Password managers

KeePass all the way.

Windows: KeePass2
Mac: MacPass
iOS: MiniKeePass
Android: Keepass2Android
Linux: KeePassXC

Keepass or pass

Your choice, both are fantastic and miles ahead of anything else.

Why not run KeePassXC on Windows and macOS too?

Indeed, both are great. I will never understand why people shill "cloud enabled" security software.

pass all day every day.
Nothing else integrates so well with my config files and bash scripts.

Attached: 2019-01-21-143213_188x51_scrot.png (188x51, 2K)

None. Use your autistic memory.

cerebellum 2.4

Nice PRNG.

installed keepass2android offline
will probably get keepassxc for the desktop and keep them stored on both devices, but will still keep the paper at home in case I lose my phone and something happens to my desktop or some shit

is it living on the edge because it's not enough to store, or because firefox's storage is unsecured and I shouldn't save my passwords on it?

>firefox's storage is unsecured and I shouldn't save my passwords on it?
Bingo

>living life on the edge
Why? What's the point of password managers? I can't see a single reason to use them. They're a literal meme.
If you're sharing your computer with other people then you should use separate OS profiles. If you're the only one using the current profile then what the hell do you achieve with a password manager? It's even less convenient than your browser's password saving feature.

Encrypt the user folder.
People have lived without the meme managers for years and passwords were never stolen because "hurr it's unencrypted on your disk".

Attached: d305ec2a-9f5a-4894-8cd3-a7c43bb0756b-brain-640.jpg (640x360, 117K)

Ok, what's the vulnerability if you're using a master password?

Master Password

I use KeepAss on dropbox its breddy gud

Yeah, your head.

pass
keepassxc if you're dummy and can't read but love clicking buttons

The point is to have strong, unique passwords so when one of these retarded sites gets hacked all the accounts that are related to your email don't get fucked.

Just keep them in a .txt file on your desktop, you'll be fine.

If anyone gets your master password they got everything. Which is exactly why this shit is stupid. 2FA is a better choice than password managers.

So what's the point of a password manager then? Everything you've just said can be achieved with just a password generator or randomly pressing 20 keys on the keyboard.

I use enpass.

>KeepAss
Fuck you, i laughted out loud in the office

Attached: 1539726929403.jpg (793x786, 54K)

Pass for Linux and password store for Android.
Sync over private gitlab repo.

Completely open source and is basically PGP encrypted .txt files with passwords.

Attached: Screenshot_20190121-155457.png (1080x1920, 94K)

???

It's the same as having passwords on a note in real life, are you actually braindead? How the fuck do you not understand why having strong, unique passwords is important and post on Jow Forums?

A lot of popular software is not all that necessary. Basically, you could manage all your passwords with an encrypted text file and a simple shell script (to copy them to the clipboard without needing to open the file manually), but most people don't know what those are so they want to download a program that does everything for them out of the box.

>I can't see a single reason to use them
Unique and random passwords for every service you use.
That way when one leaks your passwords, all the other are not compromised.

so you just encrypting plain .txt file with gpg?

Ok, by that logic if anyone gets your keepass repository, they have everything. How would they get my password? Firefox doesn't keep it.

>having strong, unique passwords is important
This has nothing to do with a PASSWORD MANAGER you complete fucking retard. You can not be an idiot and use different passwords for different sites. Having a piece of software keep them all locked behind a single password on a computer connected to internet just makes your entire system less secure.
>same as having passwords on a note in real life
So why is everyone saying that having a note is worse? Your note can be stolen by someone with a physical access. Unless you live in niggerland this isn't an issue.
Your password manager data can be stolen too (even without physical access) and all it takes is brute forcing the master password or injecting you with a keylogger or a memory reader and you're equally fucked.

>encrypted text file
Or just keep it on an offline, password protected and encrypted phone. It seems like a much better choice than anything mentioned in this thread.

>Unique and random passwords for every service you use.
This has nothing to do with a password manager.

That's what pass does, yes.

>This has nothing to do with a password manager.
How?
Password manager allows you to generate/store arbitrarily complex passwords with ease. You remember one strong password that is not written or used anywhere else and you are secure.

nice idea, thx btw

>all it takes is brute forcing the master password
Ok, I have a password that's about 16 characters long. Let's assume I don't use special characters, just letters and numbers. 26 lower-case, 26 upper-case, 10 digits, that's 26+26+10=52 possible characters. For a length of 16 we have 47672401706823533450263330816 possible passwords. Sure, you can use a dictionary attack because it's unlikely I memorized a random 16-char string, but still.
>or injecting you with a keylogger or a memory reader and you're equally fucked.
Windows problems.

Alright hotshot, I wasn't aware you can remember tens of unique passwords for each one of your accounts. Nowhere did I say note is bad, I PERSONALLY prefer the digital option and it most definitely isn't in any way less secure unless you're an imbecile.

>allows you to generate
You don't need a PM for this. The primary purpose of a password manager is to save passwords, which you can do in a much safer way.

His point is that you can do that without a password manager. Password managers just make that easier.

I agree with this and that is why I don't use a password manager

>His point is that you can do that without a password manager
Well, of course you can.
You can do a lot of stuff without dedicated software, but it exists for a reason.

>You don't need a PM for this.
I don't know. It sure is better to write: "pass generate -n30 name" than using gpg to generate the password, touch to create a file, cat to put password into the file and gpg again to encrypt it.

And then manage all the files and contents.

KeePass XC Syncthing KeePass DX

>Windows problems.
Any Linux program can easily keylog you on Linux because of how X is designed. And you're retarded if you believe that Linux isn't affected by browser and CPU exploits.

>exists for a reason.
Yeah, so that brainlets feel smart.

how exactly do you encrypt the user folder manually? this legitimately seems a lot simpler and safer than trusting android applications that I can't really check the source code to see how the encryption is implemented due to sheer lack of knowledge

github.com/jcs/rubywarden
github.com/dani-garcia/bitwarden_rs

How would anyone get your passwords stored in Firefox? Unless you're targeted and already using an infected computer, in which case even password managers won't help you.
To answer your question, brute force attacks if the attacker cares enough. Which is why 2FA is a superior option if you care about security. Password managers don't make your shit more secure, they only give you some convenience. If you're looking for a retard-proof solution then password managers aren't it since all it takes is a single fuckup or malware to fetch your master password, then ALL your passwords are taken. Compared to only one or two being taken if you don't keep your passwords on the computer.
The whole point is that retards keep saying that password managers make your passwords more secure, which is objectively false.

>isn't in any way less secure
Introducing a single point of failure already makes it objectively less secure.

You're literally opted to encrypt your user folder when you're installing an OS.
There isn't a good solution for android other than not losing your phone and using 0 proprietary apps.

Bitwarden is based

I use a combination of different ones. Whatever comes with my browser, and password-store to have something that is a bit more platform-neutral. I'm sure someone have made scripts that let you import things from password-store in firefox, but I haven't looked into that kind of stuff yet.

You're talking about hosting your own Bitwarden server. They also have an option to use their servers.
But...
>>only installable through docker
Uh no. There's a shell script.
>>requires MS SQL
Would you prefer SQLlite?
>>requires some weird unique id, who knows why
Because people are too retarded to set up RSA key pairs.
>>electron clients
>Who cares?

>he doesn't just make diceware phrases and remember them all
It's very easy. Your pass will never be safe if it is recorded anywhere.

A piece of paper and a pen or pencil, whichever one works better for you.