Storing all yr passwords in one central location

>Storing all yr passwords in one central location

zdnet.com/article/onelogin-hit-by-data-breached-exposing-sensitive-customer-data/

Attached: laughingoldman.jpg (1280x720, 133K)

>storing your passwords in the """"cloud"""
ftfy

Keepass(xc) mustard race.

Attached: 1471975585742.jpg (953x1200, 272K)

papet and memory master race

What ever they can have my encrypted password list hosted on the cloud, they still need to have access to my 38 character password

fpbp

Attached: 1507250167286.png (1050x903, 1.45M)

all my important logins are using different email and passphrases, if they hack my password manager have fun logging in my nexus account or some random sites and forums that demand login for basic functionality that I never use

there's literally no reason storing a keepass db in the cloud is a bad idea.
I store mine on my own nextcloud though.

This
>inb4 hurr durr only brainlets can't remember passwords

This, and also keepassxc masterrace too.

I do store all my passwords in one central location faggot, my brain.

Can't hack a peace of well hidden paper.

You do realize retard, that onelogin doesn't store passwords. It's a service for hosting SAML connectors.

>Trusting a third party with your passwords

Attached: Smile.jpg (600x600, 94K)

I have all my passwords written down on an a4 sheet I have hidden with other super boring papers where none will look andcant be hacked.

Attached: 1544150996037.gif (220x224, 55K)

>Storing any password anywhere but your brain
Enjoy getting hacked or locked out of your files.

Is bitwarden good?

they wont get into my shit with 2FA

passwordstore doesn't have this problem

>Storing all yr passwords in one central location
Every password is encrypted independently with pgp and the key to decrypt them is on a yubikey and only decrypt's a single one when i press a physical button.

Wew gosh OP, I store mine in one central location:
KeePassXC with a 34 char mixed-case+numbers+special passphrase that I memorized (no browser extension).
How fucked am I?

aren't your Keepass people concerned about the possibly of a worm/exploit that targets Keepass users specifically?

t. physically writes down passwords in a notebook. If you want my password notebook, you can try and take it from me *cracks knuckles*

brainlets can't remember passwords

Keyloggers are data interceptors are easier to write and get OS permissions for than than clipboard miners. I see no additional threat being introduced with Keepass compared to just typing a password into a website.

>charlets in 2018
real men use diceware

I keep my keepass db sync'd up using syncthing I also have a key file that doesn't get touched by syncthing that I transfer manually to each device. I use a 12 word diceware for my master password. And finally I keep my important email (for resetting everything in case shit goes sideways) and banking stuff out of it and in my head.

>having a database with these sensitive information in the cloud

This company is retarded and so are their customers.

Attached: basedandredpiled.gif (367x219, 523K)

You probably repeat passwords like a grandma.

Well, all my passwords in the actual db are 32 char diced.

>watch companies go bankrupt

My company uses keepass and I never really thought about it being a point of failure. Even if you manage to get access to a keepass database you'd still need to authenticate via LDAP and on top of that use a certificate that is stored on a physical card. To get to the database you need access to an ldap account that is authorized to access this specific database and it needs to happen from an IP that is whitelisted.

Basically you need to kidnap someone who is authorized to access the keepass database.

>Distributing your passwords over multiple services

>Forgot my password at work a few years ago
>IT guy gave me a temp password (like Jigglypuff12)
>Be sure to change it user..
>A few years later and a few different workplaces and Im at Jigglypuff22 now. Forced to change it like every 3-6 months(Mandatory)

Attached: PuyaSubs_Himouto_Umaru_chan_R_08_1080pF9BDA5EB_001330.394_0004.png (1920x1080, 1.95M)

I haven't yet figured out what the point of that scheduled password change is, but it sure as fuck isn't for security. Even people who normally manage their passwords very securely will have weak passwords for a root-level access that requires regeneration every 3 months. Maybe that's the point.

It's retarded as fuck and just makes more people forget their passwords or use less secure passwords that are easier to remember.

Uploading you keepass db to the cloud is not the same as using some cloud-based password manager that may or may not properly encrypt your password.

What I don't get is that my CTO who's the one who manages all that shit (small company; no real IT Admin) is pretty knowledgeable about cyber-security and he still uses that shit. Maybe all he cares about is that the hopeless people use password5 instead of password1.

this.

>anything manmade can be broken

why am i not surprised?

It's just for the windows user. Not like every office drone have permissions to fuck shit up.
Also a security breach is an IT problem,not my problem.

Attached: 27C971D5B630454090A06419948C1920.jpg (664x749, 338K)

Jokes on you, our entire database access is tied to our Windows credentials. Though you do need to be on the physical LAN to access it.