Redpill me on KeePass. Is it worth storing all my passwords in one file...

yeah. it's encrypted so you can back it up on cloud if you have strong enough password.
wouldn't that be keepass 2?

And what about mobile? Do you have sync setup for multiple devices?

1. Yes
2. Back up your file. Seriously.

You can do a shit load of advanced things with it since it's just a file. Like hosting it online for access anywhere.

Not him but I used MEGA for that

What app to open the kdbx?

I personally manage my keepass by...

>Storing the database file on dropbox so my passwords will always be in sync across multiple devices
>Having a additional composite key file needed to open the database that always stays offline
>Also needing a password to open the database in addition to the key file

So even if someone cracked into my dropbox account and downloaded my database file, they'll never be able to access my account without the offline key file. Having a password just adds a "third layer" of security.

I use the open source keepass2android app for my phone.

>database needs keyfile and password
>encrypted database uploaded on two cloud services with different passwords used for encryption
>both cloud accounts have two factor (non SMS) enabled and notify me if anything tries to login
>Manually sync database file between PC, laptop, phone and tablet

Don't think I could much more paranoid aside from only backing up encrypted database images on airgapped hard drives desu.

As is the only acceptable way.

How does bitwarden compares to it?

Why not just memorize your passwords?
Pick phrases or things you won't forget and use them as the basis for your password, just don't be simple about it.

Can you in my case memorise 200+ password with an average length of 128 random letters, numbers and symbols many of those passwords containing random symbols from the UTF-8 unicode spec?
It's not just about security but also convenience.

it's good, if you're suspicious you can just use multiple Keepass databases and keep all the stuff you access constantly in one and all the stuff that's valuable in the other.

I'd recommend the favicon downloader plugin, it allows you to batch download favicons from the URLs in your database and set them so it's easy to look through all your saved passwords.

you will either memorize 3-4 passwords and reuse them or at best use jumbles of the same base phrases in order to create passwords that are still easy to forget (was it the red dog or dog red or was it 3000 or 2828) which will use up all your 3 retries but be easy to guess if someone has access to any 1 of your passwords.
No one makes and remembers a completely unique password for every single account for every single website.
like said it's better to lock that stuff behind a master password in the form of a database where every account has a unique generated password.

Then memorize that master password and the passwords for important thing you keep outside of the database such as bank details, PC encryption keys, etc.

I use both.
Bitwarden for regular username and password. Keepass for more serious stuff

>Keepass for more serious stuff
Is Bitwarden not as safe? Why two different ones?

What's the difference to KeePass 2?

>perfectly secure
Still vulnerable to keyloggers that monitor what you copy.
Also KeePass doesn't clear memory and some recent passwords can be recovered.

It is still pretty good.

i laughed.
thank you

I've been using it since 2004. (t. oldfag). It's fine and it works for me. I keep my keepass file on nextcloud.

I use the same file with Keepass 2 (windows), Keepass XC (linux) and MiniKeepass (ios).

I don't really know the differences; I started with Keepass 2 on windows and started using XC on linux because 2 had to run under mono.

Do you guys use the browser add-on to fill in website logins? I normally just right click on the login field and choose fill in username + password with the KeepassXC plugin. Should I do it different?

Oh, does that have a built in password generator?

if you use the wrapper, pass, it does.

I use the browser add-on

> I normally just right click on the login field and choose fill in username + password with the KeepassXC plugin
Seems like more work to me.

I use the XC fork because it uses less memory and is more updated.

I've been using KeepAss for a few years, before an update caused it to SIGSEGV every once in a while, which is pretty bad considering how much I'd miss my paswords if I lose it.

Now I use password store, which works great if you like tinkering on Linux.

tr -cd '[:graph:]'

KeepAss + Synthing = best personal password management system

The value in password managers is more in the ability to generate secure passwords than in storing them. Any technique a human uses to generate passwords will be inherently nonrandom and insecure, because the human brain sucks at that.

If I'm a good goy who uses botnet 10 is there any reason to use ass XC over standard keepass?

Nah. The reason keepass2 sucks on Linux/XC is preferred is because Mono kinda sucks, especially if you're installing it for just one program.

Works with more platforms should you choose to adopt them

This.

Attached: augmentedvisions.gif (500x401, 168K)

KeePassDX, F-Droid.

>urandom
Use random, idiot.

Attached: 1553341024427.png (700x689, 180K)

How did you use MEGA for that? I though saving offline files on the MEGA app is read only.

Its impossible they didnt notice this when making the name. They knew very well what they were doing.

KeePassXC, KeePassDX on android and Syncthing to sync dbs

I don’t like that you can edit the password every time you click to read it.

>Also KeePass doesn't clear memory and some recent passwords can be recovered.
As far as I know all password vaults have that exact or a very similar problem.
As for the key logger, well yeah if you got a keylogger you're fucked.

Dashlane master race.

Posting a picture of yourself, I see.

How many times a week do you reset passwords?

It says it literally in the manual: don't use urandom for cryptographic keys.

I use keepAss XD for Android

man 4 random
>The /dev/random device is a legacy interface which dates back to a time where the cryptographic primitives used in the implementation of /dev/urandom were not widely trusted.
>The /dev/random interface is considered a legacy interface, and /dev/urandom is preferred and sufficient in all use cases

2uo.de/myths-about-urandom
>/dev/urandom is the preferred source of cryptographic randomness on UNIX-like systems.

Ok, you're not a brainlet, just a troll.
Enjoy your generated cuck numbers.

linux.die.net/man/4/random

Outdated page.
manpages.ubuntu.com/manpages/bionic/man4/random.4.html
man7.org/linux/man-pages/man4/random.4.html
Also, even that outdated version says that urandom should be used for everything but long-lived public key encryption keys.

The Electronic Frontier Foundation has recommended KeePassXC as "an example of a password manager that is open-source and free."

- KeePassXC wiki

those documents don't matter if you have a brain

the random chad
>collects real entropy to get real randomness

the urandom virgin
>creates a poo soup by combining random's real randomness and generated shit for the sole purpose of non-blocking convenience

do you want a random password or poo soup? the choice is yours

Every mainstream password manager is literal botnet steaming pile of shit. Use a stateless one like LessPass instead where you don't need to store any creds.

>he doesn't use passwordstore with dmenu
>he doesn't want all his passwords securely and conveniently a keypress away

>not using Dashlane
LOL!!!!!!!!!!!!!

>Dashlane
>not using LastPass™
LOL!!!!!!!!!!!!!