Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.sys.mac.misc > #8033 > unrolled thread

Do you use a password manager?

Back to article view | Back to comp.sys.mac.misc

Contents

  Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-12 09:53 +0000
    Re: Do you use a password manager? Wade Garrett <wade@cooler.net> - 2021-07-12 07:37 -0400
      Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 07:41 -0400
      Re: Do you use a password manager? Calum <com.gmail@nospam.scottishwildcat> - 2021-07-12 13:59 +0100
      Re: Do you use a password manager? "Andy K." <andy.k466@gmail.com> - 2021-07-12 15:14 +0200
        Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-12 21:45 +0000
      Re: Do you use a password manager? Scott Alfter <scott@alfter.diespammersdie.us> - 2021-07-12 15:17 +0000
        Re: Do you use a password manager? Lamey <lametroll@invalid.invalid> - 2021-07-12 09:36 -0600
          Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-12 21:46 +0000
          Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-19 10:43 -0400
      Re: Do you use a password manager? Rich <rich@example.invalid> - 2021-07-12 15:40 +0000
      Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 11:52 -0700
        Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-12 19:58 +0000
          Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 13:15 -0700
            Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 16:27 -0400
              Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 13:48 -0700
                Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 17:14 -0400
                  Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 14:43 -0700
                    Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 18:11 -0400
                      Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 15:52 -0700
                        Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 19:18 -0400
                          Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 16:57 -0700
                            Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 20:25 -0400
                              Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 21:41 -0700
                                Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-14 07:10 +0000
                            Re: Do you use a password manager? Rich <rich@example.invalid> - 2021-07-13 01:08 +0000
                            Re: Do you use a password manager? Scott Alfter <scott@alfter.diespammersdie.us> - 2021-07-13 14:43 +0000
                            Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-13 15:59 +0000
                              Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-13 13:55 -0700
            Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-13 15:48 +0000
              Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-14 07:04 +0000
      Re: Do you use a password manager? om@iki.fi (Otto J. Makela) - 2021-07-16 16:34 +0300
        Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-16 15:06 +0000
          Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-16 20:10 +0000
            Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-16 21:51 +0000
              Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-16 22:05 +0000
                Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-16 22:19 +0000
        Re: Do you use a password manager? Wade Garrett <wade@cooler.net> - 2021-07-16 11:19 -0400
      Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-19 10:42 -0400
        Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-19 11:08 -0700
          Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-19 14:12 -0400
          Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-19 20:07 +0000
            Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-19 14:15 -0700
          Re: Do you use a password manager? Richard Kettlewell <invalid@invalid.invalid> - 2021-07-20 09:15 +0100
            Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-20 20:13 +0000
          Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-20 16:39 -0400
            Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-20 15:52 -0700
    Re: Do you use a password manager? Jolly Roger <jollyroger@pobox.com> - 2021-07-12 15:28 +0000
      Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-12 21:51 +0000
        Re: Do you use a password manager? Jolly Roger <jollyroger@pobox.com> - 2021-07-13 17:15 +0000
    Re: Do you use a password manager? Oregonian Haruspex <no_email@invalid.invalid> - 2021-07-14 01:29 +0000
      Re: Do you use a password manager? % <pursent100@gmail.com> - 2021-07-13 18:43 -0700
        Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-14 07:00 +0000
    Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-19 10:40 -0400
      Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-22 08:52 +0000
        Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-22 09:52 -0400
          Re: Do you use a password manager? Unbreakable Disease <unbreakable@danwin1210.me> - 2021-07-27 11:27 +0000
            Re: Do you use a password manager? Your Name <YourName@YourISP.com> - 2021-07-28 08:30 +1200
              Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-27 17:30 -0400
              Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-27 22:47 +0000
                Re: Do you use a password manager? Your Name <YourName@YourISP.com> - 2021-07-28 15:40 +1200
                  Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-28 08:41 +0000
                  Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-28 12:35 +0000
              Re: Do you use a password manager? om@iki.fi (Otto J. Makela) - 2021-07-28 10:52 +0300
              Re: Do you use a password manager? Scott Alfter <scott@alfter.diespammersdie.us> - 2021-07-28 17:45 +0000
              Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-28 22:30 +0000
                Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-28 18:56 -0400
                  Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-29 07:38 +0000
    Re: Do you use a password manager? Dreamer In Colore <dreamerincolore@hotmail.com> - 2021-07-21 13:28 -0400
      Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-21 12:31 -0700
        Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-21 21:00 +0000
          Re: Do you use a password manager? Ben Bacarisse <ben.usenet@bsb.me.uk> - 2021-07-22 01:23 +0100
            Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-22 08:46 +0000
    Re: Do you use a password manager? rtr <rtr@nospam.invalid> - 2021-11-28 06:51 +0800
      Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-11-27 23:40 +0000
      Re: Do you use a password manager? Your Name <YourName@YourISP.com> - 2021-11-28 14:26 +1300
        Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-12-01 18:51 -0500
          Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-12-01 19:00 -0500
            Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-12-01 19:46 -0500
              Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-12-01 20:42 -0500
                Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-12-02 08:25 -0500
      Re: Do you use a password manager? om@iki.fi (Otto J. Makela) - 2021-11-28 14:16 +0200
        Re: Do you use a password manager? rtr <rtr@nospam.invalid> - 2021-11-28 21:06 +0800
        Re: Do you use a password manager? The Real Bev <bashley101@gmail.com> - 2021-11-29 10:31 -0800
      Re: Do you use a password manager? Anssi Saari <as@sci.fi> - 2021-11-29 13:01 +0200
        Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-11-29 15:52 +0000
    Re: Do you use a password manager? Matti Haveri <nospam@here.invalid> - 2022-02-05 14:43 +0200
      Re: Do you use a password manager? The Real Bev <bashley101@gmail.com> - 2022-02-05 09:41 -0800
        Re: Do you use a password manager? Dan Purgert <dan@djph.net> - 2022-02-05 19:03 +0000
        Re: Do you use a password manager? Matti Haveri <nospam@here.invalid> - 2022-02-06 11:39 +0200
    Re: Do you use a password manager? gtr <xxx@yyy.zzz> - 2022-02-06 19:27 +0000
      Re: Do you use a password manager? Siri Cruise <chine.bleu@yahoo.com> - 2022-02-06 18:21 -0800
        Re: Do you use a password manager? The Real Bev <bashley101@gmail.com> - 2022-02-07 14:57 -0800
          Re: Do you use a password manager? Siri Cruise <chine.bleu@yahoo.com> - 2022-02-07 19:21 -0800
      Re: Do you use a password manager? El Kabong <twang@the.noodle> - 2022-02-06 22:16 -0800
    Re: Do you use a password manager? gtr <xxx@yyy.zzz> - 2022-02-12 21:35 +0000

Page 2 of 5 — ← Prev page 1 [2] 3 4 5  Next page →

#8054

In article <87mtqr402j.fsf@nosuchdomain.example.com>, Keith Thompson
<Keith.S.Thompson+u@gmail.com> wrote:

> >> >> >> >> Keeping the database synchronized across devices is left as an
> >> >> >> >> exercise.
> >> >> >> >
> >> >> >> > And that means you end up with not having the password you need
> >> >> >> > unless
> >> >> >> > you limit your use of the Internet to a single machine.
> >> >> >> 
> >> >> >> Not if I replicate the encrypted database across the machines I use.
> >> >> >> I understand that that could open a potential security hole if
> >> >> >> I'm not sufficiently careful.  But if I *am* sufficiently careful,
> >> >> >> my database doesn't exist on anyone else's server.
> >> >> >
> >> >> > and if you forget to sync it, murphy's law states that you won't have
> >> >> > the password you need.
> >> >> 
> >> >> Of course.  That happens now and then.  The solution is to go back and
> >> >> sync it.
> >> >
> >> > no, the solution is to have it automatically sync.
> >> 
> >> The solution *I use* is to go back and sync it.  It works.
> >
> > except when it doesn't, which you admit happens 'now and then'.
> >
> >> >> > computers are there to do work *for* you.
> >> >
> >> > ^^this^^
> >> >
> >> >> I'm not going to go into too much detail about *how* I synchronize my
> >> >> password database
> >> >
> >> > you already said how: you manually sync it. 
> >> 
> >> There's more to it than that.
> >
> > those details are irrelevant. the fact is that it's manual which means
> > it's a lot of extra work with the opportunity to screw it up.
> >
> > i suspect whatever system you're using does not properly handle merges.
> 
> It does not, and I did run into a problem with that not too long ago.
> It took some manual work to resolve it.
> 
> >> > automatically syncing means a new or changed entry is available on
> >> > other devices within seconds, no additional effort required.
> >> 
> >> I know what "automatically syncing" means. 
> >
> > then why not use it?
> >
> >> You haven't said anything
> >> about how to do that.  (I use Ubuntu, Windows, and Android.)
> >
> > what's to know? choose a password manager that offers automatic sync.
> > done.
> 
> I've spent *some* time looking into alternatives, but perhaps not
> enough.  The password manager I use uses a local file.  Others I've
> looked at store data "in the cloud", i.e., on someone else's computer.
> I've decided *for myself* that I don't want to store my passwords in the
> cloud, and that I'm willing to pay the price of more difficult local
> updates.

some store it in the cloud, some store it on a local server. some do
either. 

another option is set up a personal cloud hosted on your own hardware,
over which you have full control, which has many other benefits than
just password syncing.

in every case, it's encrypted, so even if someone did gain access to
the database, they won't get the actual passwords, at least not without
a shitload of effort trying to crack it (assuming you used a good
master passphrase).

keep in mind that any of your hardware is lost or stolen, someone will
have easy access to that database, no hacking of cloud servers
required.

nothing is 100% safe.

> >> For my situation, I've decided (so far) that automation would be more
> >> effort than it's worth *for me*.  I'm willing to change my mind if
> >> presented with new information.  If you have none to offer, that's fine.
> >
> > what effort? download a new password manager app that offers syncing,
> > then export passwords from your existing password manager and import
> > them to the new one. it should take a minute or two.
> 
> And install it on all my devices, and learn how to use it -- plus
> convincing myself that it's sufficiently secure.  Much more than
> "a minute or two".

true, but that's the easy part. download a bunch, try them out, put in
some random passwords and see which ones fit your workflow. 

> Is there a password manager that supports automatic sync among Linux,
> Android, and Windows *without* storing any of my information in the
> cloud (i.e., on someone else's computer)?  (It's possible that I hadn't
> made it clear enough that I don't want to use cloud storage.)

there are several, each with different mixes of features, some with
better integration than others, and only you can decide which one fits
your needs.

[toc] | [prev] | [next] | [standalone]

#8055

nospam <nospam@nospam.invalid> writes:
> In article <87mtqr402j.fsf@nosuchdomain.example.com>, Keith Thompson
> <Keith.S.Thompson+u@gmail.com> wrote:
[...]
>> Is there a password manager that supports automatic sync among Linux,
>> Android, and Windows *without* storing any of my information in the
>> cloud (i.e., on someone else's computer)?  (It's possible that I hadn't
>> made it clear enough that I don't want to use cloud storage.)
>
> there are several, each with different mixes of features, some with
> better integration than others, and only you can decide which one fits
> your needs.

Are you unwilling to give examples?  Is there one that you use (or do
you use a cloud solution)?

I tried KeePass a while ago, and it doesn't do what I want.  (One
feature of the Android version of PasswordSave that I like is that it
implements a virtual keyboard, so passwords don't have to go through the
system clipboard.)  Someone here mentioned KeePassXC, which I might try,
but I don't see an Android version.

I just found a reference to something called Syncthing, which I'll also
look into; it's a continuous file synchronization program, not
specifically related to passwords.

-- 
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
Working, but not speaking, for Philips
void Void(void) { Void(); } /* The recursive call of the void */

[toc] | [prev] | [next] | [standalone]

#8056

In article <87im1f3x1d.fsf@nosuchdomain.example.com>, Keith Thompson
<Keith.S.Thompson+u@gmail.com> wrote:

> >> Is there a password manager that supports automatic sync among Linux,
> >> Android, and Windows *without* storing any of my information in the
> >> cloud (i.e., on someone else's computer)?  (It's possible that I hadn't
> >> made it clear enough that I don't want to use cloud storage.)
> >
> > there are several, each with different mixes of features, some with
> > better integration than others, and only you can decide which one fits
> > your needs.
> 
> Are you unwilling to give examples?  Is there one that you use (or do
> you use a cloud solution)?

i use 1password and keep everything on my devices, however, it does
sync via the cloud. there is (was) a way to sync locally but that had
some limitations and i'm not sure if that's even still an option. 

they also offer a cloud version (their servers) but that's not required.

it does look like they now have linux support but i don't know how good
that is. that's relatively recent.

> I tried KeePass a while ago, and it doesn't do what I want.  (One
> feature of the Android version of PasswordSave that I like is that it
> implements a virtual keyboard, so passwords don't have to go through the
> system clipboard.)  Someone here mentioned KeePassXC, which I might try,
> but I don't see an Android version.

1password has a background process which directly communicates with
browser extension, skipping the clipboard entirely.

some use the system clipboard which is then auto-erased moments later.

> I just found a reference to something called Syncthing, which I'll also
> look into; it's a continuous file synchronization program, not
> specifically related to passwords.

syncthing is good. also check out nextcloud, which can be installed on
a variety of hardware as well as in a docker container or even a
raspberry pi (although that's not exactly fast).

[toc] | [prev] | [next] | [standalone]

#8058

nospam <nospam@nospam.invalid> writes:
> In article <87im1f3x1d.fsf@nosuchdomain.example.com>, Keith Thompson
> <Keith.S.Thompson+u@gmail.com> wrote:
>> >> Is there a password manager that supports automatic sync among Linux,
>> >> Android, and Windows *without* storing any of my information in the
>> >> cloud (i.e., on someone else's computer)?  (It's possible that I hadn't
>> >> made it clear enough that I don't want to use cloud storage.)
>> >
>> > there are several, each with different mixes of features, some with
>> > better integration than others, and only you can decide which one fits
>> > your needs.
>> 
>> Are you unwilling to give examples?  Is there one that you use (or do
>> you use a cloud solution)?
>
> i use 1password and keep everything on my devices, however, it does
> sync via the cloud. there is (was) a way to sync locally but that had
> some limitations and i'm not sure if that's even still an option. 
>
> they also offer a cloud version (their servers) but that's not required.
>
> it does look like they now have linux support but i don't know how good
> that is. that's relatively recent.
>
>> I tried KeePass a while ago, and it doesn't do what I want.  (One
>> feature of the Android version of PasswordSave that I like is that it
>> implements a virtual keyboard, so passwords don't have to go through the
>> system clipboard.)  Someone here mentioned KeePassXC, which I might try,
>> but I don't see an Android version.
>
> 1password has a background process which directly communicates with
> browser extension, skipping the clipboard entirely.

When I tried KeePass on Android, I didn't find a way to copy a password
or other text from KeePass to another arbitrary application.  Possibly I
didn't spend enough time exploring it.  Something that *only* uses a
browser extension would not be useful to me.

> some use the system clipboard which is then auto-erased moments later.
>
>> I just found a reference to something called Syncthing, which I'll also
>> look into; it's a continuous file synchronization program, not
>> specifically related to passwords.
>
> syncthing is good. also check out nextcloud, which can be installed on
> a variety of hardware as well as in a docker container or even a
> raspberry pi (although that's not exactly fast).

Yes, I have a NextCloud instance, but I'm not sure I want to store (even
encrypted) passwords on it.

-- 
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
Working, but not speaking, for Philips
void Void(void) { Void(); } /* The recursive call of the void */

[toc] | [prev] | [next] | [standalone]

#8069

On 13.07.2021 04:41, Keith Thompson wrote:
> nospam <nospam@nospam.invalid> writes:
>> In article <87im1f3x1d.fsf@nosuchdomain.example.com>, Keith Thompson
>> <Keith.S.Thompson+u@gmail.com> wrote:
>>>>> Is there a password manager that supports automatic sync among Linux,
>>>>> Android, and Windows *without* storing any of my information in the
>>>>> cloud (i.e., on someone else's computer)?  (It's possible that I hadn't
>>>>> made it clear enough that I don't want to use cloud storage.)
>>>>
>>>> there are several, each with different mixes of features, some with
>>>> better integration than others, and only you can decide which one fits
>>>> your needs.
>>>
>>> Are you unwilling to give examples?  Is there one that you use (or do
>>> you use a cloud solution)?
>>
>> i use 1password and keep everything on my devices, however, it does
>> sync via the cloud. there is (was) a way to sync locally but that had
>> some limitations and i'm not sure if that's even still an option.
>>
>> they also offer a cloud version (their servers) but that's not required.
>>
>> it does look like they now have linux support but i don't know how good
>> that is. that's relatively recent.
>>
>>> I tried KeePass a while ago, and it doesn't do what I want.  (One
>>> feature of the Android version of PasswordSave that I like is that it
>>> implements a virtual keyboard, so passwords don't have to go through the
>>> system clipboard.)  Someone here mentioned KeePassXC, which I might try,
>>> but I don't see an Android version.
>>
>> 1password has a background process which directly communicates with
>> browser extension, skipping the clipboard entirely.
> 
> When I tried KeePass on Android, I didn't find a way to copy a password
> or other text from KeePass to another arbitrary application.  Possibly I
> didn't spend enough time exploring it.  Something that *only* uses a
> browser extension would not be useful to me.
> 
>> some use the system clipboard which is then auto-erased moments later.
>>
>>> I just found a reference to something called Syncthing, which I'll also
>>> look into; it's a continuous file synchronization program, not
>>> specifically related to passwords.
>>
>> syncthing is good. also check out nextcloud, which can be installed on
>> a variety of hardware as well as in a docker container or even a
>> raspberry pi (although that's not exactly fast).
> 
> Yes, I have a NextCloud instance, but I'm not sure I want to store (even
> encrypted) passwords on it.
> 
You can use Syncthing if you are paranoid. That would probably be the 
best compromise between usability and security.

If you are even more paranoid, you can keep manually syncing, but keep 
in mind that once you get malware or somebody takes a physical control 
over your device, you are pwned anyway no matter how much security 
measures you take.

-- 
Tip me: bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

bitcoin:bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

[toc] | [prev] | [next] | [standalone]

#8057

In comp.misc Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
> nospam <nospam@nospam.invalid> writes:
>> In article <87mtqr402j.fsf@nosuchdomain.example.com>, Keith Thompson
>> <Keith.S.Thompson+u@gmail.com> wrote:
> [...]
>>> Is there a password manager that supports automatic sync among Linux,
>>> Android, and Windows *without* storing any of my information in the
>>> cloud (i.e., on someone else's computer)?  (It's possible that I hadn't
>>> made it clear enough that I don't want to use cloud storage.)
>>
>> there are several, each with different mixes of features, some with
>> better integration than others, and only you can decide which one fits
>> your needs.
> 
> Are you unwilling to give examples?  Is there one that you use (or do
> you use a cloud solution)?
> 
> I tried KeePass a while ago, and it doesn't do what I want.  (One
> feature of the Android version of PasswordSave that I like is that it
> implements a virtual keyboard, so passwords don't have to go through the
> system clipboard.)  Someone here mentioned KeePassXC, which I might try,
> but I don't see an Android version.
> 
> I just found a reference to something called Syncthing, which I'll also
> look into; it's a continuous file synchronization program, not
> specifically related to passwords.

You mentioned password-gorilla in an earlier message.  It contains a 
"merge" feature that somewhat reduces the burden in manually 
maintaining sync across devices.

[toc] | [prev] | [next] | [standalone]

#8059

In article <87im1f3x1d.fsf@nosuchdomain.example.com>,
Keith Thompson  <Keith.S.Thompson+u@gmail.com> wrote:
>I tried KeePass a while ago, and it doesn't do what I want.  (One
>feature of the Android version of PasswordSave that I like is that it
>implements a virtual keyboard, so passwords don't have to go through the
>system clipboard.)  

Keepass2Android does that.  It interoperates just fine with KeePass, which I
run on Windows and Linux (it's a .NET binary, so it runs fine on both).

  _/_
 / v \ Scott Alfter (remove the obvious to send mail)
(IIGS( https://alfter.us/           Top-posting!
 \_^_/                              >What's the most annoying thing on Usenet?

[toc] | [prev] | [next] | [standalone]

#8061

In message <87im1f3x1d.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
> nospam <nospam@nospam.invalid> writes:
>> In article <87mtqr402j.fsf@nosuchdomain.example.com>, Keith Thompson
>> <Keith.S.Thompson+u@gmail.com> wrote:
> [...]
>>> Is there a password manager that supports automatic sync among Linux,
>>> Android, and Windows *without* storing any of my information in the
>>> cloud (i.e., on someone else's computer)?  (It's possible that I hadn't
>>> made it clear enough that I don't want to use cloud storage.)
>>
>> there are several, each with different mixes of features, some with
>> better integration than others, and only you can decide which one fits
>> your needs.

> Are you unwilling to give examples?  Is there one that you use (or do
> you use a cloud solution)?

Examples have been given. You see to think that using a system that you
yourself admit is inferior and prone to failure is somehow a virtue, so
you are unlikely to care about other solutions and that holds up since
you have ignored the other solutions offered.

> I tried KeePass a while ago, and it doesn't do what I want.

Has anyone mentioned KeePass? I know I haven;ts since I have never used
it, and I don't recall anyone else mentioning it in this thread. I do
not recall that Keepass does syncing, you hae to sync the database
yourself.

> but I don't see an Android version.

If you are trusting Android to store your password files you should have
no issue with FAR more secure and tested cloud storage.

> I just found a reference to something called Syncthing, which I'll also
> look into; it's a continuous file synchronization program, not
> specifically related to passwords.

If it cannot manage merges, it is useless for password management.

-- 
Hello Diane, I'm Bucky Goldstein

[toc] | [prev] | [next] | [standalone]

#8063

Lewis <g.kreme@kreme.dont-email.me> writes:
> In message <87im1f3x1d.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
>> nospam <nospam@nospam.invalid> writes:
>>> In article <87mtqr402j.fsf@nosuchdomain.example.com>, Keith Thompson
>>> <Keith.S.Thompson+u@gmail.com> wrote:
>> [...]
>>>> Is there a password manager that supports automatic sync among Linux,
>>>> Android, and Windows *without* storing any of my information in the
>>>> cloud (i.e., on someone else's computer)?  (It's possible that I hadn't
>>>> made it clear enough that I don't want to use cloud storage.)
>>>
>>> there are several, each with different mixes of features, some with
>>> better integration than others, and only you can decide which one fits
>>> your needs.
>
>> Are you unwilling to give examples?  Is there one that you use (or do
>> you use a cloud solution)?
>
> Examples have been given. You see to think that using a system that you
> yourself admit is inferior and prone to failure is somehow a virtue, so
> you are unlikely to care about other solutions and that holds up since
> you have ignored the other solutions offered.

I don't believe anything I've written here could reasonably be read to
imply that I think the system I use is "somehow a virtue".  It works for
me.  I'm more than willing to consider better ideas.

I've had occasional problems with the setup I use.  Those problems have
not included a loss of information and are not likely to.

>> I tried KeePass a while ago, and it doesn't do what I want.
>
> Has anyone mentioned KeePass? I know I haven;ts since I have never used
> it, and I don't recall anyone else mentioning it in this thread. I do
> not recall that Keepass does syncing, you hae to sync the database
> yourself.

Yes, I mentioned KeePass.  Am I not allowed to mention something that
wasn't mentioned before?

>> but I don't see an Android version.
>
> If you are trusting Android to store your password files you should have
> no issue with FAR more secure and tested cloud storage.

Opinion noted.

"Cloud storage" is not a single thing that is "secure and tested".  It's
likely that some of the cloud storage solutions are sufficiently secure,
but I haven't been using cloud storage and am hesitant to start, since,
as I've said several times, my current system works for me.

>> I just found a reference to something called Syncthing, which I'll also
>> look into; it's a continuous file synchronization program, not
>> specifically related to passwords.
>
> If it cannot manage merges, it is useless for password management.

I have not found that to be the case.

Perhaps you could offer advice rather than just shooting down ideas you
don't like.

-- 
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
Working, but not speaking, for Philips
void Void(void) { Void(); } /* The recursive call of the void */

[toc] | [prev] | [next] | [standalone]

#8060

In message <87zgur47bv.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
> Lewis <g.kreme@kreme.dont-email.me> writes:
>> In message <874kcz5pqn.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
> [...]
>>> I use PasswordSafe https://pwsafe.org/ .
>>
>>> It's a Windows application with clones available for Android, iOS, and Mac.
>>
>>> There's a Linux version, available as "passwordsafe" in the Ubuntu repos
>>> (and presumably others), but I haven't gotten it to work.
>>
>>> password-gorilla is a Linux application that uses the same file format
>>> and should be available in the package repos for most distributions.
>>
>>> Keeping the database synchronized across devices is left as an exercise.
>>
>> And that means you end up with not having the password you need unless
>> you limit your use of the Internet to a single machine.

> Not if I replicate the encrypted database across the machines I use.

Yes, because you are perfect and will ALWAYS sync on EVERY change.

Not going to happen. You will forget and you will will be caught out
without some recent change or update because you are NOT perfect. Sorry,
but those are just facts.

> I understand that that could open a potential security hole if
> I'm not sufficiently careful.  But if I *am* sufficiently careful,
> my database doesn't exist on anyone else's server.

Whopdie doo. That doesn’t make it more secure, you know, just more
obscure, more fragile, more prone to failure, and more likely that you
do not have the information you need when you need it.


-- 
'Now what?' it said. IT'S UP TO YOU. IT'S ALWAYS UP TO YOU.
	--Maskerade

[toc] | [prev] | [next] | [standalone]

#8067

On 13.07.2021 15:48, Lewis wrote:
> In message <87zgur47bv.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
>> Lewis <g.kreme@kreme.dont-email.me> writes:
>>> In message <874kcz5pqn.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
>> [...]
>>>> I use PasswordSafe https://pwsafe.org/ .
>>>
>>>> It's a Windows application with clones available for Android, iOS, and Mac.
>>>
>>>> There's a Linux version, available as "passwordsafe" in the Ubuntu repos
>>>> (and presumably others), but I haven't gotten it to work.
>>>
>>>> password-gorilla is a Linux application that uses the same file format
>>>> and should be available in the package repos for most distributions.
>>>
>>>> Keeping the database synchronized across devices is left as an exercise.
>>>
>>> And that means you end up with not having the password you need unless
>>> you limit your use of the Internet to a single machine.
> 
>> Not if I replicate the encrypted database across the machines I use.
> 
> Yes, because you are perfect and will ALWAYS sync on EVERY change.
> 
> Not going to happen. You will forget and you will will be caught out
> without some recent change or update because you are NOT perfect. Sorry,
> but those are just facts.
> 
>> I understand that that could open a potential security hole if
>> I'm not sufficiently careful.  But if I *am* sufficiently careful,
>> my database doesn't exist on anyone else's server.
> 
> Whopdie doo. That doesn’t make it more secure, you know, just more
> obscure, more fragile, more prone to failure, and more likely that you
> do not have the information you need when you need it.
> 
> 
Well, the biggest security hole is most of the time an user itself. 
You'd be better off syncing your password manager file through the cloud.

-- 
Tip me: bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

bitcoin:bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

[toc] | [prev] | [next] | [standalone]

#8083

Wade Garrett <wade@cooler.net> wrote:

> I'd like to use a password manager but I'm not comfortable with that
> data being on some server somewhere- allegedly encrypted or not.
>
> If there's one that keeps the data just on the local machine, I'd be
> interested.

I believe the classic "pass" (based on pgp) is available on various Unix
implementations, including MacOS.

https://www.passwordstore.org/
-- 
   /* * * Otto J. Makela <om@iki.fi> * * * * * * * * * */
  /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */
 /* Mail: Mechelininkatu 26 B 27,  FI-00100 Helsinki */
/* * * Computers Rule 01001111 01001011 * * * * * * */

[toc] | [prev] | [next] | [standalone]

#8084

On Fri, 16 Jul 2021 16:34:09 +0300, Otto J. Makela wrote:

> Wade Garrett <wade@cooler.net> wrote:
> 
>> I'd like to use a password manager but I'm not comfortable with that
>> data being on some server somewhere- allegedly encrypted or not.
>>
>> If there's one that keeps the data just on the local machine, I'd be
>> interested.
> 
> I believe the classic "pass" (based on pgp) is available on various Unix
> implementations, including MacOS.
> 
> https://www.passwordstore.org/

Indeed. I use it all the time. And it would be easy to do automatic 
replication to anything that supported a shell.

-- 
Using UNIX since v6 (1975)...

Use the BIG mirror service in the UK:
 http://www.mirrorservice.org

[toc] | [prev] | [next] | [standalone]

#8086

In message <ildlj9Fna39U1@mid.individual.net> Bob Eager <news0009@eager.cx> wrote:
> On Fri, 16 Jul 2021 16:34:09 +0300, Otto J. Makela wrote:

>> Wade Garrett <wade@cooler.net> wrote:
>> 
>>> I'd like to use a password manager but I'm not comfortable with that
>>> data being on some server somewhere- allegedly encrypted or not.
>>>
>>> If there's one that keeps the data just on the local machine, I'd be
>>> interested.
>> 
>> I believe the classic "pass" (based on pgp) is available on various Unix
>> implementations, including MacOS.
>> 
>> https://www.passwordstore.org/

> Indeed. I use it all the time. And it would be easy to do automatic 
> replication to anything that supported a shell.

I find this works well if I don't happen to have 1Password available
(like on a remote machine, for example)

uuidgen| sha256sum| cut -c -24

(or any number from 16 on up to 64, though i do not need a 64 hex digit
password, ever.)

But I add those passwords to my password manager immediately, of course.

-- 
Hey kids, shake it loose together the spotlight's hitting something
	That's been known to change the weather we'll kill the fatted
	calf tonight So stick around you're gonna hear electric music:
	Solid walls of sound

[toc] | [prev] | [next] | [standalone]

#8087

On Fri, 16 Jul 2021 20:10:38 +0000, Lewis wrote:

> In message <ildlj9Fna39U1@mid.individual.net> Bob Eager
> <news0009@eager.cx> wrote:
>> On Fri, 16 Jul 2021 16:34:09 +0300, Otto J. Makela wrote:
> 
>>> Wade Garrett <wade@cooler.net> wrote:
>>> 
>>>> I'd like to use a password manager but I'm not comfortable with that
>>>> data being on some server somewhere- allegedly encrypted or not.
>>>>
>>>> If there's one that keeps the data just on the local machine, I'd be
>>>> interested.
>>> 
>>> I believe the classic "pass" (based on pgp) is available on various
>>> Unix implementations, including MacOS.
>>> 
>>> https://www.passwordstore.org/
> 
>> Indeed. I use it all the time. And it would be easy to do automatic
>> replication to anything that supported a shell.
> 
> I find this works well if I don't happen to have 1Password available
> (like on a remote machine, for example)
> 
> uuidgen| sha256sum| cut -c -24
> 
> (or any number from 16 on up to 64, though i do not need a 64 hex digit
> password, ever.)
> 
> But I add those passwords to my password manager immediately, of course.

Mine, in that situation, is:

 dd if=/dev/random count=1 bs=16 2>/dev/null | b64encode - | \
        sed -e 's/=*$//' -e '/^begin/d' -e '/^$/d'



-- 
Using UNIX since v6 (1975)...

Use the BIG mirror service in the UK:
 http://www.mirrorservice.org

[toc] | [prev] | [next] | [standalone]

#8088

In message <iledbpFna39U4@mid.individual.net> Bob Eager <news0009@eager.cx> wrote:
> On Fri, 16 Jul 2021 20:10:38 +0000, Lewis wrote:

>> In message <ildlj9Fna39U1@mid.individual.net> Bob Eager
>> <news0009@eager.cx> wrote:
>>> On Fri, 16 Jul 2021 16:34:09 +0300, Otto J. Makela wrote:
>> 
>>>> Wade Garrett <wade@cooler.net> wrote:
>>>> 
>>>>> I'd like to use a password manager but I'm not comfortable with that
>>>>> data being on some server somewhere- allegedly encrypted or not.
>>>>>
>>>>> If there's one that keeps the data just on the local machine, I'd be
>>>>> interested.
>>>> 
>>>> I believe the classic "pass" (based on pgp) is available on various
>>>> Unix implementations, including MacOS.
>>>> 
>>>> https://www.passwordstore.org/
>> 
>>> Indeed. I use it all the time. And it would be easy to do automatic
>>> replication to anything that supported a shell.
>> 
>> I find this works well if I don't happen to have 1Password available
>> (like on a remote machine, for example)
>> 
>> uuidgen| sha256sum| cut -c -24
>> 
>> (or any number from 16 on up to 64, though i do not need a 64 hex digit
>> password, ever.)
>> 
>> But I add those passwords to my password manager immediately, of course.

> Mine, in that situation, is:

>  dd if=/dev/random count=1 bs=16 2>/dev/null | b64encode - | \
>         sed -e 's/=*$//' -e '/^begin/d' -e '/^$/d'

There's no "b64encode" on my macOS.


-- 
'They say that whoever pays the piper calls the tune.' 'But,
	gentlemen,' said Mr Saveloy, 'whoever holds a knife to the
	piper's throat writes the symphony.' --Interesting Times

[toc] | [prev] | [next] | [standalone]

#8089

On Fri, 16 Jul 2021 22:05:44 +0000, Lewis wrote:

> In message <iledbpFna39U4@mid.individual.net> Bob Eager
> <news0009@eager.cx> wrote:
>> On Fri, 16 Jul 2021 20:10:38 +0000, Lewis wrote:
> 
>>> In message <ildlj9Fna39U1@mid.individual.net> Bob Eager
>>> <news0009@eager.cx> wrote:
>>>> On Fri, 16 Jul 2021 16:34:09 +0300, Otto J. Makela wrote:
>>> 
>>>>> Wade Garrett <wade@cooler.net> wrote:
>>>>> 
>>>>>> I'd like to use a password manager but I'm not comfortable with
>>>>>> that data being on some server somewhere- allegedly encrypted or
>>>>>> not.
>>>>>>
>>>>>> If there's one that keeps the data just on the local machine, I'd
>>>>>> be interested.
>>>>> 
>>>>> I believe the classic "pass" (based on pgp) is available on various
>>>>> Unix implementations, including MacOS.
>>>>> 
>>>>> https://www.passwordstore.org/
>>> 
>>>> Indeed. I use it all the time. And it would be easy to do automatic
>>>> replication to anything that supported a shell.
>>> 
>>> I find this works well if I don't happen to have 1Password available
>>> (like on a remote machine, for example)
>>> 
>>> uuidgen| sha256sum| cut -c -24
>>> 
>>> (or any number from 16 on up to 64, though i do not need a 64 hex
>>> digit password, ever.)
>>> 
>>> But I add those passwords to my password manager immediately, of
>>> course.
> 
>> Mine, in that situation, is:
> 
>>  dd if=/dev/random count=1 bs=16 2>/dev/null | b64encode - | \
>>         sed -e 's/=*$//' -e '/^begin/d' -e '/^$/d'
> 
> There's no "b64encode" on my macOS.

Sorry - it's a FreeBSD command, equivalent to uuencode -m (which you may 
or may not have). I like the general idea of using /dev/random, though.



-- 
Using UNIX since v6 (1975)...

Use the BIG mirror service in the UK:
 http://www.mirrorservice.org

[toc] | [prev] | [next] | [standalone]

#8085

On 7/16/21 9:34 AM, Otto J. Makela wrote:
> Wade Garrett <wade@cooler.net> wrote:
> 
>> I'd like to use a password manager but I'm not comfortable with that
>> data being on some server somewhere- allegedly encrypted or not.
>>
>> If there's one that keeps the data just on the local machine, I'd be
>> interested.
> 
> I believe the classic "pass" (based on pgp) is available on various Unix
> implementations, including MacOS.
> 
> https://www.passwordstore.org/
> 
Thanks- but use/setup looks a bit above my pay grade :-)

[toc] | [prev] | [next] | [standalone]

#8095

On 2021-07-12 07:37, Wade Garrett wrote:
> On 7/12/21 5:53 AM, Unbreakable Disease wrote:
>> My 50-year old brain isn't capable of memorizing that many passwords 
>> anymore, so I use KeePassXC. I keep basically everything here 
>> including my financial passwords and credit card data, with the 
>> exception of passwords that I would have to remember anyway (full-disk 
>> encryption, login, primary e-mail passwords, etc.)
>>
>> Overall, it's much easier to remember and much harder to forget 10 
>> complicated passwords that you use everyday than 100+ simple passwords 
>> you use every month or even less.
>>
>> I can't speak about Windows version of KeePass, because with the 
>> exception of playing games not available on Macintosh, I haven't used 
>> one since Windows 95 days.
> 
> I'd like to use a password manager but I'm not comfortable with that 
> data being on some server somewhere- allegedly encrypted or not.

256 bit AES encryption not good enough for you?

> 
> If there's one that keeps the data just on the local machine, I'd be 
> interested.

1Password has that option as well as using a local server.

> 
> I keep a spreadsheet with my PWs on my FileVault-encrypted iMac hard 
> drive and copy/paste to logins that need to stay secure- financial, 
> vendors, healthcare, etc.

Not very secure.  Of course it's your house and that has some security.

But far better to use a manager - even if only on your machine.

> 
> I always log out before leaving the house.

My computer does that for me ... well, might be a few minutes after I 
leave...



-- 
"...there are many humorous things in this world; among them the white
  man's notion that he is less savage than the other savages."
                                             -Samuel Clemens

[toc] | [prev] | [next] | [standalone]

#8097

Alan Browne <bitbucket@blackhole.com> writes:
> On 2021-07-12 07:37, Wade Garrett wrote:
[...]
>> I'd like to use a password manager but I'm not comfortable with that 
>> data being on some server somewhere- allegedly encrypted or not.
>
> 256 bit AES encryption not good enough for you?

The weak link is not the encryption algorithm, but the key used to
decrypt the data.

[...]

-- 
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
Working, but not speaking, for Philips
void Void(void) { Void(); } /* The recursive call of the void */

[toc] | [prev] | [next] | [standalone]

Page 2 of 5 — ← Prev page 1 [2] 3 4 5  Next page →

Back to top | Article view | comp.sys.mac.misc

csiph-web