Path: csiph.com!newsfeed.xs4all.nl!newsfeed7.news.xs4all.nl!3.eu.feeder.erje.net!feeder.erje.net!weretis.net!feeder8.news.weretis.net!eternal-september.org!reader02.eternal-september.org!kreme.dont-email.me!.POSTED!not-for-mail From: Lewis Newsgroups: comp.sys.mac.system,comp.sys.mac.misc,comp.unix.misc,comp.misc Subject: Re: Do you use a password manager? Date: Tue, 13 Jul 2021 15:48:12 -0000 (UTC) Organization: Miskatonic U Lines: 39 Message-ID: References: <874kcz5pqn.fsf@nosuchdomain.example.com> <87zgur47bv.fsf@nosuchdomain.example.com> Reply-To: g.kreme@gmail.don-t-email-me.com Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Injection-Date: Tue, 13 Jul 2021 15:48:12 -0000 (UTC) Injection-Info: kreme.dont-email.me; posting-host="e9e0f8f3799a8b7c79c5caa280c2c3af"; logging-data="6423"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18R85z5+j6xfAfN1OmE+4DQ" User-Agent: slrn/1.0.3 (Darwin) Cancel-Lock: sha1:/llYN3sXb4nj4ZWW7pD7ud2XzYo= X-Face: )^b5"R:T7U>9~:PEn3YkzMfW*[b1qKeU.fP9C8~8HpU9}lA&6`bH1z Mail-Copies-To: nobody X-Clacks-Overhead: GNU Terry Pratchett Xref: csiph.com comp.sys.mac.system:137250 comp.sys.mac.misc:8060 comp.unix.misc:295 comp.misc:21077 In message <87zgur47bv.fsf@nosuchdomain.example.com> Keith Thompson wrote: > Lewis writes: >> In message <874kcz5pqn.fsf@nosuchdomain.example.com> Keith Thompson wrote: > [...] >>> I use PasswordSafe https://pwsafe.org/ . >> >>> It's a Windows application with clones available for Android, iOS, and Mac. >> >>> There's a Linux version, available as "passwordsafe" in the Ubuntu repos >>> (and presumably others), but I haven't gotten it to work. >> >>> password-gorilla is a Linux application that uses the same file format >>> and should be available in the package repos for most distributions. >> >>> Keeping the database synchronized across devices is left as an exercise. >> >> And that means you end up with not having the password you need unless >> you limit your use of the Internet to a single machine. > Not if I replicate the encrypted database across the machines I use. Yes, because you are perfect and will ALWAYS sync on EVERY change. Not going to happen. You will forget and you will will be caught out without some recent change or update because you are NOT perfect. Sorry, but those are just facts. > I understand that that could open a potential security hole if > I'm not sufficiently careful. But if I *am* sufficiently careful, > my database doesn't exist on anyone else's server. Whopdie doo. That doesn’t make it more secure, you know, just more obscure, more fragile, more prone to failure, and more likely that you do not have the information you need when you need it. -- 'Now what?' it said. IT'S UP TO YOU. IT'S ALWAYS UP TO YOU. --Maskerade