Keepass 2.39 is out! Remember to use a password manager instead of saving your passwords in txt

why would you lose access to the database? you can store it anywhere and everywhere, as long as you don't forget your master password you're fine.

Keep using it, it's better anyway.

joinup.ec.europa.eu/sites/default/files/inline-files/DLV WP6 -01- KeePass Code Review Results Report_published.pdf

>What are you gonna do if you lose access to your database?

Only an idiot would do this. You can save it to paper, usb stick, sync it to a personal NAS, etc.

KeePass is shit. I don't know why anyone uses it.
>KeePass is .NET slop running on Mono, looks disgusting
>KeePassX uses the inferior Qt instead of GTK, doesn't look native
>No native headerbars
>GNOME touch keyboard doesn't even work with it, so it's completely unusable with a tablet

>who the fuck needs
>goes on to describe a method that takes way more effort

>keep ass

cool, now website change domain and it's all fucked up, also you're putting way to much effort into this.

Android itself is fine. The problem is Gapps, Google Play services and other shit that is included by default in almost every model.

>honeypot
You don't even have to connect to the internet to use it.

I use KeePassXC. Am I fucking up?

>Question of the day: How did you create your master password?

It's mostly a sentence of garbage syntax, but contains some random assholeishness to fuck people up.

>I use KeePassXC. Am I fucking up?

not at all. it's the best Linux version.

KeePassXC or even KeePass2 is the patrician choice
>he doesn't back up his files

Congratulations, you got the joke

>not at all. it's the best Linux version.
Shit, dude, I'm on Windows. So I'm missing out?

I store my database on google drive, and use Keepass2Android to access it on android. KeePassXC on windows. It's so convenient, but the multiple KeePasses out there make me eternally insecure.

No. You're fine. Unless you want to use the official Windows version from the OP.

Not inherently. I just dick-measured my way into KeePassXC cause I first went for KeePassX before realizing there's another fork with another additional letter at the end.

You think I'm joking, but I'm not.

How can I sync to my webdav with keepassxc on Linux? I could also use keeweb.info but I'm a bit sceptical

>Keepass extension fails to work in Chrome or chrome-like browsers
>No Mac version
>iOS versions are paid or shit
>Onedrive synching is always second-citizen to Dropbox
Why is open-source so bad?
t. Keepass/Windows and KP4Android user forced to open the client on the phone and copy the passwords by hand several times per day.

whats wrong with saving them in text? im literally the only one who will see it

>KeePassX uses the inferior Qt instead of GTK, doesn't look native
Yeah, not quite. I'm staying with KeePassX because I can't get XC to match the rest of the theme, it uses the "normal" Qt theme.

See pic. Any help?

Attached: Captura de pantalla_2018-05-06_17-25-16.png (971x759, 163K)

>password manager
>uses master password to access all other passwords
>single point of failure
>password manager could have an undiscovered vulnerability enabling decryption of the password database without master password alongside more possible security problems
>my method
>only slightly more effort
>no points of failure whatsoever because it's all in my brain and can't be leaked or stolen
>the only way to find out my passwords would be to bruteforce the randomly generated strings which would take an eternity
>implying the attacker who stole my file would even know what to do with the strings
>implying the extra effort is not worth it for the extra security
>not wanting to stay way ahead of the security curve

>implying I can't keep track of the old domain name along with the new one

redpill me on why I should switch from keepassx to keepassxc

NEVER USE KEYPASS, ALWAYS USE KEYPASSX

I just let firefox to store my passwords

absolutely stupid

I know you are and I sympathize with you. If you weren't absolutely stupid you'd utilize your intellect to increase your password security instead of relying on tools that other people, smarter than you, by the way, had to develop to aid you

hurr durr i am so smart because i wrote my own bullshit security "protocol" that relies on me having to actually remember where does a string start hurr i only manage two passwords with it because remembering arbitrary strings it not as fun as it sounds durr

I rest my case :^)

Attached: 1523565869124.png (349x427, 168K)

::::::::^^^^)))))))))))))) EBIN!!!!!1111111 an1Me iS S0 rAnDu|/\|B

>having bad memory
>not having few variations of a same password
i bet you store your crypto wallet in the cloud too?

Imagine if the russian hacker who's going to steal your unencrypted file happens to read Jow Forums and knows about your master plan

Attached: dunce.jpg (540x540, 19K)

>one website had a security breach
>a fourth of your passwords are now known
>another fourth are known if the 1337 haxxor tries to substitution attack based on that password, because reversal is fucking stupid and everyone has caught on it

Attached: 1517582513632.jpg (132x218, 14K)

>Putting all your eggs in one basket
>In software someone else designed

Nah

Yeah I'm sure keepass would be much more secure if you wrote it

The point was to use a cold device to store passwords

>inferior Qt
NO YUO

KeepassXC have an active development. X is dead.

Is keepass any better than bitwarden?

Genuine question. I create passwords in a similarly retarded way. Random string, then add some characters from the domain name.

I know I should be using a password manager, but I like knowing that I can login to stuff on another computer if I have to. How do you get around this?

Bitwarden requires an external proprietary database (MS SQL) so it's harder to set up

I carry the encrypted database on muy phone with the excellent Keepass2Android app

But what if you encounter total digital disaster? Phone is broken/lost/stolen. You have no computer with you, and you need to get access to your email to get home.

I'm probably just worrying about impossible scenarios. But that's what's stopping me from using a manager right now.

What if you lose your notebook with all your written passwords? Same thing. Stop worrying about it and make backups and don't be a scatterbrain.

That's the thing, it's all in my head so nothing is written down.

One random string to remember, then add couple of chars from the domain name. I do it every day and won't forget it.

I actually keep a paranoid amount of backups, but still don't trust myself with a password database.

>literally KeepAss

How many different websites do you have passwords for? I have way too many and use several different email accounts. I'm the opposite in that I don't trust my brain with passwords, especially when my memory has become absolute shit in the past couple of years.

Hundreds. I'm a software contractor and have worked on many different teams with a crapton of aws / slack / email accounts, and still terrified of ever revealing my password power level to anyone.

I believe that using the random string + something is not considered a good idea, since if one of your passwords is compromised, then an attacker could guess your other passwords. Unless you use random usernames too...

Yes, exactly. I'm supposed to be a software professional and still do this retarded password system.

That's why I'm never ever revealing my power level to anyone

>instead of saving your passwords in txt
Why? Every txt is locked with pgp.

Attached: Screenshot_20180507-001548.png (1080x1920, 262K)

I usually use a random set of numbers and uppercase letters (i.e 123456ABC) add a single special one ($) plus the competitor.
>outlook
123456ABC$gmail
>burguer king
>123456ABC$mcdonalds

The only thing I try to remember is:
>does this shitty service voids a special character
>Y: remove the $
>N: try
If it fails, I use a different competitor.

Of course, outlook/gmail is just an example, those are the ones who actually have a very unique password as everything is related to them.

not him, but you could probably go about it like this:

>keepass master password inside your head
>very important passwords like your primary email is also kept inside your head
>everything else is randomly generated passwords that you don't keep inside your head

I'd say keeping a couple of strong passwords in your head is totally doable

Also, forgot to say, if I lose my phone and I don't have a computer I wouldn't be able to generte the OTP code for many services anyway...

If it makes you feel safer, KeePass and others support double encryption (passwords + ley file). This makes the database more secure against brute force, but you'll have to safely backup both things.

Is KeePassDX any good?

If you don't have a computer, how are you accessing your mail?
Put the database on a usb-stick and keep it with your keys. Put the database on a micro sd card and inject it under your skin. Store it on a server somewhere so any device capable of reaching a mail server can download the database (don't store your cloud password in the database).

how secure is the firefox built in password manager?

>one of the websites you're using gets hacked
>the fucko or police can now just brute force your passwords because they have the base password and just need to add a couple of characters in the end (that is easy to see the pattern to because it's just a few characters from the website's name)

Attached: 1524039885441.jpg (406x405, 117K)

>KeePassXC or even KeePass2
which is better?

That's actually a pretty baller idea. In total emergency I could probably recover a lot from logging into email with a memorised password. Everything else in password manager.

I use Authy for OTP and they can restore your codes to a new phone quite easily.

I mean if I have to use someone else's computer in an emergency.

But good point, I should just backup the password db to multiple encrypted locations.

Yeah, my method is laughably easy to guess.

Thank you anons, I'm going to change my ways and start using a password manager. Probably pass, encrypted and backed up to many locations, with the master password and maybe main email password in my head.

THIS ENDS TODAY. No longer going to be a password-let

cracked*

In my case I use FreeOTP, which is free software.

KeePassXC is missing a few features KeePass2 has, and vice versa, so just choose what features you want basically

andOTP is more up to date. if you insist on freeotp at least use the freeotp+ fork

KeepassXC is better.

Build it from source then.

Attached: wrongo.jpg (450x309, 46K)

I'm actually guilty of doing the same thing with my local passwords for full disk encryption and veracrypt containers (strong base password and then a couple of characters that describe the machine or container in question)

Which means if the fucko seizes one of my computer while it's running, they can dump the encryption key in ram and then just place some educated guesses on the rest of my encrypted containers and devices

I'm gonna start generating random passwords for containers and external hard drives, since they are removable devices so I can only access them after my computer is inside the oprating system anyway

Attached: 1517237788973.jpg (596x444, 72K)

>I believe in security through obscurity
Look at this mentally handicapped retard and laugh.

I used to store my passwords in a text file, 7zipped with into a password protected arhive. But after discovering keepass I fucking love it.

For master password I use a large phrase with plain English that I will always remember.
it's something like:
>xxxxx xxxxx xx xxxxx xxxxxx xxxxx xxxxx xxxxxxxxx xx

write it down on a piece of paper, you will forget it one day for a brief moment

I think at this point you're probably safe, and should probably worry more about Jamal beating the shit out of you until you unlock your computer for him.

Attached: security.png (448x274, 26K)

Oldfag here. I have used Keepass for 14 years. I keep the file in dropbox.

I'm using KeePassXC, convert from KeePassX since it died.

It's good but i have two issues with it i've never resolved
1) How to enter passwords on phone devices, currently painfully entering manually
2) How to merge databases, currently exporting, doing a diff-merge- and importing the result. Surely there is a better way.

Attached: 1521861633471.gif (720x720, 36K)

It's not. It's just an sqlite DB. Very easily parsed.

i just hacked OP's webcam.

Attached: public_servant016.jpg (852x480, 27K)

KeePass as a CIA black-project, the source code is compromised.

looks like shit

either is fine

>andOTP is more up to date.

still beta though

What to use on Android?

>Oldfag here. I have used Keepass for 14 years. I keep the file in dropbox.
Is this safe?

>in dropbox
Lmao

Attached: NVUPF2G.png (800x800, 21K)

i just write my passwords down in a notebook. i never leave the house so it doesn't matter.

keepass2android is great

Do you use portable or exe.
And if portable, do you unzip or leave zipped.

good job you just described encryption in a retarded way

Good thing we have computers to brute force for us.

This, i have a notepad file named passwords on my desktop that i have backed up to another computer and usb
I also use my browser password saving option
Never had an issue yet and i don't think i will

Why use KeePass instead of BitWarden for regular passwords for places like your bank, where Big Brother could just audit the bank for your info? Keepass for shit like an encrypted email address, I can get, but why not use Bitwarden for something like your bank account or amazon?

Is it free software?