My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here including
my financial passwords and credit card data, with the exception of
passwords that I would have to remember anyway (full-disk encryption,
login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10 complicated passwords that you use everyday than 100+ simple passwords
you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
If there's one that keeps the data just on the local machine, I'd be interested.
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here
including my financial passwords and credit card data, with the
exception of passwords that I would have to remember anyway (full-disk encryption, login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10 complicated passwords that you use everyday than 100+ simple passwords
you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here including
my financial passwords and credit card data, with the exception of
passwords that I would have to remember anyway (full-disk encryption,
login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10
complicated passwords that you use everyday than 100+ simple passwords
you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
If there's one that keeps the data just on the local machine, I'd be >interested.
In article <sch9i1$k05$1@dont-email.me>, Wade Garrett <wade@cooler.net> wrote:
On 7/12/21 5:53 AM, Unbreakable Disease wrote:
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here including
my financial passwords and credit card data, with the exception of
passwords that I would have to remember anyway (full-disk encryption,
login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10
complicated passwords that you use everyday than 100+ simple passwords
you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
If there's one that keeps the data just on the local machine, I'd be >>interested.
KeePass stores its file wherever you tell it. It could be local storage, >storage on a server you control (as on a VPS or a dedicated server), or >whatever cloud storage is supported on the OS you're using. I use a WebDAV >share on a VPS. It's accessible to my phone and my computers, but not to >others. (I suppose Linode could grab the file, but without the password to >unlock it, it's useless to anybody else.)
On 7/12/21 5:53 AM, Unbreakable Disease wrote:
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here including
my financial passwords and credit card data, with the exception of
passwords that I would have to remember anyway (full-disk encryption,
login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10
complicated passwords that you use everyday than 100+ simple passwords
you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
If there's one that keeps the data just on the local machine, I'd be interested.
On 7/12/21 5:53 AM, Unbreakable Disease wrote:
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here
including my financial passwords and credit card data, with the
exception of passwords that I would have to remember anyway
(full-disk encryption, login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10
complicated passwords that you use everyday than 100+ simple
passwords you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't
used one since Windows 95 days.
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
If there's one that keeps the data just on the local machine, I'd be interested.
I keep a spreadsheet with my PWs on my FileVault-encrypted iMac hard
drive and copy/paste to logins that need to stay secure- financial,
vendors, healthcare, etc.
I always log out before leaving the house.
[I don't know why the OP cross-posted to alt.atheism. I've dropped it]
Wade Garrett <wade@cooler.net> writes:
On 7/12/21 5:53 AM, Unbreakable Disease wrote:
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here
including my financial passwords and credit card data, with the
exception of passwords that I would have to remember anyway
(full-disk encryption, login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10
complicated passwords that you use everyday than 100+ simple
passwords you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't
used one since Windows 95 days.
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
I keep a spreadsheet with my PWs on my FileVault-encrypted iMac hard
drive and copy/paste to logins that need to stay secure- financial,
vendors, healthcare, etc.
I use PasswordSafe https://pwsafe.org/ .
It's a Windows application with clones available for Android, iOS, and Mac.
There's a Linux version, available as "passwordsafe" in the Ubuntu repos
(and presumably others), but I haven't gotten it to work.
password-gorilla is a Linux application that uses the same file format
and should be available in the package repos for most distributions.
Keeping the database synchronized across devices is left as an exercise.
Keeping the database synchronized across devices is left as an exercise.
And that means you end up with not having the password you need unless
you limit your use of the Internet to a single machine.
Not if I replicate the encrypted database across the machines I use.
I understand that that could open a potential security hole if
I'm not sufficiently careful. But if I *am* sufficiently careful,
my database doesn't exist on anyone else's server.
In message <874kcz5pqn.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:[...]
I use PasswordSafe https://pwsafe.org/ .
It's a Windows application with clones available for Android, iOS, and Mac.
There's a Linux version, available as "passwordsafe" in the Ubuntu repos
(and presumably others), but I haven't gotten it to work.
password-gorilla is a Linux application that uses the same file format
and should be available in the package repos for most distributions.
Keeping the database synchronized across devices is left as an exercise.
And that means you end up with not having the password you need unless
you limit your use of the Internet to a single machine.
In article <87zgur47bv.fsf@nosuchdomain.example.com>, Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
Keeping the database synchronized across devices is left as an exercise. >> >And that means you end up with not having the password you need unless
you limit your use of the Internet to a single machine.
Not if I replicate the encrypted database across the machines I use.
I understand that that could open a potential security hole if
I'm not sufficiently careful. But if I *am* sufficiently careful,
my database doesn't exist on anyone else's server.
and if you forget to sync it, murphy's law states that you won't have
the password you need.
computers are there to do work *for* you.
Keeping the database synchronized across devices is left as an exercise.
And that means you end up with not having the password you need unless >> > you limit your use of the Internet to a single machine.
Not if I replicate the encrypted database across the machines I use.
I understand that that could open a potential security hole if
I'm not sufficiently careful. But if I *am* sufficiently careful,
my database doesn't exist on anyone else's server.
and if you forget to sync it, murphy's law states that you won't have
the password you need.
Of course. That happens now and then. The solution is to go back and
sync it.
computers are there to do work *for* you.
I'm not going to go into too much detail about *how* I synchronize my password database
On 2021-07-12, Unbreakable Disease <unbreakable@secmail.pro> wrote:
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here
including my financial passwords and credit card data, with the
exception of passwords that I would have to remember anyway (full-disk
encryption, login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10
complicated passwords that you use everyday than 100+ simple passwords
you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
I don't see anything wrong with using Apple's built-in Keychain password manager. The only drawback it has is that it's Apple-only, and that has
never been a reason not to use it for me. Most of my family uses it and
is happy with it.
The iCloud Keychain service is optional and seamlessly synchronizes your password database between all of your Apple devices. It is also highly encrypted using end-to-end encryption so that it cannot be accessed by
anyone but you.
Others here will recommend cross-platform solutions, but if you have no
need for synchronizing your password database to other platforms,
Apple's built-in Keychain is quite a secure and capable solution, and
it's integrated with all of Apple's operating systems by default.
On Mon, 12 Jul 2021 15:17:43 GMT, Scott Alfter <scott@alfter.diespammersdie.us> wrote:chase Scott Alfter. Too much risk and unknown benefits.
In article <sch9i1$k05$1@dont-email.me>, Wade Garrett <wade@cooler.net> wrote:If it's out there than people can access it if they want.
On 7/12/21 5:53 AM, Unbreakable Disease wrote:
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here including >>>> my financial passwords and credit card data, with the exception of
passwords that I would have to remember anyway (full-disk encryption,
login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10
complicated passwords that you use everyday than 100+ simple passwords >>>> you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
If there's one that keeps the data just on the local machine, I'd be
interested.
KeePass stores its file wherever you tell it. It could be local storage,
storage on a server you control (as on a VPS or a dedicated server), or
whatever cloud storage is supported on the OS you're using. I use a WebDAV >> share on a VPS. It's accessible to my phone and my computers, but not to
others. (I suppose Linode could grab the file, but without the password to >> unlock it, it's useless to anybody else.)
Hackers are looking out for easy targets, almost nobody is going to
On Mon, 12 Jul 2021 07:37:35 -0400
Wade Garrett wrote:
On 7/12/21 5:53 AM, Unbreakable Disease wrote:
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here including
my financial passwords and credit card data, with the exception of
passwords that I would have to remember anyway (full-disk encryption,
login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10
complicated passwords that you use everyday than 100+ simple passwords
you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
If there's one that keeps the data just on the local machine, I'd be
interested.
I keep a spreadsheet with my PWs on my FileVault-encrypted iMac hard
drive and copy/paste to logins that need to stay secure- financial,
vendors, healthcare, etc.
I always log out before leaving the house.
I'm using KeepassX which is purely local, and am very happy with it.
AndyK
In article <87v95f45td.fsf@nosuchdomain.example.com>, Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
Keeping the database synchronized across devices is left as an exercise.
And that means you end up with not having the password you need unless >> >> > you limit your use of the Internet to a single machine.
Not if I replicate the encrypted database across the machines I use.
I understand that that could open a potential security hole if
I'm not sufficiently careful. But if I *am* sufficiently careful,
my database doesn't exist on anyone else's server.
and if you forget to sync it, murphy's law states that you won't have
the password you need.
Of course. That happens now and then. The solution is to go back and
sync it.
no, the solution is to have it automatically sync.
computers are there to do work *for* you.
^^this^^
I'm not going to go into too much detail about *how* I synchronize my
password database
you already said how: you manually sync it.
automatically syncing means a new or changed entry is available on
other devices within seconds, no additional effort required.
Keeping the database synchronized across devices is left as an
exercise.
And that means you end up with not having the password you need unless
you limit your use of the Internet to a single machine.
Not if I replicate the encrypted database across the machines I use.
I understand that that could open a potential security hole if
I'm not sufficiently careful. But if I *am* sufficiently careful,
my database doesn't exist on anyone else's server.
and if you forget to sync it, murphy's law states that you won't have
the password you need.
Of course. That happens now and then. The solution is to go back and
sync it.
no, the solution is to have it automatically sync.
The solution *I use* is to go back and sync it. It works.
computers are there to do work *for* you.
^^this^^
I'm not going to go into too much detail about *how* I synchronize my
password database
you already said how: you manually sync it.
There's more to it than that.
automatically syncing means a new or changed entry is available on
other devices within seconds, no additional effort required.
I know what "automatically syncing" means.
You haven't said anything
about how to do that. (I use Ubuntu, Windows, and Android.)
For my situation, I've decided (so far) that automation would be more
effort than it's worth *for me*. I'm willing to change my mind if
presented with new information. If you have none to offer, that's fine.
In article <87r1g3439e.fsf@nosuchdomain.example.com>, Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
Keeping the database synchronized across devices is left as an
exercise.
And that means you end up with not having the password you need unless
you limit your use of the Internet to a single machine.
Not if I replicate the encrypted database across the machines I use. >> >> >> I understand that that could open a potential security hole if
I'm not sufficiently careful. But if I *am* sufficiently careful,
my database doesn't exist on anyone else's server.
and if you forget to sync it, murphy's law states that you won't have >> >> > the password you need.
Of course. That happens now and then. The solution is to go back and
sync it.
no, the solution is to have it automatically sync.
The solution *I use* is to go back and sync it. It works.
except when it doesn't, which you admit happens 'now and then'.
computers are there to do work *for* you.
^^this^^
I'm not going to go into too much detail about *how* I synchronize my
password database
you already said how: you manually sync it.
There's more to it than that.
those details are irrelevant. the fact is that it's manual which means
it's a lot of extra work with the opportunity to screw it up.
i suspect whatever system you're using does not properly handle merges.
automatically syncing means a new or changed entry is available on
other devices within seconds, no additional effort required.
I know what "automatically syncing" means.
then why not use it?
You haven't said anything
about how to do that. (I use Ubuntu, Windows, and Android.)
what's to know? choose a password manager that offers automatic sync.
done.
For my situation, I've decided (so far) that automation would be more
effort than it's worth *for me*. I'm willing to change my mind if
presented with new information. If you have none to offer, that's fine.
what effort? download a new password manager app that offers syncing,
then export passwords from your existing password manager and import
them to the new one. it should take a minute or two.
Keeping the database synchronized across devices is left as an
exercise.
And that means you end up with not having the password you need
unless
you limit your use of the Internet to a single machine.
Not if I replicate the encrypted database across the machines I use. >> >> >> I understand that that could open a potential security hole if
I'm not sufficiently careful. But if I *am* sufficiently careful, >> >> >> my database doesn't exist on anyone else's server.
and if you forget to sync it, murphy's law states that you won't have >> >> > the password you need.
Of course. That happens now and then. The solution is to go back and >> >> sync it.
no, the solution is to have it automatically sync.
The solution *I use* is to go back and sync it. It works.
except when it doesn't, which you admit happens 'now and then'.
computers are there to do work *for* you.
^^this^^
I'm not going to go into too much detail about *how* I synchronize my >> >> password database
you already said how: you manually sync it.
There's more to it than that.
those details are irrelevant. the fact is that it's manual which means
it's a lot of extra work with the opportunity to screw it up.
i suspect whatever system you're using does not properly handle merges.
It does not, and I did run into a problem with that not too long ago.
It took some manual work to resolve it.
automatically syncing means a new or changed entry is available on
other devices within seconds, no additional effort required.
I know what "automatically syncing" means.
then why not use it?
You haven't said anything
about how to do that. (I use Ubuntu, Windows, and Android.)
what's to know? choose a password manager that offers automatic sync.
done.
I've spent *some* time looking into alternatives, but perhaps not
enough. The password manager I use uses a local file. Others I've
looked at store data "in the cloud", i.e., on someone else's computer.
I've decided *for myself* that I don't want to store my passwords in the cloud, and that I'm willing to pay the price of more difficult local
updates.
For my situation, I've decided (so far) that automation would be more
effort than it's worth *for me*. I'm willing to change my mind if
presented with new information. If you have none to offer, that's fine.
what effort? download a new password manager app that offers syncing,
then export passwords from your existing password manager and import
them to the new one. it should take a minute or two.
And install it on all my devices, and learn how to use it -- plus
convincing myself that it's sufficiently secure. Much more than
"a minute or two".
Is there a password manager that supports automatic sync among Linux, Android, and Windows *without* storing any of my information in the
cloud (i.e., on someone else's computer)? (It's possible that I hadn't
made it clear enough that I don't want to use cloud storage.)
In article <87mtqr402j.fsf@nosuchdomain.example.com>, Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:[...]
Is there a password manager that supports automatic sync among Linux,
Android, and Windows *without* storing any of my information in the
cloud (i.e., on someone else's computer)? (It's possible that I hadn't
made it clear enough that I don't want to use cloud storage.)
there are several, each with different mixes of features, some with
better integration than others, and only you can decide which one fits
your needs.
nospam <nospam@nospam.invalid> writes:
In article <87mtqr402j.fsf@nosuchdomain.example.com>, Keith Thompson[...]
<Keith.S.Thompson+u@gmail.com> wrote:
Is there a password manager that supports automatic sync among Linux,
Android, and Windows *without* storing any of my information in the
cloud (i.e., on someone else's computer)? (It's possible that I hadn't
made it clear enough that I don't want to use cloud storage.)
there are several, each with different mixes of features, some with
better integration than others, and only you can decide which one fits
your needs.
Are you unwilling to give examples? Is there one that you use (or do
you use a cloud solution)?
I tried KeePass a while ago, and it doesn't do what I want. (One
feature of the Android version of PasswordSave that I like is that it implements a virtual keyboard, so passwords don't have to go through the system clipboard.) Someone here mentioned KeePassXC, which I might try,
but I don't see an Android version.
I just found a reference to something called Syncthing, which I'll also
look into; it's a continuous file synchronization program, not
specifically related to passwords.
Is there a password manager that supports automatic sync among Linux,
Android, and Windows *without* storing any of my information in the
cloud (i.e., on someone else's computer)? (It's possible that I hadn't
made it clear enough that I don't want to use cloud storage.)
there are several, each with different mixes of features, some with
better integration than others, and only you can decide which one fits
your needs.
Are you unwilling to give examples? Is there one that you use (or do
you use a cloud solution)?
I tried KeePass a while ago, and it doesn't do what I want. (One
feature of the Android version of PasswordSave that I like is that it implements a virtual keyboard, so passwords don't have to go through the system clipboard.) Someone here mentioned KeePassXC, which I might try,
but I don't see an Android version.
I just found a reference to something called Syncthing, which I'll also
look into; it's a continuous file synchronization program, not
specifically related to passwords.
In article <87im1f3x1d.fsf@nosuchdomain.example.com>, Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
Is there a password manager that supports automatic sync among Linux,
Android, and Windows *without* storing any of my information in the
cloud (i.e., on someone else's computer)? (It's possible that I hadn't >> >> made it clear enough that I don't want to use cloud storage.)
there are several, each with different mixes of features, some with
better integration than others, and only you can decide which one fits
your needs.
Are you unwilling to give examples? Is there one that you use (or do
you use a cloud solution)?
i use 1password and keep everything on my devices, however, it does
sync via the cloud. there is (was) a way to sync locally but that had
some limitations and i'm not sure if that's even still an option.
they also offer a cloud version (their servers) but that's not required.
it does look like they now have linux support but i don't know how good
that is. that's relatively recent.
I tried KeePass a while ago, and it doesn't do what I want. (One
feature of the Android version of PasswordSave that I like is that it
implements a virtual keyboard, so passwords don't have to go through the
system clipboard.) Someone here mentioned KeePassXC, which I might try,
but I don't see an Android version.
1password has a background process which directly communicates with
browser extension, skipping the clipboard entirely.
some use the system clipboard which is then auto-erased moments later.
I just found a reference to something called Syncthing, which I'll also
look into; it's a continuous file synchronization program, not
specifically related to passwords.
syncthing is good. also check out nextcloud, which can be installed on
a variety of hardware as well as in a docker container or even a
raspberry pi (although that's not exactly fast).
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here including
my financial passwords and credit card data, with the exception of
passwords that I would have to remember anyway (full-disk encryption,
login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10 complicated passwords that you use everyday than 100+ simple passwords
you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
I tried KeePass a while ago, and it doesn't do what I want. (One
feature of the Android version of PasswordSave that I like is that it >implements a virtual keyboard, so passwords don't have to go through the >system clipboard.)
Lewis <g.kreme@kreme.dont-email.me> writes:
In message <874kcz5pqn.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:[...]
I use PasswordSafe https://pwsafe.org/ .
It's a Windows application with clones available for Android, iOS, and Mac. >>
There's a Linux version, available as "passwordsafe" in the Ubuntu repos >>> (and presumably others), but I haven't gotten it to work.
password-gorilla is a Linux application that uses the same file format
and should be available in the package repos for most distributions.
Keeping the database synchronized across devices is left as an exercise.
And that means you end up with not having the password you need unless
you limit your use of the Internet to a single machine.
Not if I replicate the encrypted database across the machines I use.
I understand that that could open a potential security hole if
I'm not sufficiently careful. But if I *am* sufficiently careful,
my database doesn't exist on anyone else's server.
nospam <nospam@nospam.invalid> writes:
In article <87mtqr402j.fsf@nosuchdomain.example.com>, Keith Thompson[...]
<Keith.S.Thompson+u@gmail.com> wrote:
Is there a password manager that supports automatic sync among Linux,
Android, and Windows *without* storing any of my information in the
cloud (i.e., on someone else's computer)? (It's possible that I hadn't
made it clear enough that I don't want to use cloud storage.)
there are several, each with different mixes of features, some with
better integration than others, and only you can decide which one fits
your needs.
Are you unwilling to give examples? Is there one that you use (or do
you use a cloud solution)?
I tried KeePass a while ago, and it doesn't do what I want.
but I don't see an Android version.
I just found a reference to something called Syncthing, which I'll also
look into; it's a continuous file synchronization program, not
specifically related to passwords.
On 12.07.2021 15:28, Jolly Roger wrote:
On 2021-07-12, Unbreakable Disease <unbreakable@secmail.pro> wrote:I need to use my database on both Mac OS and Linux, so I use
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here
including my financial passwords and credit card data, with the
exception of passwords that I would have to remember anyway
(full-disk encryption, login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10
complicated passwords that you use everyday than 100+ simple
passwords you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't
used one since Windows 95 days.
I don't see anything wrong with using Apple's built-in Keychain
password manager. The only drawback it has is that it's Apple-only,
and that has never been a reason not to use it for me. Most of my
family uses it and is happy with it.
The iCloud Keychain service is optional and seamlessly synchronizes
your password database between all of your Apple devices. It is also
highly encrypted using end-to-end encryption so that it cannot be
accessed by anyone but you.
Others here will recommend cross-platform solutions, but if you have
no need for synchronizing your password database to other platforms,
Apple's built-in Keychain is quite a secure and capable solution, and
it's integrated with all of Apple's operating systems by default.
KeePassXC.
And what if you are left with the Keychain file and Apple goes south?
How you will migrate to KeePassXC?
Your file is going to be nothing more than useless junk
so at least call Apple or e-mail Tim Cook directly at
timcook@apple.com to allow to export Keychain data to other password managers. I doubt that Apple will listen to us, but trying is better
than simply giving up.
In message <87im1f3x1d.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
nospam <nospam@nospam.invalid> writes:
In article <87mtqr402j.fsf@nosuchdomain.example.com>, Keith Thompson[...]
<Keith.S.Thompson+u@gmail.com> wrote:
Is there a password manager that supports automatic sync among Linux,
Android, and Windows *without* storing any of my information in the
cloud (i.e., on someone else's computer)? (It's possible that I hadn't >>>> made it clear enough that I don't want to use cloud storage.)
there are several, each with different mixes of features, some with
better integration than others, and only you can decide which one fits
your needs.
Are you unwilling to give examples? Is there one that you use (or do
you use a cloud solution)?
Examples have been given. You see to think that using a system that you yourself admit is inferior and prone to failure is somehow a virtue, so
you are unlikely to care about other solutions and that holds up since
you have ignored the other solutions offered.
I tried KeePass a while ago, and it doesn't do what I want.
Has anyone mentioned KeePass? I know I haven;ts since I have never used
it, and I don't recall anyone else mentioning it in this thread. I do
not recall that Keepass does syncing, you hae to sync the database
yourself.
but I don't see an Android version.
If you are trusting Android to store your password files you should have
no issue with FAR more secure and tested cloud storage.
I just found a reference to something called Syncthing, which I'll also
look into; it's a continuous file synchronization program, not
specifically related to passwords.
If it cannot manage merges, it is useless for password management.
I use an old electronic organizer to store my passwords, and I keep a
printed hard copy locked in my safe. I don’t trust anything more technological than that combination.
In message <87zgur47bv.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
Lewis <g.kreme@kreme.dont-email.me> writes:
In message <874kcz5pqn.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:[...]
I use PasswordSafe https://pwsafe.org/ .And that means you end up with not having the password you need unless
It's a Windows application with clones available for Android, iOS, and Mac.
There's a Linux version, available as "passwordsafe" in the Ubuntu repos >>>> (and presumably others), but I haven't gotten it to work.
password-gorilla is a Linux application that uses the same file format >>>> and should be available in the package repos for most distributions.
Keeping the database synchronized across devices is left as an exercise. >>>
you limit your use of the Internet to a single machine.
Not if I replicate the encrypted database across the machines I use.
Yes, because you are perfect and will ALWAYS sync on EVERY change.
Not going to happen. You will forget and you will will be caught out
without some recent change or update because you are NOT perfect. Sorry,
but those are just facts.
I understand that that could open a potential security hole if
I'm not sufficiently careful. But if I *am* sufficiently careful,
my database doesn't exist on anyone else's server.
Whopdie doo. That doesn’t make it more secure, you know, just more
obscure, more fragile, more prone to failure, and more likely that you
do not have the information you need when you need it.
On 2021-07-13 6:29 p.m., Oregonian Haruspex wrote:Because you instead use your DNA to log in to your accounts.
I use an old electronic organizer to store my passwords, and I keep ai don't use anything i have no passwords
printed hard copy locked in my safe. I don’t trust anything more
technological than that combination.
nospam <nospam@nospam.invalid> writes:
In article <87im1f3x1d.fsf@nosuchdomain.example.com>, Keith Thompson
<Keith.S.Thompson+u@gmail.com> wrote:
Is there a password manager that supports automatic sync among Linux, >>>>> Android, and Windows *without* storing any of my information in the
cloud (i.e., on someone else's computer)? (It's possible that I hadn't >>>>> made it clear enough that I don't want to use cloud storage.)
there are several, each with different mixes of features, some with
better integration than others, and only you can decide which one fits >>>> your needs.
Are you unwilling to give examples? Is there one that you use (or do
you use a cloud solution)?
i use 1password and keep everything on my devices, however, it does
sync via the cloud. there is (was) a way to sync locally but that had
some limitations and i'm not sure if that's even still an option.
they also offer a cloud version (their servers) but that's not required.
it does look like they now have linux support but i don't know how good
that is. that's relatively recent.
I tried KeePass a while ago, and it doesn't do what I want. (One
feature of the Android version of PasswordSave that I like is that it
implements a virtual keyboard, so passwords don't have to go through the >>> system clipboard.) Someone here mentioned KeePassXC, which I might try, >>> but I don't see an Android version.
1password has a background process which directly communicates with
browser extension, skipping the clipboard entirely.
When I tried KeePass on Android, I didn't find a way to copy a password
or other text from KeePass to another arbitrary application. Possibly I didn't spend enough time exploring it. Something that *only* uses a
browser extension would not be useful to me.
some use the system clipboard which is then auto-erased moments later.
I just found a reference to something called Syncthing, which I'll also
look into; it's a continuous file synchronization program, not
specifically related to passwords.
syncthing is good. also check out nextcloud, which can be installed on
a variety of hardware as well as in a docker container or even a
raspberry pi (although that's not exactly fast).
Yes, I have a NextCloud instance, but I'm not sure I want to store (even encrypted) passwords on it.
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
If there's one that keeps the data just on the local machine, I'd be interested.
Wade Garrett <wade@cooler.net> wrote:
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
If there's one that keeps the data just on the local machine, I'd be
interested.
I believe the classic "pass" (based on pgp) is available on various Unix implementations, including MacOS.
https://www.passwordstore.org/
Wade Garrett <wade@cooler.net> wrote:
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
If there's one that keeps the data just on the local machine, I'd be
interested.
I believe the classic "pass" (based on pgp) is available on various Unix implementations, including MacOS.
https://www.passwordstore.org/
On Fri, 16 Jul 2021 16:34:09 +0300, Otto J. Makela wrote:
Wade Garrett <wade@cooler.net> wrote:
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
If there's one that keeps the data just on the local machine, I'd be
interested.
I believe the classic "pass" (based on pgp) is available on various Unix
implementations, including MacOS.
https://www.passwordstore.org/
Indeed. I use it all the time. And it would be easy to do automatic replication to anything that supported a shell.
In message <ildlj9Fna39U1@mid.individual.net> Bob Eager
<news0009@eager.cx> wrote:
On Fri, 16 Jul 2021 16:34:09 +0300, Otto J. Makela wrote:
Wade Garrett <wade@cooler.net> wrote:
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
If there's one that keeps the data just on the local machine, I'd be
interested.
I believe the classic "pass" (based on pgp) is available on various
Unix implementations, including MacOS.
https://www.passwordstore.org/
Indeed. I use it all the time. And it would be easy to do automatic
replication to anything that supported a shell.
I find this works well if I don't happen to have 1Password available
(like on a remote machine, for example)
uuidgen| sha256sum| cut -c -24
(or any number from 16 on up to 64, though i do not need a 64 hex digit password, ever.)
But I add those passwords to my password manager immediately, of course.
On Fri, 16 Jul 2021 20:10:38 +0000, Lewis wrote:
In message <ildlj9Fna39U1@mid.individual.net> Bob Eager
<news0009@eager.cx> wrote:
On Fri, 16 Jul 2021 16:34:09 +0300, Otto J. Makela wrote:
Wade Garrett <wade@cooler.net> wrote:
I'd like to use a password manager but I'm not comfortable with that >>>>> data being on some server somewhere- allegedly encrypted or not.
If there's one that keeps the data just on the local machine, I'd be >>>>> interested.
I believe the classic "pass" (based on pgp) is available on various
Unix implementations, including MacOS.
https://www.passwordstore.org/
Indeed. I use it all the time. And it would be easy to do automatic
replication to anything that supported a shell.
I find this works well if I don't happen to have 1Password available
(like on a remote machine, for example)
uuidgen| sha256sum| cut -c -24
(or any number from 16 on up to 64, though i do not need a 64 hex digit
password, ever.)
But I add those passwords to my password manager immediately, of course.
Mine, in that situation, is:
dd if=/dev/random count=1 bs=16 2>/dev/null | b64encode - | \
sed -e 's/=*$//' -e '/^begin/d' -e '/^$/d'
In message <iledbpFna39U4@mid.individual.net> Bob Eager
<news0009@eager.cx> wrote:
On Fri, 16 Jul 2021 20:10:38 +0000, Lewis wrote:
In message <ildlj9Fna39U1@mid.individual.net> Bob Eager
<news0009@eager.cx> wrote:
On Fri, 16 Jul 2021 16:34:09 +0300, Otto J. Makela wrote:
Wade Garrett <wade@cooler.net> wrote:
I'd like to use a password manager but I'm not comfortable with
that data being on some server somewhere- allegedly encrypted or
not.
If there's one that keeps the data just on the local machine, I'd
be interested.
I believe the classic "pass" (based on pgp) is available on various
Unix implementations, including MacOS.
https://www.passwordstore.org/
Indeed. I use it all the time. And it would be easy to do automatic
replication to anything that supported a shell.
I find this works well if I don't happen to have 1Password available
(like on a remote machine, for example)
uuidgen| sha256sum| cut -c -24
(or any number from 16 on up to 64, though i do not need a 64 hex
digit password, ever.)
But I add those passwords to my password manager immediately, of
course.
Mine, in that situation, is:
dd if=/dev/random count=1 bs=16 2>/dev/null | b64encode - | \
sed -e 's/=*$//' -e '/^begin/d' -e '/^$/d'
There's no "b64encode" on my macOS.
I like the concept of it, but I refuse to trust some server to store my >passwords.
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here including
my financial passwords and credit card data, with the exception of
passwords that I would have to remember anyway (full-disk encryption,
login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10 complicated passwords that you use everyday than 100+ simple passwords
you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
On Mon, 12 Jul 2021 15:17:43 GMT, Scott Alfter <scott@alfter.diespammersdie.us> wrote:
In article <sch9i1$k05$1@dont-email.me>, Wade Garrett <wade@cooler.net> wrote:If it's out there than people can access it if they want.
On 7/12/21 5:53 AM, Unbreakable Disease wrote:
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here including >>>> my financial passwords and credit card data, with the exception of
passwords that I would have to remember anyway (full-disk encryption,
login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10
complicated passwords that you use everyday than 100+ simple passwords >>>> you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
If there's one that keeps the data just on the local machine, I'd be
interested.
KeePass stores its file wherever you tell it. It could be local storage,
storage on a server you control (as on a VPS or a dedicated server), or
whatever cloud storage is supported on the OS you're using. I use a WebDAV >> share on a VPS. It's accessible to my phone and my computers, but not to
others. (I suppose Linode could grab the file, but without the password to >> unlock it, it's useless to anybody else.)
On 7/12/21 5:53 AM, Unbreakable Disease wrote:
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here
including my financial passwords and credit card data, with the
exception of passwords that I would have to remember anyway (full-disk
encryption, login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10
complicated passwords that you use everyday than 100+ simple passwords
you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
If there's one that keeps the data just on the local machine, I'd be interested.
I keep a spreadsheet with my PWs on my FileVault-encrypted iMac hard
drive and copy/paste to logins that need to stay secure- financial,
vendors, healthcare, etc.
I always log out before leaving the house.
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
256 bit AES encryption not good enough for you?
The weak link is not the encryption algorithm, but the key used to
decrypt the data.
On 2021-07-12 07:37, Wade Garrett wrote:[...]
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
256 bit AES encryption not good enough for you?
Alan Browne <bitbucket@blackhole.com> writes:
On 2021-07-12 07:37, Wade Garrett wrote:[...]
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
256 bit AES encryption not good enough for you?
The weak link is not the encryption algorithm, but the key used to
decrypt the data.
In message <87r1fu18j7.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
Alan Browne <bitbucket@blackhole.com> writes:
On 2021-07-12 07:37, Wade Garrett wrote:[...]
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
256 bit AES encryption not good enough for you?
The weak link is not the encryption algorithm, but the key used to
decrypt the data.
Which the user chooses.
Have you done any actual research into this or have you just read know-nothing clickbait shit?
Alan Browne <bitbucket@blackhole.com> writes:
On 2021-07-12 07:37, Wade Garrett wrote:[...]
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
256 bit AES encryption not good enough for you?
The weak link is not the encryption algorithm, but the key used to
decrypt the data.
Keith Thompson <Keith.S.Thompson+u@gmail.com> writes:
Alan Browne <bitbucket@blackhole.com> writes:
On 2021-07-12 07:37, Wade Garrett wrote:[...]
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
256 bit AES encryption not good enough for you?
The weak link is not the encryption algorithm, but the key used to
decrypt the data.
There’s lots of possible weak links.
- The key may be stored insecurely.
- If the key is derived from a password then the user may choose a weak
password.
- It’s easy to make a bad choice of KDF.
- The choice of cipher mode matters.
- For some cipher modes, how you choose the parameters matters.
- Some ciphers (including AES) are prone to side channels.
How much each of these matters is situational, but “256 bit AES encryption” is not a complete description and may indeed not be good enough, depending on the missing details.
Alan Browne <bitbucket@blackhole.com> writes:
On 2021-07-12 07:37, Wade Garrett wrote:[...]
I'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
256 bit AES encryption not good enough for you?
The weak link is not the encryption algorithm, but the key used to
decrypt the data.
On 2021-07-19 14:08, Keith Thompson wrote:
Alan Browne <bitbucket@blackhole.com> writes:
On 2021-07-12 07:37, Wade Garrett wrote:[...]
The weak link is not the encryption algorithm, but the key used toI'd like to use a password manager but I'm not comfortable with that
data being on some server somewhere- allegedly encrypted or not.
256 bit AES encryption not good enough for you?
decrypt the data.
First off there is a difference between a "key" and a "password".
If the password is "a", the key will still be extremely strong at 256
bits and would look completely different to the key for password "b".
Of course that is not a recommendation.
As to passwords, it's trivial to make strong and easy to remember
passwords with a few misspelled words, mixed case, some symbols and
digits.
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here including
my financial passwords and credit card data, with the exception of
passwords that I would have to remember anyway (full-disk encryption,
login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10 >complicated passwords that you use everyday than 100+ simple passwords
you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
On Mon, 12 Jul 2021 09:53:00 +0000, Unbreakable Disease <unbreakable@secmail.pro> wrote:
My 50-year old brain isn't capable of memorizing that many passwords >>anymore, so I use KeePassXC. I keep basically everything here including
my financial passwords and credit card data, with the exception of >>passwords that I would have to remember anyway (full-disk encryption, >>login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10 >>complicated passwords that you use everyday than 100+ simple passwords
you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
For what it's worth, I like LastPass. I'm not crazy about the fact
that I can't use it on multiple devices without having to pay for it,
but I can't begrudge the software developers over there the right to
earn a living.
The best strengths in current password technology are in passphrases:
https://useapassphrase.com
There's some great stats in there, such as the amount of time it takes
to crack common spatial word passwords such as "qwerty" or "aaaaaa"...
10 milliseconds.
Or how long it takes to crack a password that's a date like
"03261981"... 2.213 seconds.
However, if you use a sequence of four randomly chosen words like
"mergers decade labeled manager", it'll take 6 million centuries to
crack.
So.
I've converted all my passwords to sequences of four to six words; and
I have an email account at a provider that I've never used to send
email to anyone, or to use as the id for any website. There, I have a
draft of an email saved that holds the information.
I now only need to remember one password, and I can get to everything.
As for the remote chance that the email provider will cease to exist,
I made backup accounts with other major providers, because paranoia.
I don't use email apps to access my password storage account; and I
use Tor to get to it for the sake of anonymity. I'd be fairly
impressed if someone got through that level of security, and it's
probably overkill, but why take the risk?
While I'm at it... does everyone know about
https://haveibeenpwned.com
You can put your email address in there, and see if it's been involved
in any large-scale thefts. It's got records going back years, and I
was fairly shocked to see that my wife's account had been hacked years
ago.
I use a couple of programs I wrote to generate random passwords and passphrases:
https://github.com/Keith-S-Thompson/random-passwords
It's two Perl scripts. gen-password generates random passwords with specified criteria, and gen-passphrase generates xkcd-style random word sequences using the system dictionary or a specified one.
On Wed, 21 Jul 2021 12:31:11 -0700, Keith Thompson wrote:
I use a couple of programs I wrote to generate random passwords and
passphrases:
https://github.com/Keith-S-Thompson/random-passwords
It's two Perl scripts. gen-password generates random passwords with
specified criteria, and gen-passphrase generates xkcd-style random word
sequences using the system dictionary or a specified one.
I use dicewords and a set of casino dice.
Bob Eager <news0009@eager.cx> writes:
On Wed, 21 Jul 2021 12:31:11 -0700, Keith Thompson wrote:
I use a couple of programs I wrote to generate random passwords and
passphrases:
https://github.com/Keith-S-Thompson/random-passwords
It's two Perl scripts. gen-password generates random passwords with
specified criteria, and gen-passphrase generates xkcd-style random
word sequences using the system dictionary or a specified one.
I use dicewords and a set of casino dice.
What do you do when the password is restricted as is so often the case?
On 2021-07-12 05:53, Unbreakable Disease wrote:
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here
including my financial passwords and credit card data, with the
exception of passwords that I would have to remember anyway (full-disk
encryption, login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10
complicated passwords that you use everyday than 100+ simple passwords
you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
I use 1Password. Be careful of the option you select. They are leaning towards "rent" model which I despise.
You can keep the encrypted master file on iCloud or Dropbox so it's
available to all of your devices. Avoid the 'rent' model if possible.
On 19.07.2021 14:40, Alan Browne wrote:
You can keep the encrypted master file on iCloud or Dropbox so it'sYou can use any FOSS password manager. For me, anything that is not FOSS
available to all of your devices. Avoid the 'rent' model if possible.
is automatically suspicious (including 1Password). I don't trust
proprietary software and try to reduce its usage to minimum.
On 2021-07-22 04:52, Unbreakable Disease wrote:
On 19.07.2021 14:40, Alan Browne wrote:
You can keep the encrypted master file on iCloud or Dropbox so it'sYou can use any FOSS password manager. For me, anything that is not
available to all of your devices. Avoid the 'rent' model if possible.
FOSS is automatically suspicious (including 1Password). I don't trust
proprietary software and try to reduce its usage to minimum.
1Password has proven itself over time. I like companies that pay
employees to do things right when it's a critical component.
Free? You get what you pay for. So unless it's a wildly widespread and popular package with many people maintaining it, it tends to crud.
The Gimp refers.
On 22.07.2021 13:52, Alan Browne wrote:
On 2021-07-22 04:52, Unbreakable Disease wrote:
On 19.07.2021 14:40, Alan Browne wrote:
You can use any FOSS password manager. For me, anything that is not
You can keep the encrypted master file on iCloud or Dropbox so it's
available to all of your devices. Avoid the 'rent' model if possible. >>>
FOSS is automatically suspicious (including 1Password). I don't trust
proprietary software and try to reduce its usage to minimum.
1Password has proven itself over time. I like companies that pay
employees to do things right when it's a critical component.
Free? "You get what you pay for." So unless it's a wildly widespread
and popular package with many people maintaining it, it tends to crud.
The Gimp refers.
Well, I like free software. It's not always of the same quality as
commercial software, but at least its security can be tested by many
experts in the industry easily as anyone has access to the source code. Anyone can read and edit it... understanding and making it work not so
much.
With the source code available for free, it also means the hackers can
more easily work out how to steal your information. Using open source
or hacked pirated versions for anything even remotely to do with
security is simply incredibly silly.
With the source code available for free, it also means the hackers can
more easily work out how to steal your information. Using open source or hacked pirated versions for anything even remotely to do with security
is simply incredibly silly.
On Wed, 28 Jul 2021 08:30:16 +1200, Your Name wrote:
With the source code available for free, it also means the hackers can
more easily work out how to steal your information. Using open source or
hacked pirated versions for anything even remotely to do with security
is simply incredibly silly.
Ah, a proponent of security through obscurity.
I think not.
With the source code available for free, it also means the hackers can
more easily work out how to steal your information. Using open source
or hacked pirated versions for anything even remotely to do with
security is simply incredibly silly.
On 2021-07-27 22:47:01 +0000, Bob Eager said:
On Wed, 28 Jul 2021 08:30:16 +1200, Your Name wrote:
With the source code available for free, it also means the hackers can
more easily work out how to steal your information. Using open source
or hacked pirated versions for anything even remotely to do with
security is simply incredibly silly.
Ah, a proponent of security through obscurity.
I think not.
I guess that's why the banks leave their vault doors open all night.
:-\
On 2021-07-27 22:47:01 +0000, Bob Eager said:
On Wed, 28 Jul 2021 08:30:16 +1200, Your Name wrote:
With the source code available for free, it also means the hackers can
more easily work out how to steal your information. Using open source or >>> hacked pirated versions for anything even remotely to do with security
is simply incredibly silly.
Ah, a proponent of security through obscurity.
I think not.
I guess that's why the banks leave their vault doors open all night. :-\
With the source code available for free, it also means the hackers can
more easily work out how to steal your information. Using open source
or hacked pirated versions for anything even remotely to do with
security is simply incredibly silly.
In message <sdpqco$1erg$1@gioia.aioe.org> Your Name <YourName@YourISP.com> wrote:
With the source code available for free, it also means the hackers can
more easily work out how to steal your information. Using open source
or hacked pirated versions for anything even remotely to do with
security is simply incredibly silly.
Once again you demonstrate a complete lack of knowledge on a topic. The
VAST majority of encryption is done with open source tools, you nimrod.
Not on;y that, but when companies try to write their own (like Telegram)
it turns out they write shitty software with massive security holes.
Please stop trying to weigh in on things you know absolutely nothing
about, it's embarrassing.
On 2021-07-27 11:27:00 +0000, Unbreakable Disease said:
On 22.07.2021 13:52, Alan Browne wrote:
On 2021-07-22 04:52, Unbreakable Disease wrote:
On 19.07.2021 14:40, Alan Browne wrote:
You can use any FOSS password manager. For me, anything that is not
You can keep the encrypted master file on iCloud or Dropbox so it's
available to all of your devices. Avoid the 'rent' model if possible. >>>>
FOSS is automatically suspicious (including 1Password). I don't trust
proprietary software and try to reduce its usage to minimum.
1Password has proven itself over time. I like companies that pay
employees to do things right when it's a critical component.
Free? "You get what you pay for." So unless it's a wildly widespread >>> and popular package with many people maintaining it, it tends to crud.
The Gimp refers.
Well, I like free software. It's not always of the same quality as
commercial software, but at least its security can be tested by many
experts in the industry easily as anyone has access to the source code.
Anyone can read and edit it... understanding and making it work not so
much.
With the source code available for free, it also means the hackers can
more easily work out how to steal your information. Using open source
or hacked pirated versions for anything even remotely to do with
security is simply incredibly silly.
In article <slrnsg3mjk.2fg5.g.kreme@m1mini.local>, Lewis <g.kreme@kreme.dont-email.me> wrote:
In message <sdpqco$1erg$1@gioia.aioe.org> Your Name <YourName@YourISP.com> >> wrote:
With the source code available for free, it also means the hackers can
more easily work out how to steal your information. Using open source
or hacked pirated versions for anything even remotely to do with
security is simply incredibly silly.
Once again you demonstrate a complete lack of knowledge on a topic. The
VAST majority of encryption is done with open source tools, you nimrod.
Not on;y that, but when companies try to write their own (like Telegram)
it turns out they write shitty software with massive security holes.
Please stop trying to weigh in on things you know absolutely nothing
about, it's embarrassing.
that would mean an end to his posts...
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here
including my financial passwords and credit card data, with the
exception of passwords that I would have to remember anyway
(full-disk encryption, login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10 complicated passwords that you use everyday than 100+ simple
passwords you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
On Mon, 12 Jul 2021 09:53:00 +0000 Unbreakable Disease <unbreakable@secmail.pro> wrote:
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here including
my financial passwords and credit card data, with the exception of
passwords that I would have to remember anyway (full-disk encryption,
login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10
complicated passwords that you use everyday than 100+ simple passwords
you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
I use Pass, which is a command-line only password manager using git and
gpg. It's good and lightweight.
rtr <rtr@nospam.invalid> wrote:
I use Pass, which is a command-line only password manager using git
and gpg. It's good and lightweight.
I also use it, though gpg is a bit clunky it helps me trust the
cryptosystem.
I use Pass, which is a command-line only password manager using git
and gpg. It's good and lightweight.
I use Pass, which is a command-line only password manager using git and
gpg. It's good and lightweight.
my current platforms which are Linux, Android and Windows.
case.
rtr <rtr@nospam.invalid> wrote:
I use Pass, which is a command-line only password manager using git
and gpg. It's good and lightweight.
I also use it, though gpg is a bit clunky it helps me trust the cryptosystem.
KeePassXC
In article <sch3ep$87h$1@dont-email.me>,
Unbreakable Disease <unbreakable@secmail.pro> wrote:
KeePassXC
I used KeePassX 0.4.4 works up to OS X 10.11 and then, after some
testing, settled to KeePassXC.
I use the same .kdbx file at work with a KeePass Windows standalone
version and it works great.
I have advocated KeePass to the rest of the family and some use it and
some don't preferring the iCloud keychain which also seems to work OK
with less hassle.
Does it put a text file containing the passwords on your computer or are
you completely reliant on the thing ALWAYS working forever?
["Followup-To:" header set to comp.misc.]
The Real Bev wrote:
Does it put a text file containing the passwords on your computer or are
you completely reliant on the thing ALWAYS working forever?
No. You're reliant on the software continuing to work -- the "database"
file is encrypted.
Equivalent of being reliant on say gpg continuing to work to decrypt a
text file or something.
A PGP-signed message, nice. Do you think that there should be a
newsgroup reader for Android?
["Followup-To:" header set to comp.misc.]
The Real Bev wrote:
Does it put a text file containing the passwords on your computer or are
you completely reliant on the thing ALWAYS working forever?
No. You're reliant on the software continuing to work -- the "database"
file is encrypted.
Equivalent of being reliant on say gpg continuing to work to decrypt a
text file or something.
Does it put a text file containing the passwords on your computer or are
you completely reliant on the thing ALWAYS working forever?
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here including
my financial passwords and credit card data, with the exception of
passwords that I would have to remember anyway (full-disk encryption,
login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10 complicated passwords that you use everyday than 100+ simple passwords
you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
A PGP-signed message, nice. Do you think that there should be a
newsgroup reader for Android?
On 02/05/2022 11:03 AM, Dan Purgert wrote:
["Followup-To:" header set to comp.misc.]
The Real Bev wrote:
Does it put a text file containing the passwords on your computer or are >>> you completely reliant on the thing ALWAYS working forever?
No. You're reliant on the software continuing to work -- the "database"
file is encrypted.
People really are a trusting lot, aren't they?
Equivalent of being reliant on say gpg continuing to work to decrypt a
text file or something.
For a while I put the text file on my phone encrypted with some android encryption facility, but then I removed both. I don't want to depend on
an app for anything important. Much easier to regard my phone as
potential theft-fodder and not keep anything on it but photos, some
e-books, maps, email, various utilities (a LOT of utilities!) etc.
Stuff that I wouldn't actually regard as secret.
But I also use a variation on the same password: I selected two capitalized
On Jul 12, 2021 at 1:53:00 AM PDT, "Unbreakable Disease" <unbreakable@secmail.pro> wrote:
My 50-year old brain isn't capable of memorizing that many passwords anymore, so I use KeePassXC. I keep basically everything here including
my financial passwords and credit card data, with the exception of passwords that I would have to remember anyway (full-disk encryption, login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10 complicated passwords that you use everyday than 100+ simple passwords
you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
I have the older version (non-subscription) of 1Password, but also make use of
the keychain password manager and the manager built-in to Safari (I use Safari
on both the mac and the ipad/iphone).
Only lately, when I'm offered a complex "strong password" of jibberish, I take
it. That's working well too.
But I also use a variation on the same password: I selected two capitalized words (for instance ArchBasket with a few numbers, 245, then the first two letters of the intended website, for instance AMazon. Then I use this same password everywhere, with the exception of those last two letters. ArchBasket245am, for Powell's books: ArchBasket245po.
It's easy to remember.
On 2022-02-05, Scientific ⚧ <science@danwin1210.de> wrote:
A PGP-signed message, nice. Do you think that there should be a
newsgroup reader for Android?
An Android newsreader would be fantastic IMO.
In article <stp7fn$tn4$1@dont-email.me>, gtr <xxx@yyy.zzz>
wrote:
But I also use a variation on the same password: I selected two capitalized
merde d'oie.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
The Real Bev wrote:
On 02/05/2022 11:03 AM, Dan Purgert wrote:
["Followup-To:" header set to comp.misc.]
The Real Bev wrote:
Does it put a text file containing the passwords on your computer or are >>>> you completely reliant on the thing ALWAYS working forever?
No. You're reliant on the software continuing to work -- the "database" >>> file is encrypted.
People really are a trusting lot, aren't they?
I mean, keepass has worked for a decade (or longer). Long as I don't do something completely daft, I don't see anything wrong with it.
Granted it only "really" keeps website passwords. Worst case, I'll have
to click "Forgot Password" somewhere.
Equivalent of being reliant on say gpg continuing to work to decrypt a
text file or something.
For a while I put the text file on my phone encrypted with some android
encryption facility, but then I removed both. I don't want to depend on
an app for anything important. Much easier to regard my phone as
potential theft-fodder and not keep anything on it but photos, some
e-books, maps, email, various utilities (a LOT of utilities!) etc.
Stuff that I wouldn't actually regard as secret.
Sure, but that wasn't the point of the comment I was making.
On 02/06/2022 04:57 PM, Dan Purgert wrote:
The Real Bev wrote:
On 02/05/2022 11:03 AM, Dan Purgert wrote:
["Followup-To:" header set to comp.misc.]
The Real Bev wrote:
Does it put a text file containing the passwords on your computer or are >>>>> you completely reliant on the thing ALWAYS working forever?
No. You're reliant on the software continuing to work -- the "database" >>>> file is encrypted.
People really are a trusting lot, aren't they?
I mean, keepass has worked for a decade (or longer). Long as I don't do
something completely daft, I don't see anything wrong with it.
Microsoft has been around longer than that. [...]
On 02/06/2022 06:21 PM, Siri Cruise wrote:
In article <stp7fn$tn4$1@dont-email.me>, gtr <xxx@yyy.zzz>
wrote:
But I also use a variation on the same password: I selected two capitalized
merde d'oie.
The American version would be merde de cheval or possibly merde de
poulet, depending on the nature of the merde.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
The Real Bev wrote:
On 02/06/2022 04:57 PM, Dan Purgert wrote:
The Real Bev wrote:
On 02/05/2022 11:03 AM, Dan Purgert wrote:
["Followup-To:" header set to comp.misc.]
The Real Bev wrote:
Does it put a text file containing the passwords on your computer or are >>>>>> you completely reliant on the thing ALWAYS working forever?
No. You're reliant on the software continuing to work -- the "database" >>>>> file is encrypted.
People really are a trusting lot, aren't they?
I mean, keepass has worked for a decade (or longer). Long as I don't do
something completely daft, I don't see anything wrong with it.
Microsoft has been around longer than that. [...]
I'm honestly not really sure what point you're trying to make here. One company's longevity (or not) doesn't really directly correlate to
another's (or the length of time software will continue to run).
Not so with a password storage site, which might simply cease to exist.
What would happen then? Would you have to go to each
password-requiring entity and reset your password? I hate doing that
even ONCE, especially when they insist on sending a code to my cell in addition. What about sites that demand your old password before
allowing you to change it? What if that's an online-only brokerage account?
Not to mention the danger of hackage of the password-storage website.
Dan Purgert <dan@djph.net> wrote:
The Real Bev wrote:
Not to mention the danger of hackage of the password-storage
website.
Where on earth have you gotten this idea of a "password storage
website" from? KeePass is an application running locally on your PC,
no network communication required.
Most likely Bev is mixing up those password managers that store your passwords "in the cloud" with websites (granted, most of them do have 'websites' for advertising their system).
But there are some password managers where the client that runs locally stores nothing locally, all storage of everything is in "the cloud"
(and, hopefully, encrypted, but if closed source one just has to take
their word for that if they claim encryption).
The Real Bev wrote:
Not to mention the danger of hackage of the password-storage
website.
Where on earth have you gotten this idea of a "password storage
website" from? KeePass is an application running locally on your PC,
no network communication required.
A PGP-signed message, nice. Do you think that there should be a
newsgroup reader for Android?
On Sat, 05 Feb 2022 23:26:13 +0000, meff wrote:
On 2022-02-05, Scientific ⚧ <science@danwin1210.de> wrote:
A PGP-signed message, nice. Do you think that there should be a
newsgroup reader for Android?
An Android newsreader would be fantastic IMO.
I don't keep passwords on my phone.
Not so with a password storage site, which might simply cease to exist.
The Real Bev <bashley101@gmail.com> wrote:
Not so with a password storage site, which might simply cease to exist.
That's not an issue with KeePass. You store your password file wherever you want: cloud storage (aka "someone else's computer"), your own server, a USB flash stick, whatever. I keep mine on the Nextcloud server in my living
room next to the TV, accessed remotely by WebDAV.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
The Real Bev wrote:
Not to mention the danger of hackage of the password-storage website.
Where on earth have you gotten this idea of a "password storage website" from? KeePass is an application running locally on your PC, no network communication required.
On 2022-02-08, The Real Bev <bashley101@gmail.com> wrote:
Not so with a password storage site, which might simply cease to exist.
What would happen then? Would you have to go to each
password-requiring entity and reset your password? I hate doing that
even ONCE, especially when they insist on sending a code to my cell in
addition. What about sites that demand your old password before
allowing you to change it? What if that's an online-only brokerage account?
KeePass doesn't actually need a password storage site. I keep my
KeePass database backed up in my own backups, and the db files are
synced across my devices using Syncthing. My db doesn't ever hit a
"public" cloud and I don't have to trust any third party for access to
it.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
scott@alfter.diespammersdie.us wrote:
The Real Bev <bashley101@gmail.com> wrote:
Not so with a password storage site, which might simply cease to exist.
That's not an issue with KeePass. You store your password file wherever you >> want: cloud storage (aka "someone else's computer"), your own server, a USB >> flash stick, whatever. I keep mine on the Nextcloud server in my living
room next to the TV, accessed remotely by WebDAV.
Same, auto-sync is so nice :)
Although, for the longest time I just had the one copy rsync'd to a
backup machine.
So your passwords work even if keepass is inexplicably down and you
don't know what they are? Is there any way to find out what they are?
I assume you're using a password-generator that gives appropriate combinations of unintelligible characters...
What I'm really asking: Can you access legible passwords (that you
can feed into your broker/bank/whatever by hand) if keepass ceases to
exist?
On 02/08/2022 04:18 AM, Dan Purgert wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
The Real Bev wrote:
Not to mention the danger of hackage of the password-storage website.
Where on earth have you gotten this idea of a "password storage website"
from? KeePass is an application running locally on your PC, no network
communication required.
Just from what I've read here. I'm not interested in any password that
I can't read and reproduce by copy/pasting, so I haven't done any
research at all.
Just for curious -- why do you bother with pgp for public comments like
this?
On 02/09/2022 11:29 AM, Dan Purgert wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
scott@alfter.diespammersdie.us wrote:
The Real Bev <bashley101@gmail.com> wrote:
Not so with a password storage site, which might simply cease to exist. >>>That's not an issue with KeePass. You store your password file wherever you
want: cloud storage (aka "someone else's computer"), your own server, a USB >>> flash stick, whatever. I keep mine on the Nextcloud server in my living >>> room next to the TV, accessed remotely by WebDAV.
Same, auto-sync is so nice :)
Although, for the longest time I just had the one copy rsync'd to a
backup machine.
I have long been distrustful of 'syncing' machines because I have yet to
see an actual definition: (1) Do you copy the contents of machineA to machineB, deleting the previous contents of machineB? (2) Vice versa?
(3) Do you copy the contents of A to B, leaving the files of B that had
no counterpat on A alone? (4) Do you copy the contents of each machine
to the other, ending up with both machines containing all the contents
of both of the original machines? I can't believe that, but how else do
you 'sync' the unique contents of B to A and vice versa? Do they all
have to use the exact same operating system?
What if you 'sync' five machines? Which one, if any, takes precedence?
So your passwords work even if keepass is inexplicably down and you
don't know what they are? Is there any way to find out what they are?
I assume you're using a password-generator that gives appropriate combinations of unintelligible characters...
What I'm really asking: Can you access legible passwords (that you can
feed into your broker/bank/whatever by hand) if keepass ceases to exist?
Rsync backups, each individual PC is the "master", and the backup server
just takes whatever "new" data the machine(s) send to it.
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here including
my financial passwords and credit card data, with the exception of
passwords that I would have to remember anyway (full-disk encryption,
login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10 complicated passwords that you use everyday than 100+ simple passwords
you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
On 2022-02-05, Scientific ⚧ <science@danwin1210.de> wrote:
A PGP-signed message, nice. Do you think that there should be a
newsgroup reader for Android?
An Android newsreader would be fantastic IMO.
There are newsreaders for Android. I use HotDogEd. Use "nntp" as your
search term in the play store, they are plenty to choose from.
On 2022-06-02, Vlad Markov <vlad@happy.dwarf7.net> wrote:
There are newsreaders for Android. I use HotDogEd. Use "nntp" as your
search term in the play store, they are plenty to choose from.
Huh I think I was looking around in F-Droid and never bothered looking
in the Play Store. My mistake, there are a couple apps here I'd like
to try out. Is "HotDogEd NNTP Provider" the one you use?
My 50-year old brain isn't capable of memorizing that many passwords
anymore, so I use KeePassXC. I keep basically everything here including
my financial passwords and credit card data, with the exception of
passwords that I would have to remember anyway (full-disk encryption,
login, primary e-mail passwords, etc.)
Overall, it's much easier to remember and much harder to forget 10 complicated passwords that you use everyday than 100+ simple passwords
you use every month or even less.
I can't speak about Windows version of KeePass, because with the
exception of playing games not available on Macintosh, I haven't used
one since Windows 95 days.
--
Tip me: bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f
bitcoin:bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 388 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 05:32:15 |
| Calls: | 8,220 |
| Calls today: | 18 |
| Files: | 13,122 |
| Messages: | 5,872,261 |
| Posted today: | 1 |