What's Jow Forums's favourite Password Manager?

>using some short easy to crack sHit3pAsS1! instead of easy to remember long secure correcthorsebattery1staple

is there an offline password manager that integrates well with browsers? granted it's been a long while but last time I tried keepassx it had literally no integration features

exactly, these niggers dont get it
bigfloppyBBC666dicksforpeoplewhousepasswordmanagers666 is more secure than FUCKY0U12$$

i dont use password managers, i was literally making fun of you. im actually closing this thread though this is cancer cya pal have fun

I recently started using KeePass, works OK although a bit clunky. Not sure if there's a better open source alternative?

>passphrases
As easy to crack as normal passwords, because English is not very random, and people will insert numbers etc in between words, insert capitals at the beginning of words, etc.

If your password doesn't look like "7gH2o&aKe@8bvWjps8^k" then it isn't safe.

oh well then boo fucking hoo, I'll go cry myself to sleep about how bad autologin is even though it's convenient as fuck

That's why you use a password manager, it generates a random password as long as you want it.
Or are you using your passphrase on every website you ever visit?

i made a poem out of my passphrases

KeePass is open source. (As well as free software, if you're the type to draw Stallman's distinctions)

How is it "clunky"? I like the way it works - especially that it just keeps password databases in an encrypted file, and doesn't try to do any syncing or anything itself.

That's great user but what about all those retarded companies that encrypt passwords or even store them in plain-text instead of hashing them?

Using an easy to remember, hard to crack password is great but either you need about 30 of them or you need to use that as your master password and use randomly generated ones for each site.

>single point of attack

How fucking stupid do you have to be to use a fucking password manager?

Attached: 1527345462327.jpg (320x320, 19K)

youtu.be/Pe_3cFuSw1E?t=605

It's still safer to use it with two-factor authentification than using the same passphrase everywhere.

because my brain is a single point of failure also, and I trust well-written code more than my brain. My brain does predictable human things, takes shortcuts, gets tired, distracted, drunk, etc.

A browser addon or internet service, those, you're right, I'd never trust them. But a local application that just reads and writes an encrypted file? That I trust.

How fucking pathetic do you have to be in order to trust anything else than your brain? Please, tell me what other botnets you use so that I can judge you more.

Why do you use a computer at all, instead of doing it with your brain?

It's still mkre important to use a difderwnt passwors everywhere.
Because of my work I see a lot of different companies Web Pages. 1/4th of them stores pws in plain text because the don't bother.

I use Bitwarden.

Attached: compelling_argument.jpg (936x1048, 204K)

*It's still more important to use different passwords everywhere.

Using a FOSS password manager that never connects to the internet like KeePass or pass works fine.
And if you can't read source code and don't trust people who can, firewall that shit and don't let it talk to the outside world.
Anyone who thinks that having your passwords memorized or on a piece of paper but still enters them in webforms is a fucking brainlet and shouldn't be listened to.
Please, tell me more about how my PGP password vault is less secure than your spiral notebook when the information is used online the same fucking way.

Jow Forums is so stupid these days.

yeah with that i agree, i think it depends on how important an account is, for major one like email bank social i have these long ones, and for some shit sites i have one with changable part according to the site because there is almost nothing of value

Attached: image.jpg (1000x584, 94K)

Bitwarden

one of my passwords is
3^424+ 0p1S4F4G00Thu3hu3XD = 199256272249431221328603033054645678897075327295912250213439044806853800883809353096726339601918790294815253340993739842744300688098446575123760666990589913606790210408661322708851458639282263892938644810p1S4F4G00Thu3hu3XD

i dont need to remember it, just remember the numbers 3 and 1231

and 424 sorry

Google Smart Lock

>not using keepass db in a nextcloud self-hosted cloud storage and directing your application to the URL of your subdomain

Explain

sorry but no one in this universe would waste time in anything related with you, kys

my brain

if you can't take the time to double click to copy the password and paste it in, you have much, much bigger problems

Bitwarden

Attached: 1527254272682.jpg (459x321, 22K)

yeah, how dare I want convenience. I have no clue what I was thinking

I really don't see how it's worse then sending all your passwords to 3rd party and tell them every time when you need that password

$ curl eff.org/files/2016/07/18/eff_large_wordlist.txt | wc -l
7776

roll 4 words that's 7776^4 which is ~ 2^51

in full-random string you have charset of let's say 90 characters thus you need 8 random characters to beat 4 random words, that's not much

anyway both options are retarded and people should learn to use asymmetric authentication

KeepassXC

/thread

Lastpass with a long password and 2FA. I trust it enough

>I store my passwords via closed source software onto someone elses server
honestly the dumbest thing I've ever thought of, I use pic related then have a unique algorithm to generate passwords using it, this way it can also tell me passwords and leads to secure and unique passwords for every website and the only way my "password manager" could be compromised is with physical attacks and me divulging the algorithm I use to generate the passwords

Attached: 2016-08-23T20%3A04%3A02.919Z-PIXELIZED_IMG_20150821_123126_Peter_Ink_Nolariod.jpg (653x435, 50K)

depends on the attack you brainlet, not everything is sheer bruteforce some people use dictionary combination bruteforce correct way is FUCKy0u12$$andalsoilikeapples

Lastpass with Yubikey 2FA. Works for me.

this

passwordstore.org/ with the repo synced to my own server.

Compile KeepassX yourself

>not asking a cute to generate your passwords youtube.com/watch?v=rGwSxwPcH1U
You are doing it wrong.
Jokes aside, i use the same password everywhere except for my email, i should definitely use the diceware method to generate some new passwords.

pass is available on all 3 OSs you mentioned.

my brain

just use keepass you retarded fucking untermenschen

i see this thread every FUCKING day

How empty would Jow Forums be if each thread could only be made once.

>keepass
Isn't that local only? What if I'm away from my PC and I need to access my passwords?

>What if I'm away from my PC and I need to access my passwords?
use something secure like syncthing to keep the up to date database on all of your devices

Lastpass, it's amazing.

I just switched yesterday from lastpass to 1pass. Really liking the UI so far.

There's an Android app too. I just sync my password file with my phone every night. My work blocks all kinds of folder/file sharing/syncing so to get it there I just email it to myself if I need to.

that's why you don't use a cloud-hosted password manager

KeePassX.

Also has a 'droid version to make password management back and forth seamless.

Attached: 24411.png (256x256, 36K)

>Not using passphrases

I'd never use a password manager which provides it's own cloud storage.

Just use one of the following and pair it with your home-server for syncing:

>enpass safeincloud
>KeePass

Attached: Expanding-Brain.jpg (857x1202, 159K)

The point of passphrases is to make things more memorable. That's the problem, don't do that. Just like people using passwords will tend to put capital letters at the beginning and numbers at the end, passphrase users will tend to choose words that make sense, famous sayings or variations of them, etc. Both of these are the weaknesses password-crackers exploit when there's a list of leaked hashes. And because your goal is memorability you're prone to reuse the thing elsewhere. "Don't try to remember passwords/phrases" is a rule because it serves the purpose of "every site's password should be unique and unrelated"

Human brains are not good at remembering dozens of strings of unrelated words, just like they're not good at remembering unrelated strings of random characters. So they'll take shortcuts that compromise security. Using a password manager with randomly-generated passwords that look like "GVQ43RZFBHVoyNh0%SIkzf7Q" both relieves you of the need to remember dozens of passwords OR passphrases, but it ensures that you don't get bitten by the exploitable predictability of habit-forming, lazy, human brains.

Memorability is the problem. Jettison it and all the issues vanish.

TL;DR Bitwarden for the convenience of sync, KeePassXC for a bulker security

If you wanna sync your passwords through multiple devices can't be bothered to do it manually, and get some niche browser addons, use Bitwarden, the free version offers a lot desu

If you want a stronger security and/or you don't trust third party servers, use KeePassXC, its a fork of the og KeePassX, but updated more frequently, however, if you need your passwords through multiple devices and OSes, you'll have to find a way to sync them
Sorry I can't help you with this, I have little experience with offline password managers

Attached: 1527174227678.gif (720x720, 1.44M)

>my desktop
Bonzai Buddy. Who DOESNT use Bonzai Buddy?
been the favorite and best since win98. retards
my shortcuts are so fast you guys cant internet better than me..

Attached: bonzaibud.jpg (801x603, 117K)

>juggling coconuts
truly ahead of his time.

Memorable passwords are easy for humans to guess, but not computers. Why do you think autocorrect is so bad? Password managers also need passwords, writing it down on paper is obviously problamatic, you could lose it, and it's overall just very annoying to input, it's much better to have a longer easy to remember passphrase, or a shorter password using Unicode characters (Chinese, emojis, etc.)

>>Memorable passwords are easy for humans to guess, but not computers.
This is incorrect. The several massive password leaks from real accounts and compromised websites enable password crackers to gather a great deal of statistics about how humans tend to choose passwords. A hash-cracker isn't just trying every combination in brute force order, they learn the tendencies that humans tend to exhibit and try those first. For instance, capital letters tend to appear at the beginning. Numbers tend to appear at the end. Two or four numbers in the format of a birth year (92, 1992, etc) are far more common than other numbers. They know all about l33tsp34k. For passphrases, people will tend to pick words that make some kind of natural-language sense. And capitals will again be most likely at the beginning of words, etc.

All this cuts down the search space by orders of magnitude, and it's an inevitable and predictable consequence of the kind of shortcuts human brains take to make things memorable. That's why when there's a leak of hashed passwords from a compromised site (RockYou was the first, subsequent ones have come from MySpace, LinkedIn, LinkedIn again, and many other sites) better than 95% of them get cracked within days by someone with a rackful of GPUs. Those cracked passwords improve the statistics about how humans tend to come up with passwords, and the next time around they'll guess what you find memorable with even more accuracy.

There's no defense except hard randomness - which is also impossible for any normal human to remember. Taking away all these human-factor tricks is necessary to get the law of large numbers to protect you, by forcing any crackers to look through the whole search space with no clues.

Perhaps AI in the future will improve password guessing ability, but it's still really bad, one day when auto correct gets good, then I'll be convinced that computers will be able to guess passwords, but for now passphrases are secure enough.

No, this doesn't need AI or machine learning or various future memes. It's not a hard enough problem to need those. Humans are just not random, and that non-randomness is easy to exploit and optimize for. It's here now. Don't take my word for it, read this guy's article. It's from 2012, cracking has gotten much better since then.

helpnetsecurity.com/2012/06/11/lessons-learned-from-cracking-2-million-linkedin-passwords/

I love these threads, always cool to see how the computor experts here don't even know fucking basics of information theory like entropy lol.

>t. Robot
Jokes aside, to a computer, a passphrase and random string of the same length have similar difficulty, sure, the random string will have higher difficulty, but it has the disadvantage of being unmemorizable. NIST now official discourages random strings in place of Unicode passphrases.

pages.nist.gov/800-63-3/sp800-63b.html

t.?

t.?

I use Enpass on my GBotnet Pixel 2, and a pen-and-paper journal at home. All passwords are generated with the node.js crypto library at 51 characters long.
Every important file on my PC is encrypted with RSA-4096, the rest are unencrypted (thanks Windows). When I switch to fully use Linux (dualbooting), I'll be encrypting my drive in its entirety.

>but it has the disadvantage of being unmemorizable.
That's why you use a password manager, so you don't care about memorizing passwords or passphrases. Computers are very good at remembering arbitrary data, let them do that for you. Trying to make passwords memorable has been the source of literally decades of security problems. Dump it.

>ever trusting 3rd party software to keep your password

sqlite then sha256 that.

>There's no defense except hard randomness - which is also impossible for any normal human to remember
or just diceware idiot

Diceware is just one in a long line of ever more complicated schemes to try and preserve memorability. The whole point is that preserving memorability is the source of all our password-security problems. And we don't need it. Password managers entirely remove the need for it. Stop fighting a losing war to preserve something harmful.