Path: csiph.com!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail From: Keith Thompson Newsgroups: comp.sys.mac.system,comp.sys.mac.misc,comp.unix.misc,comp.misc Subject: Re: Do you use a password manager? Date: Mon, 12 Jul 2021 15:52:20 -0700 Organization: None to speak of Lines: 86 Message-ID: <87mtqr402j.fsf@nosuchdomain.example.com> References: <874kcz5pqn.fsf@nosuchdomain.example.com> <87zgur47bv.fsf@nosuchdomain.example.com> <120720211627013354%nospam@nospam.invalid> <87v95f45td.fsf@nosuchdomain.example.com> <120720211714274121%nospam@nospam.invalid> <87r1g3439e.fsf@nosuchdomain.example.com> <120720211811188799%nospam@nospam.invalid> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: reader02.eternal-september.org; posting-host="8e768a059c307f972b60d01ae7384758"; logging-data="6952"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19I7szFg8UrETF9zBa+8Wey" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) Cancel-Lock: sha1:QC98dMUparNGt3tWGNzSdSLcNxA= sha1:rxJvxWgnzABlj9oAOb1dRtXXEHQ= Xref: csiph.com comp.sys.mac.system:137233 comp.sys.mac.misc:8053 comp.unix.misc:288 comp.misc:21068 nospam writes: > In article <87r1g3439e.fsf@nosuchdomain.example.com>, Keith Thompson > wrote: >> >> >> >> Keeping the database synchronized across devices is left as an >> >> >> >> exercise. >> >> >> > >> >> >> > And that means you end up with not having the password you need unless >> >> >> > you limit your use of the Internet to a single machine. >> >> >> >> >> >> Not if I replicate the encrypted database across the machines I use. >> >> >> I understand that that could open a potential security hole if >> >> >> I'm not sufficiently careful. But if I *am* sufficiently careful, >> >> >> my database doesn't exist on anyone else's server. >> >> > >> >> > and if you forget to sync it, murphy's law states that you won't have >> >> > the password you need. >> >> >> >> Of course. That happens now and then. The solution is to go back and >> >> sync it. >> > >> > no, the solution is to have it automatically sync. >> >> The solution *I use* is to go back and sync it. It works. > > except when it doesn't, which you admit happens 'now and then'. > >> >> > computers are there to do work *for* you. >> > >> > ^^this^^ >> > >> >> I'm not going to go into too much detail about *how* I synchronize my >> >> password database >> > >> > you already said how: you manually sync it. >> >> There's more to it than that. > > those details are irrelevant. the fact is that it's manual which means > it's a lot of extra work with the opportunity to screw it up. > > i suspect whatever system you're using does not properly handle merges. It does not, and I did run into a problem with that not too long ago. It took some manual work to resolve it. >> > automatically syncing means a new or changed entry is available on >> > other devices within seconds, no additional effort required. >> >> I know what "automatically syncing" means. > > then why not use it? > >> You haven't said anything >> about how to do that. (I use Ubuntu, Windows, and Android.) > > what's to know? choose a password manager that offers automatic sync. > done. I've spent *some* time looking into alternatives, but perhaps not enough. The password manager I use uses a local file. Others I've looked at store data "in the cloud", i.e., on someone else's computer. I've decided *for myself* that I don't want to store my passwords in the cloud, and that I'm willing to pay the price of more difficult local updates. >> For my situation, I've decided (so far) that automation would be more >> effort than it's worth *for me*. I'm willing to change my mind if >> presented with new information. If you have none to offer, that's fine. > > what effort? download a new password manager app that offers syncing, > then export passwords from your existing password manager and import > them to the new one. it should take a minute or two. And install it on all my devices, and learn how to use it -- plus convincing myself that it's sufficiently secure. Much more than "a minute or two". Is there a password manager that supports automatic sync among Linux, Android, and Windows *without* storing any of my information in the cloud (i.e., on someone else's computer)? (It's possible that I hadn't made it clear enough that I don't want to use cloud storage.) -- Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com Working, but not speaking, for Philips void Void(void) { Void(); } /* The recursive call of the void */