/tech/ - Technology★

It's the only way to have secure passwords for everything. I use keepassx but there are simpler ones like pass.

Password managers don't involve much time investment to use. They're really only shit tier if they're built into your browser or closed source.

told my friend to use a password manager and now he thinks I'm free tech support for life because he can't be bothered to read how to use it

ugh

I use pass as well:

https://www.passwordstore.org/

It's simple enough, though having to pull up a terminal can be annoying at times, but how often do you really need to enter a password? It doesn't have a standard scheme, which is a good thing because it does not force you to abide to some arbitrary scheme, but it's also bad because you there cannot be any tools which can parse the files and extract specific data. There is the a quasi-standard scheme described on the homepage, so that's the closest thing to a standard.

If you decide to back up your passwords somewhere make sure the master password is strong enough, you should be able to hand your passwords (encrypted of course) to any person and be confident they won't get anything out of the files. And make sure the master password is really safe from the start, if you decide to change it later the other person will still have the old version of your files protected with the weaker password.

just let chrome manage your passwords, and they'll even back them up to the cloud for you for free.

KeePassXC

don't use LastPass. it will get pwned one day.

>>991284

>having to pull up a terminal can be annoying at times

Use this http://tools.suckless.org/dmenu/scripts/passmenu2

>>991282

>free tech support for life

start saying no to people.

>>991267 (OP)

>are they a meme

yes and they're all bloat

>>991271

>I use keepass

kill self

you have to be fucking retarded to not write your own. your disk should already be encrypted, so you don't even need to bother with the crypto part

They're botnet

>>991305

My disk is encrypted as well, encrypting the passwords means I could upload them here if I wanted to. I can afford waiting a few seconds to decrypt the passwords, if I couldn't I'd have to commit them to memory anyway.

>you have to be fucking retarded to not write your own.

You'd have to be retarded to waste time reinventing the wheel.

Just make up your own passwords, I have a mental algorithm I use to generate 30+ alphanumberic passphrases I use on any site I care about the credentials of... And there aren't many sites that I care about.

>>991331

What if you need to change the password for some site?

Can anyone explain why there are like 500 versions of keepass?

KeepassX

KeepassXC

Keepass2X

Keepass2XYZ

Like what the fuck?

>>991333

botnet. they had password leaks before

why the fuck would you entrust your stuff on a joke of a company that's under constant target?

>>991331

It's easy to make passwords, but I probably have over 50 kinds of accounts on different websites all non-interconnected.

>>991333

because a bunch of retard nigger skids just poo them out

Meme? They're required, given how fucked is webdev. No, using a formulaic password is not enough. Neither is some variation of "correct horse battery staple".

If you're really paranoid, even storing your passwords in an encrypted text file locally would be preferable to password reuse. Then at least it's up to you to fuck up, not to some intern that believes storing your data in plain text in some unsecured S3 bucket is completely acceptable.

1Password is OK if you like convenience and HSM integration.

KeepassXC if you don't trust your passwords to the *cloud*.

pass if you like something even simpler.

>>991333

IIRC the original Keepass was a Windows only .NET program. There was a fork to make it runnable in Linux under Mono, and yet another fork of that to port it to something else other than .NET. Use KeepassXC.

>>991338

>they had password leaks before

You're confusing KeepAss with LastPass. I think the leak was they had browser integration, which is retarded since browsers are a nightmare.

>a joke of a company

Again, that's LastPass. Closed source, keeps your passwords "safely" in the cloud. keepass isn't a company.

>>991349

>Neither is some variation of "correct horse battery staple".

yes it is you stupid fuck, as long as it has enough entropy.

>If you're really paranoid, even storing your passwords in an encrypted text file locally would be preferable to password reuse.

No, that's the correct way to do it

>Then at least it's up to you to fuck up, not to some intern that believes storing your data in plain text in some unsecured S3 bucket is completely acceptable.

>muh password hashing

no, using passwords for authentication is unnaceptable. only nigtards reuse passwords and even then they have 0 entropy and the hashes get cracked in 5 seconds, so all your jerking off about password hashes was for nothing

>>991357

>yes it is you stupid fuck, as long as it has enough entropy.

It doesn't matter how much entropy it has, if you use it in many different sites and any of those sites gets compromised. That was the point.

Given that the only kind of SSO supported by most sites is either botnet Google or botnet Facebook, you're bound to make dozens of different accounts, each with its own password.

Storing them in an ad-hoc manner is just inconveniencing yourself. As I listed, there are options for even the most autistic CLI only user.

>muh password hashing

>even then they have 0 entropy and the hashes get cracked in 5 seconds, so all your jerking off about password hashes was for nothing

Are you that intern that I was ranting about?

You clearly don't know shit if you're arguing against proper password hashing (PBKDF2, argon2, etc.) + salting. Even cracking a single password would take WAY longer than 5 seconds.

i use bitwarden. its open source and you can host it yourself.

Passwordmanagers store your passwords in a centralized or easy to find location.

The entire point of passwords is that only the user in front of the PC knows them.

The concept of storing them on the machine is completely retarded and against the entire point of having a password.

It's like sticking the key on the door or writing the code on the safe.

>>991333

https://keepassxc.org/docs/#faq-keepassx

<Why KeePassXC instead of KeePassX?

>KeePassX is an amazing password manager, but hasn't seen much active development for quite a while. Many good pull requests were never merged and the original project is missing some features which users can expect from a modern password manager. Hence, we decided to fork KeePassX to continue its development and provide you with everything you love about KeePassX plus many new features and bugfixes.

<Why KeePassXC instead of KeePass?

>KeePass is a very proven and feature-rich password manager and there is nothing fundamentally wrong with it. However, it is written in C# and therefore requires Microsoft's .NET platform. On systems other than Windows, you can run KeePass using the Mono runtime libraries, but you won't get the native look and feel which you are used to.

>KeePassXC, on the other hand, is developed in C++ and runs natively on all platforms giving you the best-possible platform integration.

>>991525

If your passwords are properly encrypted it is safe. If they are not, then of course all security is gone.

>>991284

One thing worth adding is that getting your data out of pass is really simple, since it's all just text files anyway. If the passwords are stored in some sort of database you first have to go figure out that database format. If pass were to go tits up at some point it would be dead simple to get your passwords into something else.

>>991532

>it's entirely safe to store your passwords on the internet

and entirely pointless

>>991305

>>991328

Btfo

pwsafe

I use the CLI utility.

use them. If you're not retarded, you should be able to roll your own with gpg.

If you don't use them, you will inevitably reuse passwords or password patterns across sites, and one of those sites will inevitably leak your password, and then some twat will try youremail:yourleakedpass against every login page in the entire world and eventually find your other accounts.

>using password managers you didn't write yourself

You are every Russian hacker's wet dream, duptards.

>>991875

Argon2 or bust

>>991504

A little more bloated than KeePassXC though despite being audited recently