I never thought about using a password manager, as it sounded like the normiest thing ever - gathering up all your passwords in one place and then securing the whole pile with a single """master password""". But ever since I got a phone with a fingerprint reader, I've come to enjoy authenticating with that whenever I can. I heard a lot of the managers out there let you use FP, so I've been thinking about giving in at last to the PW manager jew.
But it still wigs me out to completely centralize all my credentials. How about this instead:
Devise a standard ass-word creation scheme for all your shit, where each one starts with a common sequence (say "Technologyniggers") to add length and break brute forcing; and then ends with a unique phrase acting as a salt, depending on whichever site you're using it for. Substitute numbers & symbols as needed, if the site requires it.
So for facebook, your pw would be "Technologyniggersfaceb3rg", and your google account, "Technologyniggersb0tnet". It's easy to remember but with plenty of entropy, and even if your shit gets leaked in a major hack, each one is still unique.
Is that secure enough to justify the added convenience? And is there still a redpilled reason to use PW managers that I'm missing? I just want to retain the ability to theoretically log into crucial accounts from (for example) a public computer in a different country with no browser extensions if I have to, without logging into dropbox or any other additional site, and without absolutely NEEDING some physical device I have to carry around with me. I can't shake the idea of being reliant on any sort of singular, sacred token to access my whole life.
>closed source >online capabilities botnet shit so use keepass and it's fine
Nolan Brown
Thinking about using Keepass, but how do I keep my passwords in sync with all my devices?
Tyler White
This is a shitty idea because 1. You should change your passwords occasionally 2. After 50+ accounts, you'll forget your passwords 3. It doesn't work for security questions
Benjamin Gomez
Use a cloud service to sync your password sources.
Logan Cox
>autism on the Jow Forums Dude like whoa
this is why I like the idea of KeepAss. But I feel like a lot of nig/g/ers just kneejerk mention that because muh FLOSS. I would use a password manager developed by the Rothschilds themselves, if it was a smidge more convenient feature-wise than all the others.
I'll admit I don't love the idea of storing my shit on a corporation's servers, but honestly I think I'd end up preferring that since I'd just end up using some other service (dropbox) to do it anyway, and with a hit to the convenience factor.
Nathaniel Ortiz
Can I use something like syncthing?
Ayden Brown
KeePass even lets you set reminders to change passwords on a schedule. Now for a blog, feel free to skip it.
I use it on my PCs and phone while syncing the db through google drive. My only fear is if I were to lose the database I would lose access to a lot of accounts which may be difficult if not impossible to recover.
Or in a hypothetical situation I become a bum for some indefinite amount of time, while it's definitely not a top priority to maintain my online presence I'd have a harder time keeping it (and the db) maintained. In other words something really out of my control.
However I'm about a year or two deep in the keepass koolaid so until things get really fucked I'm fine with using it.
Ryan Thompson
Can anyone legitimately redpill me on password managers? I'm just not seeing why it would benefit me to round up all my login credentials across the entire internet, and slap a single unified attack vector on all of them.
It's convenient and you only have to remember one 36+ character passcode instead of 20+ individual 36+ character passcodes.
You do use strong passcodes, right?
Samuel Long
Because if your password manager is offline as it should be the only person getting your stuff is a personal attack.
Noah Brown
Just you Bitwarden Its FOSS and has everything youre looking for.
Jack Williams
So you focus on securing one thing very strongly.
My Bitwarden master password: >120 entropy >physical u2f key
Someone would need my masterpassword and access to either that phtsical key or one of my personal devices.
Owen Wright
You can call it autism or anything.
But I need passwords in my Phone and Laptop.
Juan Garcia
someone would literally have to have access to the one password which i don't use for anything else. need access to the file itself thats on a drive not connected to anything
its pretty much impossible to get my passwords, or anyone else using keepass
Christian Adams
You can but it's made by retards. So make backups and prepare for it to be randomly deleted
Liam Powell
Don't forget you can put 2fa on the login for new devices. And limit countries / Tor access
T. Ex LastPass user now 1password
Nathaniel Sanchez
What about keyloggers?
I keep my shitcoins on a variety of separate exchanges. (>t. Jow Forumstard) At some point early this year, I must've caught a keylogger packaged with some mining program I downloaded, because I found my ETH wallet empty one day, so I knew whoever did it must've grabbed my plaintext private key when I decrypted it at some point; and shortly after I started getting emails from all my shitcoin exchanges notifying of failed logins from Russian IP's lol. (failed only because they hit my 2FA)
Crypto has made me extremely tinfoil-hat-tier about touching the keyboard if I'm dealing with anything sensitive. If I was a big enough retard to end up with a keylogger again somehow, wouldn't having one password for everything have even more destructive results?
Carter Brooks
Why 1password over lastpass? Or the other ones, for that matter
Jack Evans
I like 1pw for the reason that you can store otp codes in it. It has really fast autofill, and I don't think I've had it bug out any time ever. It's pretty cheap for what you get. The sync has never failed me. But it dosent let you organise with folders. Just tags and labels. One major downside is that it's a bitch to export data from so just be aware.
As for LastPass I lost my BOIpussy virginity to it. And used it for a couple of years. I switched when they had a semi public breach (no data was leaked but I dident want to take the risk) before I used 1pw I was oblivious to how shitty their autofill was. It feels like using it through syrup.
But make a few demo accounts and try both out. 1password needs a companion app though which triggered lincux fags. And LastPass doest not.
what? i dont have to do any of those things since im using keepass. its literally not accesible by anyone
Joshua Nelson
>implies that a password manager is insecure but uses FP authentication lmao neck yourself
Gavin Stewart
I quoted the wrong post my bad
James Miller
>have to pay for it ahh I gotcha now. Not gonna fall for that though
Cooper Nguyen
I used to listen to Steve Gibson's Security Now podcast and he mentioned various methods for creating passwords over the years, including domain name-based passwords and padding to increase entropy. Also, I made my own version of his Perfect Paper Password method. I don't know how good were his advices, but since I moved to random long passwords stored in a password manager.
One thing I don't trust to them is anything financial. Even shitcoins. These passwords go into my head.
Anthony Sanders
T. Poorfag
Nolan Foster
So password managers are a no-go for anything involving memecoins?
How do you generate your exchange passwords then? >t. russian hacker
David Lopez
So what, is Keepass just a glorfied spreadsheet file? Since you have to keep it offline.
Ryder Rivera
OP here, this user knows. I did some research and Bitwarden looks like it comes out on top, enjoying it so far.
I've been using 1Password with the db synced via Dropbox for years, but they won't support WebDAV which rules out moving the db to my Nextcloud instance. Recently got onto Bitwarden and is pretty comfy and integrate well with Android 8.1 (nogapps of course). Are you self-hosting it?
Liam Lee
I use keepass with the db synced using scp and a vps.
Keepass does not store my passwords, just hints from which I derive the password
Jack Morales
1. your password creation scheme is insecure 2. password creation schemes break on idiotic password rules (often contradictory between different sites) and mandatory password rotation (my bank does this).
Jaxon Diaz
People can't remember hundreds of independently random passwords for hundreds of services. So if someone can't remember them then they need to store them. Password managers solve this plus add some convenience features like syncing and autofilling (which can actually help against phishing). Alternatively you can physically write your passwords down on paper. Contrary to popular belief, it's not that bad.
Connor Cruz
I use keepass, I sync it via gdrive between my phone and file server
I don't really like the idea of using the cloud to synx it between my devices, but it's a lot smoother than transferring it. I also don't want to keep my keepass database on my phone.
I've thought about using a keyfile, but I don't know if it increases the security, because it seems snake oilish
Gabriel Rodriguez
I just have all my passwords written on a piece of paper in my wallet. What I do is not say what the username is, or I'll jumble up the username that only I will know what it really is.
Charles Bennett
There is no reason to not use a good password manager, as an example Master Password. masterpassword.app/
Eli Garcia
I don't know about is "into my head" point, but probably because if you were to lose access to the database it'd be hard to get access to those accounts? Even then not really (barring memecoins), at worst would have to call some people and verify yourself to get access back, only expense being time.
Nathan Sullivan
Keyfile is an additional and unknown entropy. If someone got your database and stupidly tried to bruteforce the master password alone they'd never succeed. I sync my db with gdrive and keep my keyfile locally on devices that need it, it has never touched the cloud. A better alternative would be to use a physical NFC key as a stand-in for a keyfile so there's no digital evidence and it can't be easily replicated.
tldr not snake oil, but can be used to ease up on the master password a bit. My master pass could be "1" and the keyfile would still make it as secure. However, if that keyfile is also obtained than my master password's entropy is on the line.
Cameron Ross
I also used to make passwords using an algorithm in my head. I used a different phrase which matched the importance of the password. Plus some matching numbers. Something related to the website. And so on.
But Ive switched to keepass because its more comfy. And changing and keeping track of passwords is now easier than ever. Of course I do use a password plus keyfile. And make regular backups.
Ive written down the passwords of my business because I need to share them with some other guy.
A trick I used is not writing down the entire password. Just add 'Jow Forums' for example to every password and leave that out. This way physical attackers wont know your password when they steal your wallet.
