KeePass

Any, really. It's AES-256. Use a keyfile and a long password and it's as secure as can be.
Although really I recommend running your own cloud. Why use someone else's computer when you can connect your own up to the net?

long password, keyfile that has never touched the cloud.

But yes, as others suggested, use a self-hosted cloud

????
It already is encrypted?

Replace the file with a empty textfile.

get out summer

t. ignorant neckbeard
He's correct though.

Come at me, bitch
Bonus points because Onedrive already comes preinstalled on W10, so it synchronizes the database nicely between my devices.

Attached: keepass.png (322x89, 3K)

I've uploaded my database on Dropbox and Google Drive without a keyfile, the password is around 50 characters. So far no problems.

1Password team member here. It's fine as long as it's AES-256 and the credentials are known only to you. "Cloud" doesn't equal bad security as long as you set it up properly.

fuck off

use the google sync plugin and use a key file that is locally stored + a long master password

It literally doesn't matter where you store it. It's encrypted to the end of the earth, such that the only way in is with the password and keyfile. Those are the two things you need to keep safe. Otherwise is doesn't matter. I mean, you should have your own owncloud or something anyway, but that's beside the point.

my.mixtape.moe/gavgrs.kdbx

This is a keepass file I just made with my standard encryption settings. In it is 0.03 bitcoin, about $250. Free for the next week or so to anyone who can prove it matters where they store their db file.

Thanks for the bitcoin retard

lol, still here on my end summer

Hello Sir/Madam

I am from company Adamjee Group Incorporated.

I have hacked your keypass database file.

I have your Bitcoin Information

If you want you're Bitcoin back.

Please
Send Bitcoin to my company's address

Thank You Sir/Madam.
Sincerely
John Khan-e-Qalat

this Plus use an extra keyfile which you do not upload and just carry around in offline archives.

Is lastpass safe?

No, it's proprietary

I thought Adamjee was a curry house in Hackney?

Either way, shit.

If you decided to use onedrive instead of syncthing, you should use it with CryFS. It's dangerous otherwise.

anytime anything is proprietary, its safe to assume its not really safe.
they're usually relying on obscuring information to keep it safe instead of actual proven and tested methods
theres also more often than not, some high up management idiot that wants convience or profit over security who acts as a single point of failure
some stupid real world examples like keeping information in a text file on an unpatched server for example (happens more often than you think)

Here's a black box. You can use it to store your passwords, secured with my magic black box technology, and your master password.

You can't see what I'm doing with your passwords, but thousands (if not millions) of people use my black box to store their passwords and nobody has reported that they have been compromised. Some black boxes have been stolen before, but nobody has reported compromises as a sole fact of that.

That's what Lastpass is. If that isn't a concern to you, like it doesn't to most people, go for it. If it is, use Keepass 2 or something.

Client-side encrypted but hard to audit. Also they could fuck you anytime you log in if they wanted to. Depends on what security you want and who your adversary is.

Enable Argon2 KDF with good settings (2 passes, 64 MB RAM and as many cores as your CPU has is decent), use a good password, and do whatever you want with it. The 256-bit offline keyfile is also a good option.

If storing your passwords (even encrypted) on somebody else's computer doesn't bother you, cloud-based managers like Lastpass are fine.

For Keepass in particular, using a keyfile that isn't stored on any internet-accessable storage is probably sufficient as long as your db file is encrypted properly. Storing it inside an encrypted (e.g Veracrypt) container is good if you're still worried.

also, no need to be so autistic and use a password manager
no one cares enough about your newgrounds account to try to take it away from you
the only really long different passwords and 2fa you really need are for your email, banking, and bills stuff
i know a guy that does just that
he has the same shitty password for every that he doesn't care about
cool stuff happens sometimes too. like just last week we tried fortnite for the first time and apparently someone hacked his epic account ages ago and had bought a shitton of skins on fortnite for him.
he just changed the password and removed all that idiot's friends and got a ton of friend invites the next day- obviously from the dude that used to play on that account

Syncthing between your phone and your machines

That's your position? That if your password gets stolen, maybe something kind of cool will happen?

I don't want to repeat password, because if one gets compromised than many of them get as well
I don't want to memorize 10 different passwords
Thus, I use a password manager.

Is there a FOSS password manager that has good cross platform integration? KeePassXC is what I currently use but it doesn't have an easy way to sync.
I considered lastppass even though its not foss but once i found out about their issues with the extension i discarded all commercial options.

Keepass is as good as it gets - I'm not sure how you can get better cross platform than a file you can open anywhere. Do you want your solution to host it for you or something?

There's passwordstore.org which, although autistic, is elegant and can use git for syncing. It has an Android client.

its actually a nice experiment to see if some autist can crack your database. You should start your own thread.

this

maybe cross platform wasnt the best way to describe it. i really just want something convenient. I can probably program something that auto uploads the file but i'm being lazy and want to see if a method already exists.

pass has the same problem as keepass (not xc). the plugins are really useful but they are made by too many people and are really spread out. so many points of failure.

ya. why would i care about an account that i just said i dont care about?
thats why you only use the same password for shit you dont care about
also, you definitely don't need to memorize 10 different passwords. no one is fucking after you. most people's threat models here are for forgetting and losing their passwords. i gurantee you 99% of the niggas using password managers absolutely don't even need them

you're fucking retarded, none is after me, they are after the websites and their databases for the info on thousands of users.
haveibeenpwned.com/

I use a key file which I never upload.

It means more hassle because I have to physically put the key file on every device I want to use KeePass with.

As long as the key file is never compromised I should be safe.
But I also use a password just in case.

the idea is that you store the keepass file on a server you own and then use something that uses webdav to sync, like nextcloud

>I can probably program something that auto uploads the file but i'm being lazy and want to see if a method already exists.

I just use a git repository.
But that's because I use git repositories anyways.

Only real problem is: merging is impossible. - but I don't think merging is possible with any solution.

damn life must be hard for you to be this brainlet
again, let me reiterate for the 4th time. how does this affect you when you're using the same password for accounts that don't matter and you don't care about?
oh right. it doesnt.
fuck off retard

You could give random retard your password store and as long as you used AES-256 with a strong password they will never get in it for a very long time unless an exploit comes out which is unlikely at this point.

>1. obtain encrypted database
>2. be very patient
>3. until RSA and AES are considered insecure
>4. decrypt database

RSA is 40 years old already. Don't think that'll happen in the next 100 years

You're just not patient enough dude.

Use Bitwarden.

/thread.

this

How is this different from LastPass?

FOSS

Write down your passwords in a Google Docs file called passwords111.

on google drive

it's already encrypted but encrypt it with vera crypt anyway using blowfish-aes-twofish-serpent-camelia-kuznyechik algotithms and then encrypt that with aes again. create 7z archive, split it into 7 pieces, repeat encryption, create rar archive, split it into 11 pieces, repeat encryption, create zip archive and rename extension to .tar.gz.txt.js. encrypt it again just to be sure.

p.s. change your google acc password every 30 min and use 2fa, retinal scan with fingertips (all 20 fingers). monthly dna check is a must.

>what are quantum computers

Something that'll become practical after I die

By using NextCloud to host your own cloud.

Yes, they've been targeted and it wasn't possible for the hackers to get passwords

Keepass.

Use keeweb, they have Linux, Mac, and windows versions, along with a website version. app.keeweb.info/ then use keepass2android, that is the only version I found so far that allows you to use your database from a cloud service. These two programs are all you need to access your keepass database no matter where you are or the platform you're using, well, actually now sure about iPhone, because I'm unsure if you can upload/download your kdb/x file on an iPhone.

Also, if I setup a kdbx database that doesn't use a keyfile, can edit the database to start using one? How does a keyfile work with keepass, do you have to generate a public/private key for it like it's an ssh key? Or is it just a private key? Do you still have to use your password, alongside the key file? Obviously it's more secure with one, so it's worth it, but my kdbx master password is 10+ words separated by spaces, so is it really necessary?

>change my passwords so the db is useless

Other poster is probably on the money with a git repo, just always force push or something.

Alternative is dropbox or similar - same file everywhere, just the most up to date one. Very little headache that way. Perhaps owncloud if that floats your goat

>no one is fucking after you.

Botnets are constantly scanning the web and trying to poke holes in systems' security. It's a background radiation you need to protect yourself fro,.

For accounts that don't matter, I do use my default password, but 90% of the accounts I use do matter to me. Bills, banking, work accounts, email, server passwords. I have a good 25 accounts that I don't want getting hacked, hence password manager. I don't make trash fortnite accounts.

By having a hardware key for unlocking it

>not changing passwords regularly
>actually thinking dropbox and shit are out there looking for users keepass files to get into and steal your info
>thinking your meaningless passwords are going to be the main concern in your life in a world where AES is no longer considered secure when every site, database, etc all rely on it

There are a lot more things to be worried about if RSA and AES were found to be easily defeated.

what's your master password, lads?
mine is a statement related to the name of the street I used to live in with some special characters mixed.

i put it on my usb drive which i carry with me with a necklace.

feel cool as fuck

This. I host my KeePass file from a little machine I use to stream media to my phone and shit. It's not a concrete bunker with armed guards, but if you need that much security you shouldn't even be using a password manager for your use case.

how did you edit your post?

Git

You can't edit posts ln Jow Forums, lol.

EDIT: Oh, holy shit, Asian moot added the functionality to edit posts! Good shit! Type Jow Forums.post.edit=TRUE in subject in a new post, submit it, after passing the Captcha and post being "submitted" (it won't actually post), a pop-up window will appear, and your last post will be there, and you can edit it. Make your changes, then hit the save button.

found the newfag

Attached: IMG_5242.jpg (878x814, 92K)

Technology that doesn't work the way Hollywood has made you think it does.