Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.sys.mac.misc > #8033 > unrolled thread

Do you use a password manager?

Back to article view | Back to comp.sys.mac.misc

Contents

  Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-12 09:53 +0000
    Re: Do you use a password manager? Wade Garrett <wade@cooler.net> - 2021-07-12 07:37 -0400
      Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 07:41 -0400
      Re: Do you use a password manager? Calum <com.gmail@nospam.scottishwildcat> - 2021-07-12 13:59 +0100
      Re: Do you use a password manager? "Andy K." <andy.k466@gmail.com> - 2021-07-12 15:14 +0200
        Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-12 21:45 +0000
      Re: Do you use a password manager? Scott Alfter <scott@alfter.diespammersdie.us> - 2021-07-12 15:17 +0000
        Re: Do you use a password manager? Lamey <lametroll@invalid.invalid> - 2021-07-12 09:36 -0600
          Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-12 21:46 +0000
          Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-19 10:43 -0400
      Re: Do you use a password manager? Rich <rich@example.invalid> - 2021-07-12 15:40 +0000
      Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 11:52 -0700
        Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-12 19:58 +0000
          Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 13:15 -0700
            Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 16:27 -0400
              Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 13:48 -0700
                Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 17:14 -0400
                  Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 14:43 -0700
                    Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 18:11 -0400
                      Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 15:52 -0700
                        Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 19:18 -0400
                          Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 16:57 -0700
                            Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 20:25 -0400
                              Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 21:41 -0700
                                Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-14 07:10 +0000
                            Re: Do you use a password manager? Rich <rich@example.invalid> - 2021-07-13 01:08 +0000
                            Re: Do you use a password manager? Scott Alfter <scott@alfter.diespammersdie.us> - 2021-07-13 14:43 +0000
                            Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-13 15:59 +0000
                              Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-13 13:55 -0700
            Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-13 15:48 +0000
              Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-14 07:04 +0000
      Re: Do you use a password manager? om@iki.fi (Otto J. Makela) - 2021-07-16 16:34 +0300
        Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-16 15:06 +0000
          Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-16 20:10 +0000
            Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-16 21:51 +0000
              Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-16 22:05 +0000
                Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-16 22:19 +0000
        Re: Do you use a password manager? Wade Garrett <wade@cooler.net> - 2021-07-16 11:19 -0400
      Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-19 10:42 -0400
        Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-19 11:08 -0700
          Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-19 14:12 -0400
          Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-19 20:07 +0000
            Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-19 14:15 -0700
          Re: Do you use a password manager? Richard Kettlewell <invalid@invalid.invalid> - 2021-07-20 09:15 +0100
            Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-20 20:13 +0000
          Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-20 16:39 -0400
            Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-20 15:52 -0700
    Re: Do you use a password manager? Jolly Roger <jollyroger@pobox.com> - 2021-07-12 15:28 +0000
      Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-12 21:51 +0000
        Re: Do you use a password manager? Jolly Roger <jollyroger@pobox.com> - 2021-07-13 17:15 +0000
    Re: Do you use a password manager? Oregonian Haruspex <no_email@invalid.invalid> - 2021-07-14 01:29 +0000
      Re: Do you use a password manager? % <pursent100@gmail.com> - 2021-07-13 18:43 -0700
        Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-14 07:00 +0000
    Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-19 10:40 -0400
      Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-22 08:52 +0000
        Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-22 09:52 -0400
          Re: Do you use a password manager? Unbreakable Disease <unbreakable@danwin1210.me> - 2021-07-27 11:27 +0000
            Re: Do you use a password manager? Your Name <YourName@YourISP.com> - 2021-07-28 08:30 +1200
              Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-27 17:30 -0400
              Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-27 22:47 +0000
                Re: Do you use a password manager? Your Name <YourName@YourISP.com> - 2021-07-28 15:40 +1200
                  Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-28 08:41 +0000
                  Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-28 12:35 +0000
              Re: Do you use a password manager? om@iki.fi (Otto J. Makela) - 2021-07-28 10:52 +0300
              Re: Do you use a password manager? Scott Alfter <scott@alfter.diespammersdie.us> - 2021-07-28 17:45 +0000
              Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-28 22:30 +0000
                Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-28 18:56 -0400
                  Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-29 07:38 +0000
    Re: Do you use a password manager? Dreamer In Colore <dreamerincolore@hotmail.com> - 2021-07-21 13:28 -0400
      Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-21 12:31 -0700
        Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-21 21:00 +0000
          Re: Do you use a password manager? Ben Bacarisse <ben.usenet@bsb.me.uk> - 2021-07-22 01:23 +0100
            Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-22 08:46 +0000
    Re: Do you use a password manager? rtr <rtr@nospam.invalid> - 2021-11-28 06:51 +0800
      Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-11-27 23:40 +0000
      Re: Do you use a password manager? Your Name <YourName@YourISP.com> - 2021-11-28 14:26 +1300
        Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-12-01 18:51 -0500
          Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-12-01 19:00 -0500
            Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-12-01 19:46 -0500
              Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-12-01 20:42 -0500
                Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-12-02 08:25 -0500
      Re: Do you use a password manager? om@iki.fi (Otto J. Makela) - 2021-11-28 14:16 +0200
        Re: Do you use a password manager? rtr <rtr@nospam.invalid> - 2021-11-28 21:06 +0800
        Re: Do you use a password manager? The Real Bev <bashley101@gmail.com> - 2021-11-29 10:31 -0800
      Re: Do you use a password manager? Anssi Saari <as@sci.fi> - 2021-11-29 13:01 +0200
        Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-11-29 15:52 +0000
    Re: Do you use a password manager? Matti Haveri <nospam@here.invalid> - 2022-02-05 14:43 +0200
      Re: Do you use a password manager? The Real Bev <bashley101@gmail.com> - 2022-02-05 09:41 -0800
        Re: Do you use a password manager? Dan Purgert <dan@djph.net> - 2022-02-05 19:03 +0000
        Re: Do you use a password manager? Matti Haveri <nospam@here.invalid> - 2022-02-06 11:39 +0200
    Re: Do you use a password manager? gtr <xxx@yyy.zzz> - 2022-02-06 19:27 +0000
      Re: Do you use a password manager? Siri Cruise <chine.bleu@yahoo.com> - 2022-02-06 18:21 -0800
        Re: Do you use a password manager? The Real Bev <bashley101@gmail.com> - 2022-02-07 14:57 -0800
          Re: Do you use a password manager? Siri Cruise <chine.bleu@yahoo.com> - 2022-02-07 19:21 -0800
      Re: Do you use a password manager? El Kabong <twang@the.noodle> - 2022-02-06 22:16 -0800
    Re: Do you use a password manager? gtr <xxx@yyy.zzz> - 2022-02-12 21:35 +0000

Page 3 of 5 — ← Prev page 1 2 [3] 4 5  Next page →

#8098

In article <87r1fu18j7.fsf@nosuchdomain.example.com>, Keith Thompson
<Keith.S.Thompson+u@gmail.com> wrote:

> >> I'd like to use a password manager but I'm not comfortable with that 
> >> data being on some server somewhere- allegedly encrypted or not.
> >
> > 256 bit AES encryption not good enough for you?
> 
> The weak link is not the encryption algorithm, but the key used to
> decrypt the data.

that's up to you to choose something complex.

hint: don't use 'password123'

[toc] | [prev] | [next] | [standalone]

#8099

In message <87r1fu18j7.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
> Alan Browne <bitbucket@blackhole.com> writes:
>> On 2021-07-12 07:37, Wade Garrett wrote:
> [...]
>>> I'd like to use a password manager but I'm not comfortable with that 
>>> data being on some server somewhere- allegedly encrypted or not.
>>
>> 256 bit AES encryption not good enough for you?

> The weak link is not the encryption algorithm, but the key used to
> decrypt the data.

Which the user chooses.

Have you done any actual research into this or have you just read
know-nothing clickbait shit?

-- 
And the three men I admire most, the father son and the holly ghost
	they caught the last train for the coast...

[toc] | [prev] | [next] | [standalone]

#8100

Lewis <g.kreme@kreme.dont-email.me> writes:
> In message <87r1fu18j7.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
>> Alan Browne <bitbucket@blackhole.com> writes:
>>> On 2021-07-12 07:37, Wade Garrett wrote:
>> [...]
>>>> I'd like to use a password manager but I'm not comfortable with that 
>>>> data being on some server somewhere- allegedly encrypted or not.
>>>
>>> 256 bit AES encryption not good enough for you?
>
>> The weak link is not the encryption algorithm, but the key used to
>> decrypt the data.
>
> Which the user chooses.

Yes, of course.

> Have you done any actual research into this or have you just read
> know-nothing clickbait shit?

Be less rude.  If I'm wrong, say so and tell us what's right.

-- 
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
Working, but not speaking, for Philips
void Void(void) { Void(); } /* The recursive call of the void */

[toc] | [prev] | [next] | [standalone]

#8106

Keith Thompson <Keith.S.Thompson+u@gmail.com> writes:
> Alan Browne <bitbucket@blackhole.com> writes:
>> On 2021-07-12 07:37, Wade Garrett wrote:
> [...]
>>> I'd like to use a password manager but I'm not comfortable with that 
>>> data being on some server somewhere- allegedly encrypted or not.
>>
>> 256 bit AES encryption not good enough for you?
>
> The weak link is not the encryption algorithm, but the key used to
> decrypt the data.

There’s lots of possible weak links.

- The key may be stored insecurely.
- If the key is derived from a password then the user may choose a weak
  password.
  - It’s easy to make a bad choice of KDF.
- The choice of cipher mode matters.
- For some cipher modes, how you choose the parameters matters.
- Some ciphers (including AES) are prone to side channels.

How much each of these matters is situational, but “256 bit AES
encryption” is not a complete description and may indeed not be good
enough, depending on the missing details.

-- 
https://www.greenend.org.uk/rjk/

[toc] | [prev] | [next] | [standalone]

#8124

In message <8735s99z9w.fsf@LkoBDZeT.terraraq.uk> Richard Kettlewell <invalid@invalid.invalid> wrote:
> Keith Thompson <Keith.S.Thompson+u@gmail.com> writes:
>> Alan Browne <bitbucket@blackhole.com> writes:
>>> On 2021-07-12 07:37, Wade Garrett wrote:
>> [...]
>>>> I'd like to use a password manager but I'm not comfortable with that 
>>>> data being on some server somewhere- allegedly encrypted or not.
>>>
>>> 256 bit AES encryption not good enough for you?
>>
>> The weak link is not the encryption algorithm, but the key used to
>> decrypt the data.

> There’s lots of possible weak links.

> - The key may be stored insecurely.

The key is not stored at all. The key is the password that that the user
selects.

> - If the key is derived from a password then the user may choose a weak
>   password.

Nothing anyone can do about that.

>   - It’s easy to make a bad choice of KDF.
> - The choice of cipher mode matters.

Which is why these tools are audited by third parties and you should
only use tools that have been audited.

> - For some cipher modes, how you choose the parameters matters.

Ibid.

> - Some ciphers (including AES) are prone to side channels.

Ibid.

> How much each of these matters is situational, but “256 bit AES
> encryption” is not a complete description and may indeed not be good
> enough, depending on the missing details.

Ibid.


-- 
you cannot code around infinite implementations of OCD -John C Welch

[toc] | [prev] | [next] | [standalone]

#8125

On 2021-07-19 14:08, Keith Thompson wrote:
> Alan Browne <bitbucket@blackhole.com> writes:
>> On 2021-07-12 07:37, Wade Garrett wrote:
> [...]
>>> I'd like to use a password manager but I'm not comfortable with that
>>> data being on some server somewhere- allegedly encrypted or not.
>>
>> 256 bit AES encryption not good enough for you?
> 
> The weak link is not the encryption algorithm, but the key used to
> decrypt the data.

First off there is a difference between a "key" and a "password".

If the password is "a", the key will still be extremely strong at 256 
bits and would look completely different to the key for password "b". 
Of course that is not a recommendation.

As to passwords, it's trivial to make strong and easy to remember 
passwords with a few misspelled words, mixed case, some symbols and digits.


-- 
"...there are many humorous things in this world; among them the white
  man's notion that he is less savage than the other savages."
                                             -Samuel Clemens

[toc] | [prev] | [next] | [standalone]

#8127

Alan Browne <bitbucket@blackhole.com> writes:
> On 2021-07-19 14:08, Keith Thompson wrote:
>> Alan Browne <bitbucket@blackhole.com> writes:
>>> On 2021-07-12 07:37, Wade Garrett wrote:
>> [...]
>>>> I'd like to use a password manager but I'm not comfortable with that
>>>> data being on some server somewhere- allegedly encrypted or not.
>>>
>>> 256 bit AES encryption not good enough for you?
>> The weak link is not the encryption algorithm, but the key used to
>> decrypt the data.
>
> First off there is a difference between a "key" and a "password".

Sure (but sometimes they can be the same, right?).

> If the password is "a", the key will still be extremely strong at 256
> bits and would look completely different to the key for password "b". 
> Of course that is not a recommendation.

Are you talking about a key being algorithmically derived from the
password?  If the string "a" is all the information you need to unlock
an encrypted file, then an attacker is going to be able to unlock it,
whether it first has to be translated to a 256-bit key or not.  (Or I'm
missing something.)

> As to passwords, it's trivial to make strong and easy to remember
> passwords with a few misspelled words, mixed case, some symbols and
> digits.

Sure.  It's also easy for a password to leak in any of a number of ways.

-- 
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
Working, but not speaking, for Philips
void Void(void) { Void(); } /* The recursive call of the void */

[toc] | [prev] | [next] | [standalone]

#8039

On 2021-07-12, Unbreakable Disease <unbreakable@secmail.pro> wrote:
> My 50-year old brain isn't capable of memorizing that many passwords
> anymore, so I use KeePassXC. I keep basically everything here
> including my financial passwords and credit card data, with the
> exception of passwords that I would have to remember anyway (full-disk
> encryption, login, primary e-mail passwords, etc.)
>
> Overall, it's much easier to remember and much harder to forget 10
> complicated passwords that you use everyday than 100+ simple passwords
> you use every month or even less.
>
> I can't speak about Windows version of KeePass, because with the
> exception of playing games not available on Macintosh, I haven't used
> one since Windows 95 days.

I don't see anything wrong with using Apple's built-in Keychain password
manager. The only drawback it has is that it's Apple-only, and that has
never been a reason not to use it for me. Most of my family uses it and
is happy with it.

The iCloud Keychain service is optional and seamlessly synchronizes your
password database between all of your Apple devices. It is also highly
encrypted using end-to-end encryption so that it cannot be accessed by
anyone but you.

Others here will recommend cross-platform solutions, but if you have no
need for synchronizing your password database to other platforms,
Apple's built-in Keychain is quite a secure and capable solution, and
it's integrated with all of Apple's operating systems by default.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#8051

On 12.07.2021 15:28, Jolly Roger wrote:
> On 2021-07-12, Unbreakable Disease <unbreakable@secmail.pro> wrote:
>> My 50-year old brain isn't capable of memorizing that many passwords
>> anymore, so I use KeePassXC. I keep basically everything here
>> including my financial passwords and credit card data, with the
>> exception of passwords that I would have to remember anyway (full-disk
>> encryption, login, primary e-mail passwords, etc.)
>>
>> Overall, it's much easier to remember and much harder to forget 10
>> complicated passwords that you use everyday than 100+ simple passwords
>> you use every month or even less.
>>
>> I can't speak about Windows version of KeePass, because with the
>> exception of playing games not available on Macintosh, I haven't used
>> one since Windows 95 days.
> 
> I don't see anything wrong with using Apple's built-in Keychain password
> manager. The only drawback it has is that it's Apple-only, and that has
> never been a reason not to use it for me. Most of my family uses it and
> is happy with it.
> 
> The iCloud Keychain service is optional and seamlessly synchronizes your
> password database between all of your Apple devices. It is also highly
> encrypted using end-to-end encryption so that it cannot be accessed by
> anyone but you.
> 
> Others here will recommend cross-platform solutions, but if you have no
> need for synchronizing your password database to other platforms,
> Apple's built-in Keychain is quite a secure and capable solution, and
> it's integrated with all of Apple's operating systems by default.
> 
I need to use my database on both Mac OS and Linux, so I use KeePassXC. 
And what if you are left with the Keychain file and Apple goes south? 
How you will migrate to KeePassXC? Your file is going to be nothing more 
than useless junk, so at least call Apple or e-mail Tim Cook directly at 
timcook@apple.com to allow to export Keychain data to other password 
managers. I doubt that Apple will listen to us, but trying is better 
than simply giving up.

-- 
Tip me: bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

bitcoin:bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

[toc] | [prev] | [next] | [standalone]

#8062

On 2021-07-12, Unbreakable Disease <unbreakable@secmail.pro> wrote:
> On 12.07.2021 15:28, Jolly Roger wrote:
>> On 2021-07-12, Unbreakable Disease <unbreakable@secmail.pro> wrote:
>>>
>>> My 50-year old brain isn't capable of memorizing that many passwords
>>> anymore, so I use KeePassXC. I keep basically everything here
>>> including my financial passwords and credit card data, with the
>>> exception of passwords that I would have to remember anyway
>>> (full-disk encryption, login, primary e-mail passwords, etc.)
>>>
>>> Overall, it's much easier to remember and much harder to forget 10
>>> complicated passwords that you use everyday than 100+ simple
>>> passwords you use every month or even less.
>>>
>>> I can't speak about Windows version of KeePass, because with the
>>> exception of playing games not available on Macintosh, I haven't
>>> used one since Windows 95 days.
>> 
>> I don't see anything wrong with using Apple's built-in Keychain
>> password manager. The only drawback it has is that it's Apple-only,
>> and that has never been a reason not to use it for me. Most of my
>> family uses it and is happy with it.
>> 
>> The iCloud Keychain service is optional and seamlessly synchronizes
>> your password database between all of your Apple devices. It is also
>> highly encrypted using end-to-end encryption so that it cannot be
>> accessed by anyone but you.
>> 
>> Others here will recommend cross-platform solutions, but if you have
>> no need for synchronizing your password database to other platforms,
>> Apple's built-in Keychain is quite a secure and capable solution, and
>> it's integrated with all of Apple's operating systems by default.
>> 
> I need to use my database on both Mac OS and Linux, so I use
> KeePassXC. 

And I don't need to use my password database on Linux, so I use
Keychain. With Keychain. I have all of my passwords with me on my iPhone
at all times anyway. WHen I need a password on my Linux, Windows, etc
systems, I can just pick up my phone and there it is. ¯\_(ツ)_/¯ 

We can go back and forth like this all day if it suits you, but I don't
really see the point.

> And what if you are left with the Keychain file and Apple goes south? 

Apple isn't going South anytime soon. That's a pipe dream.

> How you will migrate to KeePassXC?

In your hypothetical scenario, I'd have moved my passwords out of
Keychain and into something better long before Apple goes South.

> Your file is going to be nothing more than useless junk

I mean, as long as we are daydreaming, the same could be said if
KeePassXC mysteriously went South overnight. 

Back here in the real world, though, things don't just vanish overnight,
and we have plenty of notice before such things happen, giving us ample
time to move to something better. Such is the way with natural
obsolescence - it tends to happen rather slowly.

> so at least call Apple or e-mail Tim Cook directly at 
> timcook@apple.com to allow to export Keychain data to other password 
> managers. I doubt that Apple will listen to us, but trying is better 
> than simply giving up.

What are you going on about? Get a grip, my dude.

It's great that you have the option of using KeePass. Am I afforded the
option of *not* using it in your world, or is that absolutely not
allowed?

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#8064

I use an old electronic organizer to store my passwords, and I keep a
printed hard copy locked in my safe. I don’t trust anything more
technological than that combination.

[toc] | [prev] | [next] | [standalone]

#8065

On 2021-07-13 6:29 p.m., Oregonian Haruspex wrote:
> I use an old electronic organizer to store my passwords, and I keep a
> printed hard copy locked in my safe. I don’t trust anything more
> technological than that combination.
> 
i don't use anything i have no passwords

[toc] | [prev] | [next] | [standalone]

#8066

On 14.07.2021 01:43, % wrote:
> On 2021-07-13 6:29 p.m., Oregonian Haruspex wrote:
>> I use an old electronic organizer to store my passwords, and I keep a
>> printed hard copy locked in my safe. I don’t trust anything more
>> technological than that combination.
>>
> i don't use anything i have no passwords
Because you instead use your DNA to log in to your accounts.

-- 
Tip me: bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

bitcoin:bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

[toc] | [prev] | [next] | [standalone]

#8094

On 2021-07-12 05:53, Unbreakable Disease wrote:
> My 50-year old brain isn't capable of memorizing that many passwords 
> anymore, so I use KeePassXC. I keep basically everything here including 
> my financial passwords and credit card data, with the exception of 
> passwords that I would have to remember anyway (full-disk encryption, 
> login, primary e-mail passwords, etc.)
> 
> Overall, it's much easier to remember and much harder to forget 10 
> complicated passwords that you use everyday than 100+ simple passwords 
> you use every month or even less.
> 
> I can't speak about Windows version of KeePass, because with the 
> exception of playing games not available on Macintosh, I haven't used 
> one since Windows 95 days.

I use 1Password.  Be careful of the option you select.  They are leaning 
towards "rent" model which I despise.

You can keep the encrypted master file on iCloud or Dropbox so it's 
available to all of your devices.  Avoid the 'rent' model if possible.

-- 
"...there are many humorous things in this world; among them the white
  man's notion that he is less savage than the other savages."
                                             -Samuel Clemens

[toc] | [prev] | [next] | [standalone]

#8152

On 19.07.2021 14:40, Alan Browne wrote:
> On 2021-07-12 05:53, Unbreakable Disease wrote:
>> My 50-year old brain isn't capable of memorizing that many passwords 
>> anymore, so I use KeePassXC. I keep basically everything here 
>> including my financial passwords and credit card data, with the 
>> exception of passwords that I would have to remember anyway (full-disk 
>> encryption, login, primary e-mail passwords, etc.)
>>
>> Overall, it's much easier to remember and much harder to forget 10 
>> complicated passwords that you use everyday than 100+ simple passwords 
>> you use every month or even less.
>>
>> I can't speak about Windows version of KeePass, because with the 
>> exception of playing games not available on Macintosh, I haven't used 
>> one since Windows 95 days.
> 
> I use 1Password.  Be careful of the option you select.  They are leaning 
> towards "rent" model which I despise.
> 
> You can keep the encrypted master file on iCloud or Dropbox so it's 
> available to all of your devices.  Avoid the 'rent' model if possible.
> 
You can use any FOSS password manager. For me, anything that is not FOSS 
is automatically suspicious (including 1Password). I don't trust 
proprietary software and try to reduce its usage to minimum.

-- 
Tip me: bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

bitcoin:bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

[toc] | [prev] | [next] | [standalone]

#8164

On 2021-07-22 04:52, Unbreakable Disease wrote:
> On 19.07.2021 14:40, Alan Browne wrote:

>> You can keep the encrypted master file on iCloud or Dropbox so it's 
>> available to all of your devices.  Avoid the 'rent' model if possible.
>>
> You can use any FOSS password manager. For me, anything that is not FOSS 
> is automatically suspicious (including 1Password). I don't trust 
> proprietary software and try to reduce its usage to minimum.

1Password has proven itself over time.  I like companies that pay 
employees to do things right when it's a critical component.

Free?  You get what you pay for.  So unless it's a wildly widespread and 
popular package with many people maintaining it, it tends to crud.

The Gimp refers.


-- 
"...there are many humorous things in this world; among them the white
  man's notion that he is less savage than the other savages."
                                             -Samuel Clemens

[toc] | [prev] | [next] | [standalone]

#8177

On 22.07.2021 13:52, Alan Browne wrote:
> On 2021-07-22 04:52, Unbreakable Disease wrote:
>> On 19.07.2021 14:40, Alan Browne wrote:
> 
>>> You can keep the encrypted master file on iCloud or Dropbox so it's 
>>> available to all of your devices.  Avoid the 'rent' model if possible.
>>>
>> You can use any FOSS password manager. For me, anything that is not 
>> FOSS is automatically suspicious (including 1Password). I don't trust 
>> proprietary software and try to reduce its usage to minimum.
> 
> 1Password has proven itself over time.  I like companies that pay 
> employees to do things right when it's a critical component.
> 
> Free?  You get what you pay for.  So unless it's a wildly widespread and 
> popular package with many people maintaining it, it tends to crud.
> 
> The Gimp refers.
> 
> 
Well, I like free software. It's not always of the same quality as 
commercial software, but at least its security can be tested by many 
experts in the industry easily as anyone has access to the source code. 
Anyone can read and edit it... understanding and making it work not so much.

-- 
Tip me: bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f
bitcoin:bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

Secmail.pro is down, please mail me at current address instead

[toc] | [prev] | [next] | [standalone]

#8178

On 2021-07-27 11:27:00 +0000, Unbreakable Disease said:
> On 22.07.2021 13:52, Alan Browne wrote:
>> On 2021-07-22 04:52, Unbreakable Disease wrote:
>>> On 19.07.2021 14:40, Alan Browne wrote:
>>>> 
>>>> You can keep the encrypted master file on iCloud or Dropbox so it's 
>>>> available to all of your devices.  Avoid the 'rent' model if possible.
>>> 
>>> You can use any FOSS password manager. For me, anything that is not 
>>> FOSS is automatically suspicious (including 1Password). I don't trust 
>>> proprietary software and try to reduce its usage to minimum.
>> 
>> 1Password has proven itself over time.  I like companies that pay 
>> employees to do things right when it's a critical component.
>> 
>> Free?  "You get what you pay for."  So unless it's a wildly widespread 
>> and popular package with many people maintaining it, it tends to crud.
>> 
>> The Gimp refers.
> 
> Well, I like free software. It's not always of the same quality as 
> commercial software, but at least its security can be tested by many 
> experts in the industry easily as anyone has access to the source code. 
> Anyone can read and edit it... understanding and making it work not so 
> much.

With the source code available for free, it also means the hackers can 
more easily work out how to steal your information. Using open source 
or hacked pirated versions for anything even remotely to do with 
security is simply incredibly silly.

[toc] | [prev] | [next] | [standalone]

#8179

In article <sdpqco$1erg$1@gioia.aioe.org>, Your Name
<YourName@YourISP.com> wrote:


> With the source code available for free, it also means the hackers can 
> more easily work out how to steal your information. Using open source

nonsense. 

open source means it's easy to audit so that nothing undesirable is
hidden.

> or hacked pirated versions for anything even remotely to do with 
> security is simply incredibly silly.

that part is true. using pirated versions is dumb.

[toc] | [prev] | [next] | [standalone]

#8180

On Wed, 28 Jul 2021 08:30:16 +1200, Your Name wrote:

> With the source code available for free, it also means the hackers can
> more easily work out how to steal your information. Using open source or
> hacked pirated versions for anything even remotely to do with security
> is simply incredibly silly.

Ah, a proponent of security through obscurity.

I think not.

-- 
Using UNIX since v6 (1975)...

Use the BIG mirror service in the UK:
 http://www.mirrorservice.org

[toc] | [prev] | [next] | [standalone]

Page 3 of 5 — ← Prev page 1 2 [3] 4 5  Next page →

Back to top | Article view | comp.sys.mac.misc

csiph-web