibly silly.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From nospam@21:1/5 to YourName@YourISP.com on Tue Jul 27 17:30:50 2021
    XPost: comp.sys.mac.misc, comp.sys.mac.system

    In article <sdpqco$1erg$1@gioia.aioe.org>, Your Name
    <YourName@YourISP.com> wrote:


    With the source code available for free, it also means the hackers can
    more easily work out how to steal your information. Using open source

    nonsense.

    open source means it's easy to audit so that nothing undesirable is
    hidden.

    or hacked pirated versions for anything even remotely to do with
    security is simply incredibly silly.

    that part is true. using pirated versions is dumb.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bob Eager@21:1/5 to Your Name on Tue Jul 27 22:47:01 2021
    XPost: comp.sys.mac.misc, comp.sys.mac.system

    On Wed, 28 Jul 2021 08:30:16 +1200, Your Name wrote:

    With the source code available for free, it also means the hackers can
    more easily work out how to steal your information. Using open source or hacked pirated versions for anything even remotely to do with security
    is simply incredibly silly.

    Ah, a proponent of security through obscurity.

    I think not.

    --
    Using UNIX since v6 (1975)...

    Use the BIG mirror service in the UK:
    http://www.mirrorservice.org

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Your Name@21:1/5 to Bob Eager on Wed Jul 28 15:40:13 2021
    XPost: comp.sys.mac.misc, comp.sys.mac.system

    On 2021-07-27 22:47:01 +0000, Bob Eager said:
    On Wed, 28 Jul 2021 08:30:16 +1200, Your Name wrote:

    With the source code available for free, it also means the hackers can
    more easily work out how to steal your information. Using open source or
    hacked pirated versions for anything even remotely to do with security
    is simply incredibly silly.

    Ah, a proponent of security through obscurity.

    I think not.

    I guess that's why the banks leave their vault doors open all night. :-\

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Otto J. Makela@21:1/5 to Your Name on Wed Jul 28 10:52:04 2021
    XPost: comp.sys.mac.misc, comp.sys.mac.system

    Your Name <YourName@YourISP.com> wrote:

    With the source code available for free, it also means the hackers can
    more easily work out how to steal your information. Using open source
    or hacked pirated versions for anything even remotely to do with
    security is simply incredibly silly.

    "Hacked pirated" versions aside, security by obscurity never works in
    the long run.

    The security of cryptosystems should depend on things like your key
    management, not that nobody has got their hands on the source code.
    Widely used systems like openssl are open source and better for it,
    as they have open audits of how they are builts.

    --
    /* * * Otto J. Makela <om@iki.fi> * * * * * * * * * */
    /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */
    /* Mail: Mechelininkatu 26 B 27, FI-00100 Helsinki */
    /* * * Computers Rule 01001111 01001011 * * * * * * */

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bob Eager@21:1/5 to Your Name on Wed Jul 28 08:41:48 2021
    XPost: comp.sys.mac.misc, comp.sys.mac.system

    On Wed, 28 Jul 2021 15:40:13 +1200, Your Name wrote:

    On 2021-07-27 22:47:01 +0000, Bob Eager said:
    On Wed, 28 Jul 2021 08:30:16 +1200, Your Name wrote:

    With the source code available for free, it also means the hackers can
    more easily work out how to steal your information. Using open source
    or hacked pirated versions for anything even remotely to do with
    security is simply incredibly silly.

    Ah, a proponent of security through obscurity.

    I think not.

    I guess that's why the banks leave their vault doors open all night.
    :-\

    Non sequitur.



    --
    Using UNIX since v6 (1975)...

    Use the BIG mirror service in the UK:
    http://www.mirrorservice.org

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lewis@21:1/5 to Your Name on Wed Jul 28 12:35:34 2021
    XPost: comp.sys.mac.misc, comp.sys.mac.system

    In message <sdqjit$aif$1@gioia.aioe.org> Your Name <YourName@YourISP.com> wrote:
    On 2021-07-27 22:47:01 +0000, Bob Eager said:
    On Wed, 28 Jul 2021 08:30:16 +1200, Your Name wrote:

    With the source code available for free, it also means the hackers can
    more easily work out how to steal your information. Using open source or >>> hacked pirated versions for anything even remotely to do with security
    is simply incredibly silly.

    Ah, a proponent of security through obscurity.

    I think not.

    I guess that's why the banks leave their vault doors open all night. :-\

    You obviously have no idea what "security by obscurity" means. A vault
    is not obscure. If you hide you money in a hollow book, that would be
    security by obscurity.



    --
    Demons have existed on the Discworld for at least as long as the
    gods, who in many ways they closely resemble. The difference is
    basically the same as between terrorists and freedom fighters.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Scott Alfter@21:1/5 to YourName@YourISP.com on Wed Jul 28 17:45:24 2021
    XPost: comp.sys.mac.misc, comp.sys.mac.system

    In article <sdpqco$1erg$1@gioia.aioe.org>,
    Your Name <YourName@YourISP.com> wrote:
    With the source code available for free, it also means the hackers can
    more easily work out how to steal your information. Using open source
    or hacked pirated versions for anything even remotely to do with
    security is simply incredibly silly.

    Security by obscurity? Please tell us you're joking...this has to be one of the most ignorant comments I've seen on Usenet in a good long while.

    If you have access to the source code, you can verify that (1) secure algorithms are in use and (2) those algorithms have been properly translated into secure code that works. Without source code, you're potentially buying
    a pig in a poke.

    _/_
    / v \ Scott Alfter (remove the obvious to send mail)
    (IIGS( https://alfter.us/ Top-posting!
    \_^_/ >What's the most annoying thing on Usenet?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From nospam@21:1/5 to g.kreme@kreme.dont-email.me on Wed Jul 28 18:56:02 2021
    XPost: comp.sys.mac.misc, comp.sys.mac.system

    In article <slrnsg3mjk.2fg5.g.kreme@m1mini.local>, Lewis <g.kreme@kreme.dont-email.me> wrote:

    In message <sdpqco$1erg$1@gioia.aioe.org> Your Name <YourName@YourISP.com> wrote:
    With the source code available for free, it also means the hackers can
    more easily work out how to steal your information. Using open source
    or hacked pirated versions for anything even remotely to do with
    security is simply incredibly silly.

    Once again you demonstrate a complete lack of knowledge on a topic. The
    VAST majority of encryption is done with open source tools, you nimrod.
    Not on;y that, but when companies try to write their own (like Telegram)
    it turns out they write shitty software with massive security holes.

    Please stop trying to weigh in on things you know absolutely nothing
    about, it's embarrassing.

    that would mean an end to his posts...

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lewis@21:1/5 to Your Name on Wed Jul 28 22:30:12 2021
    XPost: comp.sys.mac.misc, comp.sys.mac.system

    In message <sdpqco$1erg$1@gioia.aioe.org> Your Name <YourName@YourISP.com> wrote:
    On 2021-07-27 11:27:00 +0000, Unbreakable Disease said:
    On 22.07.2021 13:52, Alan Browne wrote:
    On 2021-07-22 04:52, Unbreakable Disease wrote:
    On 19.07.2021 14:40, Alan Browne wrote:

    You can keep the encrypted master file on iCloud or Dropbox so it's
    available to all of your devices.  Avoid the 'rent' model if possible. >>>>
    You can use any FOSS password manager. For me, anything that is not
    FOSS is automatically suspicious (including 1Password). I don't trust
    proprietary software and try to reduce its usage to minimum.

    1Password has proven itself over time.  I like companies that pay
    employees to do things right when it's a critical component.

    Free?  "You get what you pay for."  So unless it's a wildly widespread >>> and popular package with many people maintaining it, it tends to crud.

    The Gimp refers.

    Well, I like free software. It's not always of the same quality as
    commercial software, but at least its security can be tested by many
    experts in the industry easily as anyone has access to the source code.
    Anyone can read and edit it... understanding and making it work not so
    much.

    With the source code available for free, it also means the hackers can
    more easily work out how to steal your information. Using open source
    or hacked pirated versions for anything even remotely to do with
    security is simply incredibly silly.

    Once again you demonstrate a complete lack of knowledge on a topic. The
    VAST majority of encryption is done with open source tools, you nimrod.
    Not on;y that, but when companies try to write their own (like Telegram)
    it turns out they write shitty software with massive security holes.

    Please stop trying to weigh in on things you know absolutely nothing
    about, it's embarrassing.

    --
    "Are you pondering what I'm pondering?"
    "Sure, Brain, but how are we going to find chaps our size?"

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lewis@21:1/5 to nospam on Thu Jul 29 07:38:22 2021
    XPost: comp.sys.mac.misc, comp.sys.mac.system

    In message <280720211856021661%nospam@nospam.invalid> nospam <nospam@nospam.invalid> wrote:
    In article <slrnsg3mjk.2fg5.g.kreme@m1mini.local>, Lewis <g.kreme@kreme.dont-email.me> wrote:

    In message <sdpqco$1erg$1@gioia.aioe.org> Your Name <YourName@YourISP.com> >> wrote:
    With the source code available for free, it also means the hackers can
    more easily work out how to steal your information. Using open source
    or hacked pirated versions for anything even remotely to do with
    security is simply incredibly silly.

    Once again you demonstrate a complete lack of knowledge on a topic. The
    VAST majority of encryption is done with open source tools, you nimrod.
    Not on;y that, but when companies try to write their own (like Telegram)
    it turns out they write shitty software with massive security holes.

    Please stop trying to weigh in on things you know absolutely nothing
    about, it's embarrassing.

    that would mean an end to his posts...

    <fingers crossed>

    --
    'The trouble with my friend here is that he doesn't know the
    difference between a postulate and a metaphor of human existence.
    Or a hole in the ground.' --Pyramids

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From rtr@21:1/5 to Unbreakable Disease on Sun Nov 28 06:51:45 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On Mon, 12 Jul 2021 09:53:00 +0000
    Unbreakable Disease <unbreakable@secmail.pro> wrote:

    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here
    including my financial passwords and credit card data, with the
    exception of passwords that I would have to remember anyway
    (full-disk encryption, login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10 complicated passwords that you use everyday than 100+ simple
    passwords you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.

    I use Pass, which is a command-line only password manager using git and
    gpg. It's good and lightweight.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bob Eager@21:1/5 to rtr on Sat Nov 27 23:40:28 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On Sun, 28 Nov 2021 06:51:45 +0800, rtr wrote:

    On Mon, 12 Jul 2021 09:53:00 +0000 Unbreakable Disease <unbreakable@secmail.pro> wrote:

    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here including
    my financial passwords and credit card data, with the exception of
    passwords that I would have to remember anyway (full-disk encryption,
    login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10
    complicated passwords that you use everyday than 100+ simple passwords
    you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.

    I use Pass, which is a command-line only password manager using git and
    gpg. It's good and lightweight.

    Yes, me too. It works well.



    --
    Using UNIX since v6 (1975)...

    Use the BIG mirror service in the UK:
    http://www.mirrorservice.org

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From rtr@21:1/5 to Otto J. Makela on Sun Nov 28 21:06:48 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On Sun, 28 Nov 2021 14:16:49 +0200
    om@iki.fi (Otto J. Makela) wrote:

    rtr <rtr@nospam.invalid> wrote:

    I use Pass, which is a command-line only password manager using git
    and gpg. It's good and lightweight.

    I also use it, though gpg is a bit clunky it helps me trust the
    cryptosystem.

    GPG is indeed a bit clunky and non-user friendly. It's really secure
    but the complexity required to set it up makes it unapproachable.

    It's only recently that I've gotten around maintaining a proper gpg key
    setup when I was sorting out my password situation and looking at what
    you can do with it it's certainly a waste that not all people are aware
    or can even use this with ease.

    --
    Give them an inch and they will take a mile.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Otto J. Makela@21:1/5 to rtr on Sun Nov 28 14:16:49 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    rtr <rtr@nospam.invalid> wrote:

    I use Pass, which is a command-line only password manager using git
    and gpg. It's good and lightweight.

    I also use it, though gpg is a bit clunky it helps me trust the cryptosystem. --
    /* * * Otto J. Makela <om@iki.fi> * * * * * * * * * */
    /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */
    /* Mail: Mechelininkatu 26 B 27, FI-00100 Helsinki */
    /* * * Computers Rule 01001111 01001011 * * * * * * */

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Anssi Saari@21:1/5 to rtr on Mon Nov 29 13:01:06 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    rtr <rtr@nospam.invalid> writes:

    I use Pass, which is a command-line only password manager using git and
    gpg. It's good and lightweight.

    I haven't used pass but now that I looked into it, it seems it could
    work for me too. I currently used Keepass with sftp access to the
    password database and it works, for my current platforms which are
    Linux, Android and Windows. Looks like pass could also work for my use
    case.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lewis@21:1/5 to Anssi Saari on Mon Nov 29 15:52:13 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    In message <sm0zgpnrzt9.fsf@lakka.kapsi.fi> Anssi Saari <as@sci.fi> wrote:
    my current platforms which are Linux, Android and Windows.

    So why are you posting to comp.sys.mac.system and comp.sys.mac.misc and alt.atheism?

    case.


    --
    Laugh it up, fuzzball!

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Real Bev@21:1/5 to Otto J. Makela on Mon Nov 29 10:31:03 2021
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On 11/28/2021 04:16 AM, Otto J. Makela wrote:
    rtr <rtr@nospam.invalid> wrote:

    I use Pass, which is a command-line only password manager using git
    and gpg. It's good and lightweight.

    I also use it, though gpg is a bit clunky it helps me trust the cryptosystem.

    No. I have a text file for when browsers and email forget.

    I'm increasingly annoyed by the 'security' features required by various financial businesses. I don't want texts sent to my phone EVER -- email
    is just fine. I don't want to have to respond to a text message on my
    phone BEFORE I can accomplish a transaction on my computer. This shit
    takes time. MY time.

    --
    Cheers, Bev
    Warning -- Driver carries less than $20 worth of ammunition

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Matti Haveri@21:1/5 to Unbreakable Disease on Sat Feb 5 14:43:38 2022
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    In article <sch3ep$87h$1@dont-email.me>,
    Unbreakable Disease <unbreakable@secmail.pro> wrote:

    KeePassXC

    I used KeePassX 0.4.4 works up to OS X 10.11 and then, after some
    testing, settled to KeePassXC.

    I use the same .kdbx file at work with a KeePass Windows standalone
    version and it works great.

    I have advocated KeePass to the rest of the family and some use it and
    some don't preferring the iCloud keychain which also seems to work OK
    with less hassle.

    --
    - Matti

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Real Bev@21:1/5 to Matti Haveri on Sat Feb 5 09:41:41 2022
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    On 02/05/2022 04:43 AM, Matti Haveri wrote:
    In article <sch3ep$87h$1@dont-email.me>,
    Unbreakable Disease <unbreakable@secmail.pro> wrote:

    KeePassXC

    I used KeePassX 0.4.4 works up to OS X 10.11 and then, after some
    testing, settled to KeePassXC.

    I use the same .kdbx file at work with a KeePass Windows standalone
    version and it works great.

    Does it put a text file containing the passwords on your computer or are
    you completely reliant on the thing ALWAYS working forever?

    I have advocated KeePass to the rest of the family and some use it and
    some don't preferring the iCloud keychain which also seems to work OK
    with less hassle.

    --
    Cheers, Bev
    "Genius may have its limitations, but stupidity
    is not thus handicapped."
    -- Elbert Hubbard, American author

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Dan Purgert@21:1/5 to The Real Bev on Sat Feb 5 19:03:07 2022
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    ["Followup-To:" header set to comp.misc.]
    The Real Bev wrote:
    Does it put a text file containing the passwords on your computer or are
    you completely reliant on the thing ALWAYS working forever?

    No. You're reliant on the software continuing to work -- the "database"
    file is encrypted.

    Equivalent of being reliant on say gpg continuing to work to decrypt a
    text file or something.


    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmH+ygkACgkQbWVw5Uzn KGADqw/+ORqJZ5qc2FNmu5+UJIUmcDBAcGGn1LtI2gkz/ZofMHwnlGtG/qV5vqxI RQanW2LBtP8UpgwUzs5b6SGZ+/5dyCaNKhMZFo3HW6KUtp7JJHNQhPsOc1EA+fQc wWc2XIVqiD9ZD0emhIcce3amZdk1FizjN5Hu7uUwfZBoGt4Iul8FMmht3IcEIepH yEqLStwjQzZPH+RRC69u7u5NhrsMWZXCskR4DYr9qTRkEBSbq0fl7JpUAv26A9X4 g1kPZIWxbYfmZPoIRhyUdaN8mhCisqHyE69czMEzv4mUrOS6Yt1X4YF9o+X2GiqE DNDpadh4GXAiPiXMO5gZWghNm6Fxl9+3U4svDnUxuzlGD3gRnL9B44HPDjR83wBR iR4BBUU69ME+UOkgsz99cUphJ0/PdiqYgTWdq0BqcPQUOqW9uipE8JsYa10h2Cqz 70yfcqOk4PgPU+WRJQxsUaLQ1d5CWT1NLwxBV9BVabt7uioUQHUfCB9E/Z/oaAuf wKBgDaAmUYJPOhq+YptQhsrP6M1RpWpihXB/AwgESFuCwg+oj1KR0A9dH9Jpdye7 RmTIf4mmTQmAavH3XJwHxIvsTUuBN4Z2n348dZPbwkVGnlEmAl/gnjMW/DFaG0rv o8y0IO8ASee2RW7Mk7TOtLcWaAWouz5cer20ZuYLH45LdxFRfEU=
    =8bNb
    -----END PGP SIGNATURE-----

    --
    |_|O|_| Github: https://github.com/dpurgert
    |_|_|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860
    |O|O|O|

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?B?U2NpZW50aWZpYyAoc2hlL2hlc@21:1/5 to Dan Purgert on Sat Feb 5 19:37:00 2022
    On 2/5/22 7:03 PM, Dan Purgert wrote:
    ["Followup-To:" header set to comp.misc.]
    The Real Bev wrote:
    Does it put a text file containing the passwords on your computer or are
    you completely reliant on the thing ALWAYS working forever?

    No. You're reliant on the software continuing to work -- the "database"
    file is encrypted.

    Equivalent of being reliant on say gpg continuing to work to decrypt a
    text file or something.




    A PGP-signed message, nice. Do you think that there should be a
    newsgroup reader for Android?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From meff@21:1/5 to science@danwin1210.de on Sat Feb 5 23:26:13 2022
    On 2022-02-05, Scientific ⚧ <science@danwin1210.de> wrote:
    A PGP-signed message, nice. Do you think that there should be a
    newsgroup reader for Android?

    An Android newsreader would be fantastic IMO.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Real Bev@21:1/5 to Dan Purgert on Sat Feb 5 19:52:30 2022
    On 02/05/2022 11:03 AM, Dan Purgert wrote:

    ["Followup-To:" header set to comp.misc.]
    The Real Bev wrote:
    Does it put a text file containing the passwords on your computer or are
    you completely reliant on the thing ALWAYS working forever?

    No. You're reliant on the software continuing to work -- the "database"
    file is encrypted.

    People really are a trusting lot, aren't they?

    Equivalent of being reliant on say gpg continuing to work to decrypt a
    text file or something.

    For a while I put the text file on my phone encrypted with some android encryption facility, but then I removed both. I don't want to depend on
    an app for anything important. Much easier to regard my phone as
    potential theft-fodder and not keep anything on it but photos, some
    e-books, maps, email, various utilities (a LOT of utilities!) etc.
    Stuff that I wouldn't actually regard as secret.

    --
    Cheers, Bev
    If you are going to try cross-country skiing,
    start with a small country.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Matti Haveri@21:1/5 to The Real Bev on Sun Feb 6 11:39:23 2022
    XPost: alt.atheism, comp.sys.mac.system, comp.sys.mac.misc
    XPost: comp.unix.misc

    In article <stmcsl$vgs$1@dont-email.me>,
    The Real Bev <bashley101@gmail.com> wrote:

    Does it put a text file containing the passwords on your computer or are
    you completely reliant on the thing ALWAYS working forever?

    I have a master .kdbx file and occasionally copy it to my other accounts
    via sneaker net (iOS devices, Windows at work, various macOS test clones virtual machines etc). So if for some reason the master does not work
    (never happened yet), I can revert to those somewhat older backups. Or
    if also that fails, I can revert to macOS Keychain.

    --
    - Matti

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From gtr@21:1/5 to unbreakable@secmail.pro on Sun Feb 6 19:27:52 2022
    XPost: alt.atheism, comp.sys.mac.misc, comp.sys.mac.system
    XPost: comp.unix.misc

    On Jul 12, 2021 at 1:53:00 AM PDT, "Unbreakable Disease" <unbreakable@secmail.pro> wrote:

    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here including
    my financial passwords and credit card data, with the exception of
    passwords that I would have to remember anyway (full-disk encryption,
    login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10 complicated passwords that you use everyday than 100+ simple passwords
    you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.

    I have the older version (non-subscription) of 1Password, but also make use of the keychain password manager and the manager built-in to Safari (I use Safari on both the mac and the ipad/iphone).

    Only lately, when I'm offered a complex "strong password" of jibberish, I take it. That's working well too.

    But I also use a variation on the same password: I selected two capitalized words (for instance ArchBasket with a few numbers, 245, then the first two letters of the intended website, for instance AMazon. Then I use this same password everywhere, with the exception of those last two letters. ArchBasket245am, for Powell's books: ArchBasket245po.

    It's easy to remember.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Dan Purgert@21:1/5 to All on Mon Feb 7 00:54:50 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Scientific ⚧ wrote:
    A PGP-signed message, nice. Do you think that there should be a
    newsgroup reader for Android?

    If people find it useful, I'm sure they'd write it. I am ambivalent on
    the matter -- I'd just as soon ssh back to a system that has slrn on it.

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmIAbgMACgkQbWVw5Uzn KGB0xg//X4+ZP/mqdXkD6oax3AJvl6+tkLB/8QVeEL5GjvxlyNROIh5OvmuFm68h 3o3QHUTGVXeG1SyMCNBcDLzuTDhDCSTqJKmCfVhKYAj5//oPt5bnoW8B+6IqBBCC IwRAaCil3m+pY06Z0i+XYKLFnpNOA4oEHWfwGTiUpb1hwX+dPt47tGda4cmDrvy/ b+5zT75PIgjuS8CeiU+PdHyTDT4Q+L2VlG2dXhJEGE83AAJLWN0QfWRGgTJsVdkW U01rtaesuJv4n+U0HMHncLso3oNM5rHayI+qsqD8ejKWX5ppDf0fee6hjJWzUSuQ /ZPDh1hkaxK6msVzPcdSdof3qGiYNV/bNrjVF7KUUv0NtTeTeDqFRqzvLDgAz3yH +wj1+/1xm8DZ14zfL6EuKyIgzs2ethNfYF0cfNbi0Nk4JfQXx2f6Wuf5RBTlFQze /F5aAChdO7bZBSDGrajnKeNVyiP5iRkB2sCsYpU0rF+r57n6hQSe7vCuQwlEpCcv tW41zB4gRpMUvC2np10UFdcj9J4c//mhgCbp6ATGhcfAFgcy7PvJvd/12As83Ner FHG6naiaPSum9xi8kocggN5LETCKPWoMX9JOZ7r3HxNd0DClGiyGRuwIHa69Pjyn sZziN1DsKqaFpJ/lxt11Xk+b1Q4jqNxJFaZ+9+VkVBuvKPYsN7Q=
    =a6Fw
    -----END PGP SIGNATURE-----

    --
    |_|O|_| Github: https://github.com/dpurgert
    |_|_|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860
    |O|O|O|

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Dan Purgert@21:1/5 to The Real Bev on Mon Feb 7 00:57:49 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    The Real Bev wrote:
    On 02/05/2022 11:03 AM, Dan Purgert wrote:

    ["Followup-To:" header set to comp.misc.]
    The Real Bev wrote:
    Does it put a text file containing the passwords on your computer or are >>> you completely reliant on the thing ALWAYS working forever?

    No. You're reliant on the software continuing to work -- the "database"
    file is encrypted.

    People really are a trusting lot, aren't they?

    I mean, keepass has worked for a decade (or longer). Long as I don't do something completely daft, I don't see anything wrong with it.

    Granted it only "really" keeps website passwords. Worst case, I'll have
    to click "Forgot Password" somewhere.


    Equivalent of being reliant on say gpg continuing to work to decrypt a
    text file or something.

    For a while I put the text file on my phone encrypted with some android encryption facility, but then I removed both. I don't want to depend on
    an app for anything important. Much easier to regard my phone as
    potential theft-fodder and not keep anything on it but photos, some
    e-books, maps, email, various utilities (a LOT of utilities!) etc.
    Stuff that I wouldn't actually regard as secret.

    Sure, but that wasn't the point of the comment I was making.


    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmIAbrYACgkQbWVw5Uzn KGCZbg//X83wjIk+SxyLxMq9HhiGZ+VwbYS22jdEYkF4hu4DSlhQxcWNMmnucksh NRjyvN6LYzfhOs1IHKmj6kkRBAXDGN8U/FqKdBWfEHr0jOgeqJx88mpSVgMuMwsl qOjC7Hl6iSlE9N0MFQnNpe0pVP/U/qXegnPGwfGhsSBbys94zvRAOJjnfkFf8IQU l0uZCxI97upFPvHby1mVvo+BOHoZTFvZDMNPpG5m5YwfUp/gpdbwHXf/BGh1J3fH BJv+sqJfGWKi+OJxdSvngGCWU+6EKyRQzPdPfBemdNv1am/HtF4APT9emIcLSI+A 0Oo7ANB92MLaJV1lzzdv+e32TV1h3d6d4uY1VR27kf/59g7+9DqScYUCQTHhDOy3 6fJqf4TQq2puJjsdiBeBhfV/9Fu46pfoKkHQyFBKkujFERcRbriD/ixA95VA1U79 HHlUzi77+NPwa4229+EtU0ph8S8O4tTnJhF6X26jd0GgWwDaEYfzghOSY3Cg5MVm gX60OCqdE5DoDa7pJ6CkuGjtObwJzo69OEz00QrYLJZHVXNqXUZoA9TU2ml4hybQ +lVzuRHGHn71Tfv86F+P8OzPCO1uvTr00m3CiWGiWiN8+FF39Jr1Mlp8fH6bNPOO opP8hZHwa47CLsVp9h3nyOIQOxugcNSM/eoTDuF4Lz56yCx8w4s=
    =iR+K
    -----END PGP SIGNATURE-----

    --
    |_|O|_| Github: https://github.com/dpurgert
    |_|_|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860
    |O|O|O|

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Siri Cruise@21:1/5 to All on Sun Feb 6 18:21:06 2022
    XPost: alt.atheism, comp.sys.mac.misc, comp.sys.mac.system
    XPost: comp.unix.misc

    In article <stp7fn$tn4$1@dont-email.me>, gtr <xxx@yyy.zzz>
    wrote:

    But I also use a variation on the same password: I selected two capitalized

    merde d'oie.

    --
    :-<> Siri Seal of Disavowal #000-001. Disavowed. Denied. Deleted. @
    'I desire mercy, not sacrifice.' /|\ Discordia: not just a religion but also a parody. This post / \
    I am an Andrea Doria sockpuppet. insults Islam. Mohammed

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From El Kabong@21:1/5 to gtr on Sun Feb 6 22:16:31 2022
    XPost: alt.atheism, comp.sys.mac.misc, comp.sys.mac.system
    XPost: comp.unix.misc

    gtr <xxx@yyy.zzz> wrote:

    On Jul 12, 2021 at 1:53:00 AM PDT, "Unbreakable Disease" <unbreakable@secmail.pro> wrote:

    My 50-year old brain isn't capable of memorizing that many passwords anymore, so I use KeePassXC. I keep basically everything here including
    my financial passwords and credit card data, with the exception of passwords that I would have to remember anyway (full-disk encryption, login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10 complicated passwords that you use everyday than 100+ simple passwords
    you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.

    I have the older version (non-subscription) of 1Password, but also make use of
    the keychain password manager and the manager built-in to Safari (I use Safari
    on both the mac and the ipad/iphone).

    Only lately, when I'm offered a complex "strong password" of jibberish, I take
    it. That's working well too.

    But I also use a variation on the same password: I selected two capitalized words (for instance ArchBasket with a few numbers, 245, then the first two letters of the intended website, for instance AMazon. Then I use this same password everywhere, with the exception of those last two letters. ArchBasket245am, for Powell's books: ArchBasket245po.

    It's easy to remember.

    With the latter system, if someone ever found out your
    Powell's password (say, a rogue Powell admin), they might
    easily guess your amazon & other passwords from that.

    Also, if you should occasionally change a password, what
    are you going to change it to? Your system doesn't allow
    a lot of variation.

    (i keep passwords in an encrypted excel file. Excel
    always works, and it's safe for cloud storage.)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bob Eager@21:1/5 to meff on Mon Feb 7 09:50:55 2022
    On Sat, 05 Feb 2022 23:26:13 +0000, meff wrote:

    On 2022-02-05, Scientific ⚧ <science@danwin1210.de> wrote:
    A PGP-signed message, nice. Do you think that there should be a
    newsgroup reader for Android?

    An Android newsreader would be fantastic IMO.

    I don't keep passwords on my phone.

    I use a shell script called 'pass', which is a wrapper round gnupg. I can
    get passwords without the wrapper if need me, as long as I remember the
    (long) passphrase (which is easy for me to remember, but not for anyone
    else to guess).




    --
    Using UNIX since v6 (1975)...

    Use the BIG mirror service in the UK:
    http://www.mirrorservice.org

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Real Bev@21:1/5 to Siri Cruise on Mon Feb 7 14:57:36 2022
    XPost: alt.atheism, comp.sys.mac.misc, comp.sys.mac.system
    XPost: comp.unix.misc

    On 02/06/2022 06:21 PM, Siri Cruise wrote:
    In article <stp7fn$tn4$1@dont-email.me>, gtr <xxx@yyy.zzz>
    wrote:

    But I also use a variation on the same password: I selected two capitalized

    merde d'oie.

    The American version would be merde de cheval or possibly merde de
    poulet, depending on the nature of the merde.

    --
    Cheers, Bev
    "I'm sorry I ever invented the Electoral College."
    Al Gore 11/08/00

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Real Bev@21:1/5 to Dan Purgert on Mon Feb 7 14:55:27 2022
    On 02/06/2022 04:57 PM, Dan Purgert wrote:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    The Real Bev wrote:
    On 02/05/2022 11:03 AM, Dan Purgert wrote:

    ["Followup-To:" header set to comp.misc.]
    The Real Bev wrote:
    Does it put a text file containing the passwords on your computer or are >>>> you completely reliant on the thing ALWAYS working forever?

    No. You're reliant on the software continuing to work -- the "database" >>> file is encrypted.

    People really are a trusting lot, aren't they?

    I mean, keepass has worked for a decade (or longer). Long as I don't do something completely daft, I don't see anything wrong with it.

    Microsoft has been around longer than that. I actually LIKED win95
    almost as much as win3.x (which was really forgiving when you screwed
    up). It's gone downhill since then and my last update was 7. I would
    hate to be dependent on MS for anything important, which is why I
    convert my tax files to pdfs on my linux machine as soon as I finish them.

    LinusT doesn't annoy me with unwanted updates :-) Gates et al. can be
    really annoying sometimes.

    Granted it only "really" keeps website passwords. Worst case, I'll have
    to click "Forgot Password" somewhere.

    Equivalent of being reliant on say gpg continuing to work to decrypt a
    text file or something.

    For a while I put the text file on my phone encrypted with some android
    encryption facility, but then I removed both. I don't want to depend on
    an app for anything important. Much easier to regard my phone as
    potential theft-fodder and not keep anything on it but photos, some
    e-books, maps, email, various utilities (a LOT of utilities!) etc.
    Stuff that I wouldn't actually regard as secret.

    Sure, but that wasn't the point of the comment I was making.

    No, but threads drift. Chris Ilias used to have a serious problem with
    that :-)


    --
    Cheers, Bev
    "I'm sorry I ever invented the Electoral College."
    Al Gore 11/08/00

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Dan Purgert@21:1/5 to The Real Bev on Tue Feb 8 01:55:53 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    The Real Bev wrote:
    On 02/06/2022 04:57 PM, Dan Purgert wrote:
    The Real Bev wrote:
    On 02/05/2022 11:03 AM, Dan Purgert wrote:
    ["Followup-To:" header set to comp.misc.]
    The Real Bev wrote:
    Does it put a text file containing the passwords on your computer or are >>>>> you completely reliant on the thing ALWAYS working forever?

    No. You're reliant on the software continuing to work -- the "database" >>>> file is encrypted.

    People really are a trusting lot, aren't they?

    I mean, keepass has worked for a decade (or longer). Long as I don't do
    something completely daft, I don't see anything wrong with it.

    Microsoft has been around longer than that. [...]

    I'm honestly not really sure what point you're trying to make here. One company's longevity (or not) doesn't really directly correlate to
    another's (or the length of time software will continue to run).


    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmIBzdMACgkQbWVw5Uzn KGAz5Q//Q8c3GfAEOJulLxfOYrF8DqW8Zg00qzVdSaawJiC+uHMySssZLXbbZMSJ WfbEVmGHwcIDnJMq4S7mGUZOpz/N+G+Z/31CvQhJlF7EKWHIRQF3zdWRtLxfm/Wq uKeyI824NWEP9UgPbCsWrgG5Btx5wdCDcJw4nl+A+dJV7B+EZH1RgpDCEd2AEh6S FJRfk1S2Z98a8E9OdWbjpiEZjnBANK83v9fcbZ0+vS6Pg8xSq7V3SVovvHxI93gV l5NuZ1tcfyhEKXaKSSckWUovsQ7rVCBlNuVRWsmk32P5PjPxwdSn7KFLiE6+YmS/ C/V0XFyTxHuoju/DHzuDHlN58z7M2CmtLpPfJ5nWyjEXeLHYSXaOACAHnf0i1vRa ZXyoQjhWcyLG9njZgRBYt+HG9Kc21dgGJmacyr3QoCJt77JpZISM5WjSjMNWwZem tp4iG+BqKqjkLC8Rb4MGl6LgXJyduNrawO78Xh0zKf1kOO9DkMb9CCY7KMM5XqAv PTQrgt/WRuvbc5BmCPUMLUpkpM8QOLY3lr+l862vHW7VWHUY1D8Hv1d0dlayLdBh DFuYl2Ap5xhiMGnKInA1S8s9oXwhweEmUSaPHTcVYkVs73G1d6aL8RgXf+k6GRMe yN5pN5RSHCMXOClIN3tjPWX5TZuFhV5nyOjU4KyvA8kXd8B0jvs=
    =y9Sb
    -----END PGP SIGNATURE-----

    --
    |_|O|_| Github: https://github.com/dpurgert
    |_|_|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860
    |O|O|O|

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Siri Cruise@21:1/5 to The Real Bev on Mon Feb 7 19:21:50 2022
    XPost: alt.atheism, comp.sys.mac.misc, comp.sys.mac.system
    XPost: comp.unix.misc

    In article <sts850$dbi$2@dont-email.me>,
    The Real Bev <bashley101@gmail.com> wrote:

    On 02/06/2022 06:21 PM, Siri Cruise wrote:
    In article <stp7fn$tn4$1@dont-email.me>, gtr <xxx@yyy.zzz>
    wrote:

    But I also use a variation on the same password: I selected two capitalized

    merde d'oie.

    The American version would be merde de cheval or possibly merde de
    poulet, depending on the nature of the merde.

    Or the Fountainhead. One of Toohey's disciples uses it in faux
    brave nonconformist fashion pretending he is so brave saying
    birdshit evem though nobody undrstsnds him to be outrwaged. this
    contrasts to Roark who would just say burdsghit without nrrding
    to outrage or shock.

    --
    :-<> Siri Seal of Disavowal #000-001. Disavowed. Denied. Deleted. @
    'I desire mercy, not sacrifice.' /|\ Discordia: not just a religion but also a parody. This post / \
    I am an Andrea Doria sockpuppet. insults Islam. Mohammed

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Real Bev@21:1/5 to Dan Purgert on Mon Feb 7 21:57:09 2022
    On 02/07/2022 05:55 PM, Dan Purgert wrote:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    The Real Bev wrote:
    On 02/06/2022 04:57 PM, Dan Purgert wrote:
    The Real Bev wrote:
    On 02/05/2022 11:03 AM, Dan Purgert wrote:
    ["Followup-To:" header set to comp.misc.]
    The Real Bev wrote:
    Does it put a text file containing the passwords on your computer or are >>>>>> you completely reliant on the thing ALWAYS working forever?

    No. You're reliant on the software continuing to work -- the "database" >>>>> file is encrypted.

    People really are a trusting lot, aren't they?

    I mean, keepass has worked for a decade (or longer). Long as I don't do
    something completely daft, I don't see anything wrong with it.

    You've heard of ransomware, right? If my bank gets hacked I know that
    they'll eventually straighten everything out, that the FDIC will keep
    me from losing a single penny, and that the companies whose bills I pay
    on line will understand and forgive.

    Not so with a password storage site, which might simply cease to exist.
    What would happen then? Would you have to go to each
    password-requiring entity and reset your password? I hate doing that
    even ONCE, especially when they insist on sending a code to my cell in addition. What about sites that demand your old password before
    allowing you to change it? What if that's an online-only brokerage account?

    Microsoft has been around longer than that. [...]

    I'm honestly not really sure what point you're trying to make here. One company's longevity (or not) doesn't really directly correlate to
    another's (or the length of time software will continue to run).

    "Past performance does not guarantee future performance."

    I have hundreds of passwords, some of which I may not use for years.
    The idea of not being able to access them on my own machine without net
    -- or specific website -- access seems ridiculous.

    Not to mention the danger of hackage of the password-storage website.

    --
    Cheers, Bev
    It doesn't matter who you vote for, the government always gets in.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From meff@21:1/5 to The Real Bev on Tue Feb 8 07:00:43 2022
    On 2022-02-08, The Real Bev <bashley101@gmail.com> wrote:
    Not so with a password storage site, which might simply cease to exist.
    What would happen then? Would you have to go to each
    password-requiring entity and reset your password? I hate doing that
    even ONCE, especially when they insist on sending a code to my cell in addition. What about sites that demand your old password before
    allowing you to change it? What if that's an online-only brokerage account?

    KeePass doesn't actually need a password storage site. I keep my
    KeePass database backed up in my own backups, and the db files are
    synced across my devices using Syncthing. My db doesn't ever hit a
    "public" cloud and I don't have to trust any third party for access to
    it.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Dan Purgert@21:1/5 to The Real Bev on Tue Feb 8 12:18:17 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    The Real Bev wrote:
    Not to mention the danger of hackage of the password-storage website.

    Where on earth have you gotten this idea of a "password storage website"
    from? KeePass is an application running locally on your PC, no network communication required.



    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmICX7MACgkQbWVw5Uzn KGAjFA//TP2mA8Wja+4NHo1CDsMPjgcfKJTd5IVlBBvnIChY/5f1zzy0/fWwdzkH 4OsyVGXEO3TnoEOU6eAaWcdugYc2pnNm28Bl9eP32cbq1ck0UowCMyjkiq2FPM0C jdZRdq+/qTFEOgFp78jm8KTId2sYVEGV2rm8bEe8xRT7Mqa/g+Y85ypLFJ1TZdy2 o9N8Kl4LUEsYfbDDErizgEWFiCUcECG05HL82Y3l2HmjRTC0kc/FfpRVmRtYwyO5 i4U4E2z8RoSi4E2ja5p3paRooY+PJMWRNLgrBug6KnxU/LwBMSGfyJKle+n8hKWK GLKUPHj4sAU370PyD7RMz1cJBw4YSkoUfI+N1GDuPA7jTwC9JcR1psd8bA+T/q2f 3Z3cm2jpDCkRzNBBr3lWs1HphWA4AXKQtNYKa3aVenoV9Jr44jwUz7Xykshml8iU tebcDNetRZIu8Cj0PiPipdWkxk2dUAy8VSO9ANTKXuaSG2ODY1sg+W4kHxeGF0+b mrUOxeowah9qu8wtqtW4/1BszkhntYVrHLY/QyZNbOKGxILr9mAcyfC9TUAzux5M fmHmVzbBHQdcKWN93JzznIygWWNolT4aPHC/G9TKjMDpCvWdyZfzJ3UFk3JPGhhK igO92hs6I3kjFHNMjllCxd5JxQvDufEpRayKPQ+/jOxUD3fH71g=
    =KeR2
    -----END PGP SIGNATURE-----

    --
    |_|O|_| Github: https://github.com/dpurgert
    |_|_|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860
    |O|O|O|

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Dan Purgert@21:1/5 to Rich on Tue Feb 8 15:13:10 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Rich wrote:
    Dan Purgert <dan@djph.net> wrote:
    The Real Bev wrote:
    Not to mention the danger of hackage of the password-storage
    website.

    Where on earth have you gotten this idea of a "password storage
    website" from? KeePass is an application running locally on your PC,
    no network communication required.

    Most likely Bev is mixing up those password managers that store your passwords "in the cloud" with websites (granted, most of them do have 'websites' for advertising their system).

    But there are some password managers where the client that runs locally stores nothing locally, all storage of everything is in "the cloud"
    (and, hopefully, encrypted, but if closed source one just has to take
    their word for that if they claim encryption).

    I looked back, and perhaps Bev misread my comment (I dunno, some
    clarification would be nice).

    In MID <stmcsl$vgs$1@dont-email.me>; the question posed was:
    | Does it put a text file containing the passwords on your computer
    | or are you completely reliant on the thing ALWAYS working forever?

    I responded in MID <slrnsvtigk.5ru.dan@djph.net>:
    | No. You're reliant on the software continuing to work -- the
    | "database" file is encrypted.

    To be perfectly clear - KeePass does password storage in an ENCRYPTED
    file on your machine's local filesystem. There is no "plain text" copy
    of your passwords (unless explicitly created by the user).

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmICiK4ACgkQbWVw5Uzn KGCccw//Zc00SOCa/QeLw/vuPqeV0r97QTbFXaLGbbvfancCxIrmt7ZwWk2sE9j+ whsQ6d2FCyg5CHNftNXyFneAI3YtsgHjl972iN8sMH9sjvnPnCYTUB5ghiEKQSPE tc/JY9zfVTBNwcfXEj7mFUP1hheS/JItiwgPFRnBZyvvCNA/gpo37dtIbuLaLEuv k1EsMkPcZYLYWjhzn/+Vwjrusag7XByACSxtzo27OghJO4QCHsRXkmnBCQf2zPhk rBy8V3ppHXLkYP1VlKoBmzIuw3e04p/5MLUVnpDvwFRuZAjDUPiYXbs2kKuSkQYJ JYxm2JFPsy0SpB/QH5dKbU7lfg3awaGZnQq9/tWlNmjejqN217v8MMavtmwSjhZn 0OyNAwxzqgEkgMhnOSuIMdHvSVphisB4TEZknnN4TMSdnNkhtS4Zad+vgUdRgYaf kkZDoy7PL7csZtBQpehXwiqHGXLncO0RIE7H6ibR0m7eqWJjbGd+dKkBcw85sy+E wtQadO/KwWw/uRvXNp+9fdhjdf71tIxuwU0O58nAjPdijPP76a8NWxHHrs6JYMyj IXelTtdY7T8Ml458zM3QxOE3ZJMXllFfkoTUjlag82senDaPdt3p9tToZPFU8rQt 3Bb6xNMewLxGmozF0lUA9ASUhUR/E6oxjeP2rFkdUgK4ys2CxbM=
    =EDtU
    -----END PGP SIGNATURE-----

    --
    |_|O|_| Github: https://github.com/dpurgert
    |_|_|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860
    |O|O|O|

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rich@21:1/5 to Dan Purgert on Tue Feb 8 14:41:17 2022
    Dan Purgert <dan@djph.net> wrote:
    The Real Bev wrote:
    Not to mention the danger of hackage of the password-storage
    website.

    Where on earth have you gotten this idea of a "password storage
    website" from? KeePass is an application running locally on your PC,
    no network communication required.

    Most likely Bev is mixing up those password managers that store your
    passwords "in the cloud" with websites (granted, most of them do have 'websites' for advertising their system).

    But there are some password managers where the client that runs locally
    stores nothing locally, all storage of everything is in "the cloud"
    (and, hopefully, encrypted, but if closed source one just has to take
    their word for that if they claim encryption).

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Eli the Bearded@21:1/5 to science@danwin1210.de on Tue Feb 8 22:32:56 2022
    In comp.misc, Scientific (she/her) ⚧ <science@danwin1210.de> wrote:
    A PGP-signed message, nice. Do you think that there should be a
    newsgroup reader for Android?

    Install termux, compile any Unix newsreader you like. I did it with trn,
    but only as proof of concept, using it for just a couple of posts.

    My preferred method is ssh to Unix host, run tmux, read news in there.
    The tmux allows me to easily switch sessions between various devices.
    The various devices then don't need a local newsrc.

    Termux is my preferred ssh environment on Android, too.

    https://f-droid.org/en/packages/com.termux/

    Elijah
    ------
    Play store Termux is deprecated

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From scott@alfter.diespammersdie.us@21:1/5 to Bob Eager on Wed Feb 9 19:14:04 2022
    Bob Eager <news0009@eager.cx> wrote:
    On Sat, 05 Feb 2022 23:26:13 +0000, meff wrote:

    On 2022-02-05, Scientific ⚧ <science@danwin1210.de> wrote:
    A PGP-signed message, nice. Do you think that there should be a
    newsgroup reader for Android?

    An Android newsreader would be fantastic IMO.

    I don't keep passwords on my phone.

    Since KeePass has already been brought up, Keepass2Android makes password handling nearly as seamless as on the desktop.

    --
    _/_
    / v \ Scott Alfter (remove the obvious to send mail)
    (IIGS( https://alfter.us/ Top-posting!
    \_^_/ >What's the most annoying thing on Usenet?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From scott@alfter.diespammersdie.us@21:1/5 to The Real Bev on Wed Feb 9 19:19:41 2022
    The Real Bev <bashley101@gmail.com> wrote:
    Not so with a password storage site, which might simply cease to exist.

    That's not an issue with KeePass. You store your password file wherever you want: cloud storage (aka "someone else's computer"), your own server, a USB flash stick, whatever. I keep mine on the Nextcloud server in my living
    room next to the TV, accessed remotely by WebDAV.

    --
    _/_
    / v \ Scott Alfter (remove the obvious to send mail)
    (IIGS( https://alfter.us/ Top-posting!
    \_^_/ >What's the most annoying thing on Usenet?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Dan Purgert@21:1/5 to scott@alfter.diespammersdie.us on Wed Feb 9 19:29:46 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    scott@alfter.diespammersdie.us wrote:
    The Real Bev <bashley101@gmail.com> wrote:
    Not so with a password storage site, which might simply cease to exist.

    That's not an issue with KeePass. You store your password file wherever you want: cloud storage (aka "someone else's computer"), your own server, a USB flash stick, whatever. I keep mine on the Nextcloud server in my living
    room next to the TV, accessed remotely by WebDAV.


    Same, auto-sync is so nice :)

    Although, for the longest time I just had the one copy rsync'd to a
    backup machine.


    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmIEFlQACgkQbWVw5Uzn KGDTEw/8DsuY68MdJvo4UYhq1G59zkbPEFo19d3S8uAGqrLn1CZQ1j1tcOndJWto Hxl1kVRtvOBu3Dmspl5TIorxvGZ5hi4eWbrdfpHbDlYxsimnsX3fYgOTtJaeZm8z v9QexInsR6wPbThkgfK79fhsaLjpyyk0iO+vE7bUn9aT5WQbASPUfmr45DZdoiy5 K74AsPAW85xvgPMmZU23vaPWVGxkcuBoeF1KV+2ptN5MJD8TtVHaNrgtv/UMSKpV 14H9rhzu9wLk/BJ1u9Xn7AVdE3XFPs8e/5JZ0PogHkhdizQF8KAi3qgPapS+cF5B m22F3NZvAOjDFIPn8fpOllqD1kfoOQVK19xGbeBOdUBsx1qROmrDBL+rpm0K+rJw LhaaxkU+kJMuDcmF21xTdzP7YCkTCIEx1u8//VIGEk3QHpDGoboFTQeV7zklElUN FuCvvyAsorluhJiYEPCoVdr8i7r9WOjgBxsjNa2eYszVqIWImC7831tLcbVBqwGI 0Y5tuJyk1kteWBi3fy3qdonl8RxYFT5FZ4ZnSS/mAuQdI0TcDxuqASypsRfd68MH pZcwzKe5f5ExwoE5+T2Meq6s+WpGh4SxKKEc69mQshdGpeKoUz2HOCbfqAvF0vws swLTQlW/fG5xsBW+iRAK4VLyi0lbky/C/RK49z7+/OoE+gdK+b4=
    =INGH
    -----END PGP SIGNATURE-----

    --
    |_|O|_| Github: https://github.com/dpurgert
    |_|_|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860
    |O|O|O|

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Real Bev@21:1/5 to Dan Purgert on Wed Feb 9 14:05:33 2022
    On 02/08/2022 04:18 AM, Dan Purgert wrote:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    The Real Bev wrote:
    Not to mention the danger of hackage of the password-storage website.

    Where on earth have you gotten this idea of a "password storage website" from? KeePass is an application running locally on your PC, no network communication required.

    Just from what I've read here. I'm not interested in any password that
    I can't read and reproduce by copy/pasting, so I haven't done any
    research at all.

    Just for curious -- why do you bother with pgp for public comments like
    this?

    --
    Cheers, Bev
    "Calling someone an asshole for being rude to a telemarketer
    is like accusing someone who's shot a burglar in his home
    of being a poor host." -- W.S.Rowell

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Real Bev@21:1/5 to meff on Wed Feb 9 14:03:16 2022
    On 02/07/2022 11:00 PM, meff wrote:
    On 2022-02-08, The Real Bev <bashley101@gmail.com> wrote:
    Not so with a password storage site, which might simply cease to exist.
    What would happen then? Would you have to go to each
    password-requiring entity and reset your password? I hate doing that
    even ONCE, especially when they insist on sending a code to my cell in
    addition. What about sites that demand your old password before
    allowing you to change it? What if that's an online-only brokerage account?

    KeePass doesn't actually need a password storage site. I keep my
    KeePass database backed up in my own backups, and the db files are
    synced across my devices using Syncthing. My db doesn't ever hit a
    "public" cloud and I don't have to trust any third party for access to
    it.

    So your passwords work even if keepass is inexplicably down and you
    don't know what they are? Is there any way to find out what they are?
    I assume you're using a password-generator that gives appropriate
    combinations of unintelligible characters...

    What I'm really asking: Can you access legible passwords (that you can
    feed into your broker/bank/whatever by hand) if keepass ceases to exist?

    --
    Cheers, Bev
    "Calling someone an asshole for being rude to a telemarketer
    is like accusing someone who's shot a burglar in his home
    of being a poor host." -- W.S.Rowell

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Real Bev@21:1/5 to Dan Purgert on Wed Feb 9 14:14:28 2022
    On 02/09/2022 11:29 AM, Dan Purgert wrote:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    scott@alfter.diespammersdie.us wrote:
    The Real Bev <bashley101@gmail.com> wrote:
    Not so with a password storage site, which might simply cease to exist.

    That's not an issue with KeePass. You store your password file wherever you >> want: cloud storage (aka "someone else's computer"), your own server, a USB >> flash stick, whatever. I keep mine on the Nextcloud server in my living
    room next to the TV, accessed remotely by WebDAV.

    Same, auto-sync is so nice :)

    Although, for the longest time I just had the one copy rsync'd to a
    backup machine.

    I have long been distrustful of 'syncing' machines because I have yet to
    see an actual definition: (1) Do you copy the contents of machineA to machineB, deleting the previous contents of machineB? (2) Vice versa?
    (3) Do you copy the contents of A to B, leaving the files of B that had
    no counterpat on A alone? (4) Do you copy the contents of each machine
    to the other, ending up with both machines containing all the contents
    of both of the original machines? I can't believe that, but how else do
    you 'sync' the unique contents of B to A and vice versa? Do they all
    have to use the exact same operating system?

    What if you 'sync' five machines? Which one, if any, takes precedence?

    All I see is "Do you want to sync your machines?" and my answer is NO
    WAY, ASSHOLE, not until you tell me what you actually mean.

    --
    Cheers, Bev
    "Calling someone an asshole for being rude to a telemarketer
    is like accusing someone who's shot a burglar in his home
    of being a poor host." -- W.S.Rowell

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Eli the Bearded@21:1/5 to bashley101@gmail.com on Wed Feb 9 23:05:01 2022
    In comp.misc, The Real Bev <bashley101@gmail.com> wrote:
    So your passwords work even if keepass is inexplicably down and you
    don't know what they are? Is there any way to find out what they are?
    I assume you're using a password-generator that gives appropriate combinations of unintelligible characters...

    Keepass is a standalone tool with a standalone database.

    You don't need to be online to use it, so the site can go down.

    It's open source with clients for various OSes & devices, so the site
    can go down and you stand a chance of getting your passwords out on a
    new phone or computer.

    What I'm really asking: Can you access legible passwords (that you
    can feed into your broker/bank/whatever by hand) if keepass ceases to
    exist?

    Yes, if you have the database file and the master password for it.

    https://en.wikipedia.org/wiki/KeePass
    KeePass Password Safe is a free and open-source password manager
    primarily for Windows. It officially supports macOS and Linux
    operating systems through the use of Mono. Additionally, there are
    several unofficial ports for Windows Phone, Android, iOS, and
    BlackBerry devices. KeePass stores usernames, passwords, and other
    fields, including free-form notes and file attachments, in an
    encrypted file. This file can be protected by any combination of a
    master password, a key file, and the current Windows account
    details. By default, the KeePass database is stored on a local file
    system (as opposed to cloud storage).

    It's not a great tool from a usability point of view, in my biased
    opinion, but it works and is safe from subscription lock-in.

    Elijah
    ------
    has seen it used at a couple of jobs

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Dan Purgert@21:1/5 to The Real Bev on Thu Feb 10 00:46:48 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    The Real Bev wrote:
    On 02/08/2022 04:18 AM, Dan Purgert wrote:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    The Real Bev wrote:
    Not to mention the danger of hackage of the password-storage website.

    Where on earth have you gotten this idea of a "password storage website"
    from? KeePass is an application running locally on your PC, no network
    communication required.

    Just from what I've read here. I'm not interested in any password that
    I can't read and reproduce by copy/pasting, so I haven't done any
    research at all.

    Okay, then it's a bit of miscommunication somewhere.

    KeePass (and its variants) is a stand-alone piece of software, that is
    not reliant on any "web service" to keep running. Worst case, the
    database will get corrupted (but that's what backups are for, incl. the
    regular - albeit infrequent - plaintext export).

    Just for curious -- why do you bother with pgp for public comments like
    this?

    Long time ago it made sense (proof it was me and all). Nowadays it's
    more just because.

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmIEYKIACgkQbWVw5Uzn KGDr5BAAoFYpAyQOpHt5grrkurUHGCBWBUsgX5AiG0/xu4TzlKMhDeThJU+22gst d+X2+sPb/UP7v5H0hSUzhQ3dQGTxcpKFOmYSQNT8rXaMj1i1ucy2+iAoNdpL7PXV uwvDW8b8LN1GcfYFirUoqYX6ggC3iMFyXuzGRLQ4Eju4R6rwIDgYD/PxaZSZqwqo 8I3UuncH+2qpr2McFdRykgMJjnGcNqZo/p0Kbx25QW0G8ihwkVESlsu2Dmv6buil 3SgFPtX92Y5klLweLSbU4CmbN/KtQyBF4fXV56LVX4Xdfd+j9zXmy8LkPw17d+2w 2NKcEIN/Jc8gcicm1zKtKoDXG4KRLhwXNdrnWyv+b7mxEw0dZzeQJMbyRdpNPgia dxYPeeMNnmfKSp9E6e61sYB3Z6P5hX+5kwB7CZxiIBFzSUnsE1WPmMwj9v+MbNm3 YRIMftsElqrv19DQHdBQJYLrIJqsO2RYWdAo99OATFTXzGkYsSWxoVGTsZqWVG0f o+32EJkmVIHEMhNBh7LlqobnpWP0e9kHVu94e2vh+PO8nvIsERwjK0aDVqLnyERQ e4UkzuR7i4LRVgVkPwray8dppRSmWk+6wKJ6S/nEKijUi/HqHYCQajsj+4iHej22 ApRJATtAEsVWxqdxuTEtzQXIFbliUPlk3ZoCn64wx/LAYJoThNM=
    =WRmM
    -----END PGP SIGNATURE-----

    --
    |_|O|_| Github: https://github.com/dpurgert
    |_|_|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860
    |O|O|O|

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Dan Purgert@21:1/5 to The Real Bev on Thu Feb 10 01:19:34 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    The Real Bev wrote:
    On 02/09/2022 11:29 AM, Dan Purgert wrote:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    scott@alfter.diespammersdie.us wrote:
    The Real Bev <bashley101@gmail.com> wrote:
    Not so with a password storage site, which might simply cease to exist. >>>
    That's not an issue with KeePass. You store your password file wherever you
    want: cloud storage (aka "someone else's computer"), your own server, a USB >>> flash stick, whatever. I keep mine on the Nextcloud server in my living >>> room next to the TV, accessed remotely by WebDAV.

    Same, auto-sync is so nice :)

    Although, for the longest time I just had the one copy rsync'd to a
    backup machine.

    I have long been distrustful of 'syncing' machines because I have yet to
    see an actual definition: (1) Do you copy the contents of machineA to machineB, deleting the previous contents of machineB? (2) Vice versa?
    (3) Do you copy the contents of A to B, leaving the files of B that had
    no counterpat on A alone? (4) Do you copy the contents of each machine
    to the other, ending up with both machines containing all the contents
    of both of the original machines? I can't believe that, but how else do
    you 'sync' the unique contents of B to A and vice versa? Do they all
    have to use the exact same operating system?

    (1) Depends.
    1.1 Rsync - at least for my use - is one-way from a given machine to
    a backup server in most cases (I mean I do have to restore every
    now and again). PC is "master" in that regard, and overwrites
    "server".
    1.2 Nextcloud is more of a "network share" -- all machines always have
    the same data (well, less any sync delays; although I believe that
    opening a file checks if the file's changed on the server first).
    1.3 I also use git for programming projects; and that enforces
    "central server is master", requiring some manual intervention
    if someone else made changes that I don't have.

    (2) I think I answered this above. Lemme know if you want more
    clarification.

    (3) Depends
    3.1 For rsync'd things, I don't do 'deletes' on sync if something's
    on "backup server" and no longer on "pc" (laptop, whatever)
    3.2 & 3.3 For nextcloud or git stuff, the server usually keeps some
    "reversion" history that I can undo an oops with; but otherwise,
    deleting from one deletes from everything.

    (4) Not entirely.
    4.1 Rsync stuff only represents a given machine's $HOME directory
    (plus maybe /etc or some /usr/local/bin scripts I wrote myself),
    less "Nextcloud" data. I suppose this would be what you consider
    the "on machine A, but not on B" stuff.
    4.2 All machines that utilize Nextcloud have the same data as what's
    tossed into the shared directory (i.e. $HOME/Nextcloud/). The
    Nextcloud sync client is cross platform - running on Win / Linux
    / android / Mac / iOS.
    4.3 Only those projects that are on multiple systems get "sync'd", and
    "syncs" are manual. Git, like Nextcloud, is cross-platform,
    although I don't use it on Windows.

    What if you 'sync' five machines? Which one, if any, takes precedence?

    The central server that's hosting Nextcloud (or git). After that, all
    the client machines are "equals". Syncs happen pretty frequently across
    most everything, except the android phone (but that's because I opted to
    have that only sync hourly).

    Rsync backups, each individual PC is the "master", and the backup server
    just takes whatever "new" data the machine(s) send to it.


    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmIEaE8ACgkQbWVw5Uzn KGDaig/8D1jd0ghRGtkSdmuF0bVskhr8FzZMjlGA2nb+ESBDnRXE41f8kCep5mmQ lMA1gI/fZQMk3TFkgGBWM1HNm6+Ytdi+RUDL005BPHDIcmFVyn2guxvkqZ0kmZl1 9TPM0A1SwxFA/kZoAXhCQBbyKA6oxj2NN/j5rcmmMlSM5nscH1zMxlmpKvGFsIdZ RXZpsr4fcKnlVLjn5ucw7yPDyx4eQgqi2voeOQhwQsRDjxtho1I45RvGHxNTZs0d +R4g/0ra0rFj23wmmIvN8pdwfwnWse95cPwU4+MH08bzS/tDWSVWSf9HqcAvdcx1 w28pUufWvGFpHsPZqouoJVG2YK7w6xJK0wLjnXt4SmWRYxLHqPUC9OP/XFUfwfvA w3fMKxAu5kkt619Huz3PMU6i0RY4YfVqBBFCQcl0VhVMeFlZ7ijbFdnvx5a0ZobU x8AZqNuPsWzRZ0bMmwiTtJeU4X5vNw8ID9K1+hHw8UNywIGRQHswJtKlpPXYZ2Bt spTXX6aRhS9GtH+RNE9jUpHmriLNrCBiHZ3XL1e/XtdgOWHw40zYOh1vtKx8eUcc 2VsS4Yj0N2kDqFPRADZPqH4YtelTibCdhHmp9DBTNp+vuG6nz0CHpSU8h7CyxYn/ b3EtulrsVCgOxlTrBPNR257jsutzIqgfAEHcjpIMixJ9OzqmS74=
    =WWIF
    -----END PGP SIGNATURE-----

    --
    |_|O|_| Github: https://github.com/dpurgert
    |_|_|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860
    |O|O|O|

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From scott@alfter.diespammersdie.us@21:1/5 to The Real Bev on Thu Feb 10 17:04:00 2022
    The Real Bev <bashley101@gmail.com> wrote:
    So your passwords work even if keepass is inexplicably down and you
    don't know what they are? Is there any way to find out what they are?
    I assume you're using a password-generator that gives appropriate combinations of unintelligible characters...

    What I'm really asking: Can you access legible passwords (that you can
    feed into your broker/bank/whatever by hand) if keepass ceases to exist?

    KeePass is a program, not a website. As long as you have a copy of it and something that will run it, you can use it to access your passwords. It
    stores your password file wherever *you* want to store it, and it has a
    plugin system to extend its capabilities. (I use plugins for browser integration and to have it store TOTP 2FA credentials for sites that use them...it's easier to look up that six-digit code in there than to fire up
    the phone and look it up on that.)

    As long as you have a source tarball or binary (whether for KeePass or one
    of the many other programs that understand its data format), you'll have
    access to your passwords.

    --
    _/_
    / v \ Scott Alfter (remove the obvious to send mail)
    (IIGS( https://alfter.us/ Top-posting!
    \_^_/ >What's the most annoying thing on Usenet?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From The Real Bev@21:1/5 to Dan Purgert on Thu Feb 10 12:58:32 2022
    On 02/09/2022 05:19 PM, Dan Purgert wrote:

    Rsync backups, each individual PC is the "master", and the backup server
    just takes whatever "new" data the machine(s) send to it.

    Thanks. I have one linux, one windows and a couple of androids. The
    only common software is Firefox, and I really only use that on the linux machine. The winmachine is only used for tax software and I don't like
    firefox on Android because it takes longer to start than whatever the
    native app is.

    I think making multiple linux backups, copying the resulting tax files
    to pdfs (and the actual .tax [or whatever] files) to the linux machine
    and letting the Pixel autobackup to wherever it autobacksup to is
    sufficient.

    I'm annoyed that SOME android apps won't save the password -- like I
    give a shit about even HAVING one, much less having to remember the damn
    thing. The only one I deliberately tell not to remember is the one for
    my bank, and I only have that on the phone so I can deposit the odd
    check I receive without having to walk to the bank itself.

    --
    Cheers, Bev
    Why is it so hot and what am I doing in this handbasket?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From gtr@21:1/5 to unbreakable@secmail.pro on Sat Feb 12 21:35:14 2022
    XPost: alt.atheism, comp.sys.mac.misc, comp.sys.mac.system
    XPost: comp.unix.misc

    On Jul 12, 2021 at 1:53:00 AM PDT, "Unbreakable Disease" <unbreakable@secmail.pro> wrote:

    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here including
    my financial passwords and credit card data, with the exception of
    passwords that I would have to remember anyway (full-disk encryption,
    login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10 complicated passwords that you use everyday than 100+ simple passwords
    you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.

    I'm really glad this topic came up. I'm sorting through the drek of old users/passwords in Safari's stash, and Firefox's and 1Password v6 which I now realize hasn't been working in Safari, but has in Firefox. It's a total mess.
    I think I'll spend a few days trying to sort it out...

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Vlad Markov@21:1/5 to meff on Thu Jun 2 00:28:00 2022
    On 2022-02-05, meff <email@example.com> wrote:
    On 2022-02-05, Scientific ⚧ <science@danwin1210.de> wrote:
    A PGP-signed message, nice. Do you think that there should be a
    newsgroup reader for Android?

    An Android newsreader would be fantastic IMO.


    There are newsreaders for Android. I use HotDogEd. Use "nntp" as your
    search term in the play store, they are plenty to choose from.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From meff@21:1/5 to Vlad Markov on Tue Jun 7 06:11:15 2022
    On 2022-06-02, Vlad Markov <vlad@happy.dwarf7.net> wrote:
    There are newsreaders for Android. I use HotDogEd. Use "nntp" as your
    search term in the play store, they are plenty to choose from.

    Huh I think I was looking around in F-Droid and never bothered looking
    in the Play Store. My mistake, there are a couple apps here I'd like
    to try out. Is "HotDogEd NNTP Provider" the one you use?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Vlad Markov@21:1/5 to meff on Wed Jun 8 22:45:15 2022
    On 2022-06-07, meff <email@example.com> wrote:
    On 2022-06-02, Vlad Markov <vlad@happy.dwarf7.net> wrote:
    There are newsreaders for Android. I use HotDogEd. Use "nntp" as your
    search term in the play store, they are plenty to choose from.

    Huh I think I was looking around in F-Droid and never bothered looking
    in the Play Store. My mistake, there are a couple apps here I'd like
    to try out. Is "HotDogEd NNTP Provider" the one you use?


    Yes, that is the one I use. For some reason I ended up installing 2
    apps to get it going. I do not like that it "catches up" on the server
    vice the group.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Y A@21:1/5 to Unbreakable Disease on Sat Feb 11 08:15:07 2023
    Use only one password with different endings.....



    On Monday, July 12, 2021 at 12:53:31 PM UTC+3, Unbreakable Disease wrote:
    My 50-year old brain isn't capable of memorizing that many passwords
    anymore, so I use KeePassXC. I keep basically everything here including
    my financial passwords and credit card data, with the exception of
    passwords that I would have to remember anyway (full-disk encryption,
    login, primary e-mail passwords, etc.)

    Overall, it's much easier to remember and much harder to forget 10 complicated passwords that you use everyday than 100+ simple passwords
    you use every month or even less.

    I can't speak about Windows version of KeePass, because with the
    exception of playing games not available on Macintosh, I haven't used
    one since Windows 95 days.
    --
    Tip me: bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

    bitcoin:bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)