Overall, which one would you use?
@arh For bitwarden I do not trust a software available only as cloud subscription or black box docker images containing microsoft products (what about licenses of those products ?) and that I cannot install on my FreeBSD
@arh Not possible to build with the avaiable documentation without douing reverse engeneering, and finding dependencies which may not be available to me.
@arh Anything that is "cloud" is no go for me. Also anything proprietrary, online or offline. FWIW I use pass, but used KeePassX before.
@cadadr these are libre, checked by FSF. About cloud, well you can self-host on a home local network but thr antifeature of Bitwarden that doesn't let you use it absolutely offline is a problem, I agree with you.
@arh Oh, didn't know bitwarden was FOSS. Thought it was like 1Password or whatever. Nice that they have a web based alternative.
I find that both KeePassX' and pass' files are easy to sync with sync software, tho then it's 2 things to maintain, so it's neat that there are options.
@arh I mean, keepass looks great, but i havent found a version that like, i can host has a seever to be able to access them from my phone, or with an extension.
Bitwarden instead both has a selfhosted option with all the options, and a version hosted from them for free, even if a slightly smaller set of options, but still, is plenty enough do normal use i think
The only issue I have is when I modify db on one device while it's already loaded into memory in the second one. But ten I just need to close and reopen it on the second device, I can live with this. I haven't found anything better so far.
@arh I should use a password manager. Typically I have no problem remembering 8+ character random sequences, but it's not a great use of my time.
Yet I only have pi memorized to 3.1415926 because I never cared enough to enter that wang waving contest.
@arh none of the above.
stateless password management is where I go. no database to backup or sync, regenerate the password from seed info every time I need to use it.
@arh You don't have enough options here;
I do "encrypted text file," but I understand that's pretty geeky.
I personally recommend
"Paper and pencil in a purse/wallet" over all others for most people.
@arh I don't recognize any of these... Google Chrome automatically remembers Passwords... That's What I Use.
@arh Yes - That's what I Use and It has worked great... BUT I DON'T USE IT FOR MY BANK ACCOUNT... I Just Write that down on a Piece of Paper...
@Gregvan then I suggest using a secure password manager. Trusting Google, in any way and reason, is not a good idea.
@arh Ok... Free Advice Noted... On a slightly different subject, I Have made it a Point to Tell Google EVERYTHING POSSIBLE about me... I Uploaded my Autobiography... and every opinion I've Ever Had... and every Fiction Story... MY GOAL is to Live Forever in the Cloud as a IIDURU... or BOT or Whatever we will call it after the Singularity Happens...
@arh I'm currently using KeePassXC and Syncthing to keep the database synced across devices. I haven't had any issues with it.
Remembering passwords has become more difficult with all of these passwords. Keepass is my current solution but a self-hosted open service is my personal endgame.
@musicmatze @peranchor @arh There are several problems with password-store. It doesn’t conceal metadata, just stores “data” and doesn’t have defined fields for passwords/urls/usernames/notes, uses PGP, the front-end GUI clients are poor quality (I never got it working on Windows)…
I forked it to hide the metadata a while ago, probably should have upstreamed it…
Look. We don't think someone cares a lot about your list of accounts or is cracking your computer. This is just a hint that a program is doing something wrong. It's not this specific part that is important, it's the whole process that matters. So when we see some metadata is leaked somewhere, while it shouldn't, we're talking about some serious possible corruption. Security enforces us to be cautious always.
@arh wouldn't that only apply if one has spyware installed or has their system compromised in another similar fashion? It is best to be cautious and use a software that does not leak metadata for the fact that infections can happen without our knowledge, but to say tons of people can access your PC because you use internet is a logical fallacy in my opinion.
Firewalls work wonders.
A simple click on a link can compromize your system. Or even an app that has access to your files. That is why we cypherpunks are always asking people to encrypt everything.
This service is offered by hostux.net, visit our website to discover all the free services offered.
Beer, privacy and free software lovers. Join us!