Password manager

>he doesnt trust an open source password manager
>but he trusts an 'encrypted' database being uploaded to dropbox (some of these open source password managers do exactly this)
why are keepass fags so retarded?
what can we do to help them?

>YIKES
You realize you're eventually going to send your password to a website anyways right? YIKES.

password manager?--I BARELY KNOW HER

Please hack me. Steal all my passwords, user.

Yes.
My human brain.
It always works when I am in a state where I would need a to enter a password.
Yes, I host it inside my skull.

>it's better that my passwords are all in one place in comparison to various websites
Whoa who let this genius in here

>he uses weak passwords
>he reuses passwords across sites
>all so he can memorize them
>when he's using a computer that can store huge amounts of information flawlessly

Attached: 1518983009751.png (703x911, 76K)

It's a tradeoff between security and convenience. I could keep the database on an encrpyted harddrive, inside a briefcase, handcuffed to my wrists at all times, but that's inconvenient. The passwords are encrypted. There's a chance that my encrypted passwords could be leaked but I'm hoping if a leak does happen I get some notice so I can proceed to change all my passwords before the encryption is cracked.

My passwords are not weak, the important ones are unique and for the non-important shit I use the first password I ever came up with.

if it's something that doesn't matter, just think of a password.

if it's something that matters, see if you can get multifactor authentication and used key-based authentication.

if it's ultra important LUKS in ephemeral storage and hope it never goes down

If you don't trust the encryption of your db or don't use a massive master password, then what is even the point?

And now KeepassXCE is batnaching off of X

If you can memorize them, they're weak. The thing that makes them weak is that people who crack leaked lists of password hashes know what kinds of passwords people tend to choose to make them more memorable. Human brains are very, very non-random.

Also all your passwords are important enough to be unique. Especially because the only reason for them not to be is memorability, which is the burden a password manager relieves you of. Why take some small risk on some sites when you could, with greater convenience, take no risk on any site?

Because you're giving someone infinite amount of time to crack your db

> might as well use lastpass

My Brain.
Also, a physical notebook for random passwords that I only use a couple times.

Brain.bat

Is bitwarden any good?

I use a txt file

How do you use keepass across multiple devices? It seems like a pain to constantly move an encrypted file around.

An unnecessary tradeoff just so you can say you use keepass.
Isn't that weird?

I use it. It's pretty good, open source and doesn't require money to sync between PCs and phones.
You can self host your own passwords too.

I'm not trying to impress strangers on the internet by using keepass. I use it because its a convenient password manager but I want to be able to access my database of passwords from anywhere on any device. Uploading the database to dropbox allows that to happen. I realize it opens up the possibility of my password database of being stolen but I'm fine with that. If you don't approve I don't really care. It works for me. You can do whatever you want to do.

are you dense motherfucker
he's literally saying there are alternatives that do exactly what you're doing in far fewer steps
so is it really about convenience when you literally add in additional steps for absolutely no reason other than to use keepass over alternatives?
what in the flying fuck do you think bitwarden does?
dont play off that i dont really care bullshit you've stuck around this long

SQL table

KeePassXC

iCloud Keychain (macOS + iOS)
stores web passwords, network share credentials, mobile app passwords etc

it just werks

>[phrase]servicename[number]

How in fuck's name do you retarded cunts do anything different? I don't have to remember anything and my passwords are beyond guessable.

I have two passwords memorized that score 100% on password meter. I'm sorry you're just a brainlet.

I use bitwarden. It's great, and more than secure enough.

I'd use keepass, but the nice UI and cross-platform/device support seal the deal for me.

>having a second point of failure
no thanks, if the computers compromised you are fucked with or without a password manager.

>he's literally saying there are alternatives that do exactly what you're doing in far fewer steps
Well he's not literally saying that cause if he did than I would have agreed. I use Keepass because it's what I always used and I haven't researched a lot of the alternatives. OP was just "what password manager do you use?" not "what is the best way of storing passwords?" If Bitwarden is just Keepass that automatically uploads your password database to dropbox than it would be more convenient to use it over doing it manually.

Could have just said
"Why do you use keepass if you're going to upload your database manually all the time? Bitwarden is the same thing in less steps!"
And I would have said
"Neat, I didn't know that. Thanks, user."

this is retarded. if your computer is comprised, then it doesnt fucking matter what password storing method you use. the instant you enter it, it's going to be logged.

All produce same file format (.kbdx) Jow Forums only argue which better for the luls

Gnu Pass backed up to gitlab

>do you host it yourself
I host my password database on a private git repo somewhere. How compromised am I?

Attached: 84cc3e7c620f75370057719171aac408.jpg (500x500, 40K)

This. Doesn't matter if you store it on your computer or memorize it, you're just as fucked either way.
2FA or nothing. Preferably with a offline authenticator app because SMS 2FA is laughably insecure.

>not remembering your 20+ character passwords
>relying on botnet software to store your passwords

oh boy is it summer already?

Not every site has 2FA though.

keepass

The most important ones (email, bank, etc) do. Ones that would cause you intense butthurt if you had the credentials to stolen.

>I am dumb normie
>you must be dumb normie
I obviously won't give you my password, but some are along these lines "D1C5UCC3R@347MYA55!", crack that, faggot.

passwordstore.org/ + git

Wow you're relying on a notoriously insecure single point of failure for all of your passwords?

>storing your passwords on a computer
lmao dumbfucks

Attached: aHR0cDovL21lZGlhLmJlc3RvZm1pY3JvLmNvbS9BLzkvNzMwMDE3L29yaWdpbmFsL0xpdmVzY3JpYmUtMy1TbWFydHBlbi1CbGFj (622x352, 36K)

>me
>stores passwords to a txt file and save it in some flashdrive
10/10 i could say

Keepass 2 installed by Chocolatey as password manager.
Self hosted Nextcloud to sync.
KyPass on iPhone.

You chuckleheads realize the database is useless with out the password and, in
case, a second keyfile. It doesn't matter if he saved the damn thing to google drive, unless they get his password and keyfile its useless.

I memorize all my passwords
so you can say self-hosted

Unix pass + browserpass-ce + private git meme + password store android

>I have two passwords memorized
Yeah, good job with that. And my password manager has 624 currently.

>have a keypass but barely uses it
>have a written notebook with my administrative documents with key passwords encrypted with a basic Caesar cipher

How retarded am I ?

Attached: CC.jpg (1280x852, 125K)

Ever heard of a piece of paper and a safe?

For websites that have unlimited length passwords, I find the readme from a random program and copy and paste the whole thing into the password slot.
For others, I use some random letters I typed a few years ago and memorized. It's basically a flawless password, but I need to come up with a new one because using the same password for all my bank/credit card things kind of scares me.

keepass(xc) and syncthing

the versioning system in syncthing is about as good as it can be for versioning an encrypted file, not sure I'd trust it if I were updating passwords on different machines simultaneously, but it does the job otherwise.

> Which one?
1password
> Why?
Supported across all my devices (iOS and macOS)
> Do you host it yourself?
I use iCloud for that

I use an encrypted text file

I use BitWarden. All open source. I pay 10 bucks per year but don't use the paid features. I want 2FAA to be separated from them.

Been using 1Password for years now but it seems (((AglieBits))) changed shit up regarding pricing with the new version so I'm now looking at alternatives. I'm seeing BitWarden get mentioned most besides KeePass and its variants.

>BitWarden
Has anything you need if you're too poor to pay. Open source but more professional than Keepass.

Keepass
Synced between devices with Onedrive

Okay I have a noob question. I sync my keypass database through syncthing to my seedbox which is hosted by a seedbox company.

Whats wrong with doing this? I think I have a strong password and it's encrypted.

What alternatives should I do? I guess I could use syncthing only between the devices I own but with the server one device is always online. What is bitwarden?

Any thoughts on MacPass for us Applel faggots? Looks like a nicer front end to KeePass macpassapp.org/

eggs ACK LEE

chad Dashlane

Added this pattern, thanks user.
If you have scheme for passwords, never tell anyone.

get the google sync plugin

everytime you save your database, it'll be saved on google drive

>needing to "host" a password manager
Anyway, yes, I use KeePassX. Brainlets who don't use a password manager in 2018 either have to remember only their Facebook passwords or use insecure passwords.

As long as the database is encrypted and its master password is strong enough (although it would be even better to also use a key file) I think you should be safe. Even if they were hacked and criminals got access to your keepass database, it's useless for them if they can't decrypt it.

Can a piece of paper automatically generate strong passwords?

>Which one?
keep ass
>Why?
no botnet
>Do you host it yourself?
>host

ok I've used lastpass for years

redpill me on it, since none of you nerds seem to be using it

You know that encryption algorithms sometimes are broken right?

>not use password.txt

masterpassword.app
No need to sync because the password is re-generated each time via an algorithm.

i have both my keepass database and keyfile uploaded to onedrive

Attached: Devilish_4a1cb5_6238404[1].jpg (470x595, 78K)

it actually just works and is secure so Jow Forums hates it because it does it's job without autistic tinkering and configuring.

I have a clear list on my gDrive.
I just write password hints.

One part is online, one part in my head.
No third party app or shit that can access everything.

Mine is like

[num]serveiceinitials[phrase]C====3

, but it's the same idea.
No site has the same password. Uppercase, symbol and number requirement met with the 6 last characters.
Easy to remember.

Attached: 1526901984697.gif (450x450, 1.31M)

Encrypted?

keepass
keepass2android
sync via dropbox

lmao, might as well use one password only.

back to /a/ or /v/

.txt in encrypted file container (with key files)

Wow you're relying on a networked machine?

I feel like I should definitely start using a password manager but changing my passwords for all the sites would take effort.

Not more then an hour honestly. Only change the ones which you deem critical, i.e. payservices, social net accs and so on. Ignore websites with no important data access to you, you know anonymous boards etc

At most you have to change your mail, 3 social net including google, paypal and Amazon mayhaps

t. person who doesnt know the difference between KP2, KPX, and KPXC

So why wouldn't you just use bitwarden at that point? It seems more convenient.

I'm breddy sure all 3 can open the same encrypted database files so in reality I'd say the differences are largely cosmetic.

rsync

XC has a ssh agent built in that i make use of

Open source with a goof FLOSS license is the only way to go. There are only 2.5 sub categories under this.

First is something online/hosted. These must be end to end encrypted and do all decrypt locally. Right now only Bitwarden and Passman qualify. Bitwarden is it's own app / server you can host or use theirs, Passman is an app for Nextcloud so you need a Nextcloud instance somewhere.

Second is database style of which KeePass is probably the best. There are various apps that can open latest gen KeePass databases depending on platform. I suggest either KeePass 2.xx ( from KeePass.info) or KeepassXC on PCs, and Keepass2Android or KeePassDX on Android. There are ancellary plugins and utils too giving tons of function.

Last part is not recommended, which is a password hasher like supergenpass or master password. These have some weaknesses in that you can't save any real info on the site / entry etc and that all of your passwords are hashed from a single unchangeable hash/master password.