Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.sys.mac.system > #137211 > unrolled thread

Do you use a password manager?

Back to article view | Back to comp.sys.mac.system

Contents

  Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-12 09:53 +0000
    Re: Do you use a password manager? Wade Garrett <wade@cooler.net> - 2021-07-12 07:37 -0400
      Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 07:41 -0400
      Re: Do you use a password manager? "Andy K." <andy.k466@gmail.com> - 2021-07-12 15:14 +0200
        Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-12 21:45 +0000
      Re: Do you use a password manager? Scott Alfter <scott@alfter.diespammersdie.us> - 2021-07-12 15:17 +0000
        Re: Do you use a password manager? Lamey <lametroll@invalid.invalid> - 2021-07-12 09:36 -0600
          Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-12 21:46 +0000
          Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-19 10:43 -0400
      Re: Do you use a password manager? Rich <rich@example.invalid> - 2021-07-12 15:40 +0000
      Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 11:52 -0700
        Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-12 19:58 +0000
          Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 13:15 -0700
            Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 16:27 -0400
              Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 13:48 -0700
                Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 17:14 -0400
                  Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 14:43 -0700
                    Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 18:11 -0400
                      Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 15:52 -0700
                        Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 19:18 -0400
                          Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 16:57 -0700
                            Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 20:25 -0400
                              Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 21:41 -0700
                                Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-14 07:10 +0000
                            Re: Do you use a password manager? Rich <rich@example.invalid> - 2021-07-13 01:08 +0000
                            Re: Do you use a password manager? Scott Alfter <scott@alfter.diespammersdie.us> - 2021-07-13 14:43 +0000
                            Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-13 15:59 +0000
                              Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-13 13:55 -0700
            Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-13 15:48 +0000
              Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-14 07:04 +0000
      Re: Do you use a password manager? om@iki.fi (Otto J. Makela) - 2021-07-16 16:34 +0300
        Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-16 15:06 +0000
          Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-16 20:10 +0000
            Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-16 21:51 +0000
              Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-16 22:05 +0000
                Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-16 22:19 +0000
        Re: Do you use a password manager? Wade Garrett <wade@cooler.net> - 2021-07-16 11:19 -0400
      Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-19 10:42 -0400
        Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-19 11:08 -0700
          Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-19 14:12 -0400
          Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-19 20:07 +0000
            Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-19 14:15 -0700
          Re: Do you use a password manager? Richard Kettlewell <invalid@invalid.invalid> - 2021-07-20 09:15 +0100
            Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-20 20:13 +0000
          Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-20 16:39 -0400
            Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-20 15:52 -0700
    Re: Do you use a password manager? Jolly Roger <jollyroger@pobox.com> - 2021-07-12 15:28 +0000
      Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-12 21:51 +0000
        Re: Do you use a password manager? Jolly Roger <jollyroger@pobox.com> - 2021-07-13 17:15 +0000
          Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-13 19:07 +0000
    Re: Do you use a password manager? Oregonian Haruspex <no_email@invalid.invalid> - 2021-07-14 01:29 +0000
      Re: Do you use a password manager? % <pursent100@gmail.com> - 2021-07-13 18:43 -0700
        Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-14 07:00 +0000
    Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-19 10:40 -0400
      Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-22 08:52 +0000
        Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-22 09:52 -0400
          Re: Do you use a password manager? Unbreakable Disease <unbreakable@danwin1210.me> - 2021-07-27 11:27 +0000
            Re: Do you use a password manager? Your Name <YourName@YourISP.com> - 2021-07-28 08:30 +1200
              Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-27 17:30 -0400
              Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-27 22:47 +0000
                Re: Do you use a password manager? Your Name <YourName@YourISP.com> - 2021-07-28 15:40 +1200
                  Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-28 08:41 +0000
                  Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-28 12:35 +0000
              Re: Do you use a password manager? om@iki.fi (Otto J. Makela) - 2021-07-28 10:52 +0300
              Re: Do you use a password manager? Scott Alfter <scott@alfter.diespammersdie.us> - 2021-07-28 17:45 +0000
              Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-28 22:30 +0000
                Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-28 18:56 -0400
                  Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-29 07:38 +0000
    Re: Do you use a password manager? Dreamer In Colore <dreamerincolore@hotmail.com> - 2021-07-21 13:28 -0400
      Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-21 12:31 -0700
        Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-21 21:00 +0000
          Re: Do you use a password manager? Ben Bacarisse <ben.usenet@bsb.me.uk> - 2021-07-22 01:23 +0100
            Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-22 08:46 +0000
    Re: Do you use a password manager? rtr <rtr@nospam.invalid> - 2021-11-28 06:51 +0800
      Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-11-27 23:40 +0000
      Re: Do you use a password manager? Your Name <YourName@YourISP.com> - 2021-11-28 14:26 +1300
        Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-12-01 18:51 -0500
          Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-12-01 19:00 -0500
            Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-12-01 19:46 -0500
              Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-12-01 20:42 -0500
                Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-12-02 08:25 -0500
      Re: Do you use a password manager? om@iki.fi (Otto J. Makela) - 2021-11-28 14:16 +0200
        Re: Do you use a password manager? rtr <rtr@nospam.invalid> - 2021-11-28 21:06 +0800
        Re: Do you use a password manager? The Real Bev <bashley101@gmail.com> - 2021-11-29 10:31 -0800
      Re: Do you use a password manager? Anssi Saari <as@sci.fi> - 2021-11-29 13:01 +0200
        Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-11-29 15:52 +0000
    Re: Do you use a password manager? Matti Haveri <nospam@here.invalid> - 2022-02-05 14:43 +0200
      Re: Do you use a password manager? The Real Bev <bashley101@gmail.com> - 2022-02-05 09:41 -0800
        Re: Do you use a password manager? Dan Purgert <dan@djph.net> - 2022-02-05 19:03 +0000
        Re: Do you use a password manager? Matti Haveri <nospam@here.invalid> - 2022-02-06 11:39 +0200
    Re: Do you use a password manager? gtr <xxx@yyy.zzz> - 2022-02-06 19:27 +0000
      Re: Do you use a password manager? Siri Cruise <chine.bleu@yahoo.com> - 2022-02-06 18:21 -0800
        Re: Do you use a password manager? The Real Bev <bashley101@gmail.com> - 2022-02-07 14:57 -0800
          Re: Do you use a password manager? Siri Cruise <chine.bleu@yahoo.com> - 2022-02-07 19:21 -0800
      Re: Do you use a password manager? El Kabong <twang@the.noodle> - 2022-02-06 22:16 -0800
        Re: Do you use a password manager? NOSPAMvlad@transilvania.org (Captain Troy Tempest) - 2022-02-08 21:02 -0500
        Re: Do you use a password manager? gtr <xxx@yyy.zzz> - 2022-02-12 19:55 +0000
    Re: Do you use a password manager? gtr <xxx@yyy.zzz> - 2022-02-12 21:35 +0000

Page 1 of 5  [1] 2 3 4 5  Next page →

#137211 — Do you use a password manager?

My 50-year old brain isn't capable of memorizing that many passwords 
anymore, so I use KeePassXC. I keep basically everything here including 
my financial passwords and credit card data, with the exception of 
passwords that I would have to remember anyway (full-disk encryption, 
login, primary e-mail passwords, etc.)

Overall, it's much easier to remember and much harder to forget 10 
complicated passwords that you use everyday than 100+ simple passwords 
you use every month or even less.

I can't speak about Windows version of KeePass, because with the 
exception of playing games not available on Macintosh, I haven't used 
one since Windows 95 days.
-- 
Tip me: bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

bitcoin:bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

[toc] | [next] | [standalone]

#137213

On 7/12/21 5:53 AM, Unbreakable Disease wrote:
> My 50-year old brain isn't capable of memorizing that many passwords 
> anymore, so I use KeePassXC. I keep basically everything here including 
> my financial passwords and credit card data, with the exception of 
> passwords that I would have to remember anyway (full-disk encryption, 
> login, primary e-mail passwords, etc.)
> 
> Overall, it's much easier to remember and much harder to forget 10 
> complicated passwords that you use everyday than 100+ simple passwords 
> you use every month or even less.
> 
> I can't speak about Windows version of KeePass, because with the 
> exception of playing games not available on Macintosh, I haven't used 
> one since Windows 95 days.

I'd like to use a password manager but I'm not comfortable with that 
data being on some server somewhere- allegedly encrypted or not.

If there's one that keeps the data just on the local machine, I'd be 
interested.

I keep a spreadsheet with my PWs on my FileVault-encrypted iMac hard 
drive and copy/paste to logins that need to stay secure- financial, 
vendors, healthcare, etc.

I always log out before leaving the house.

[toc] | [prev] | [next] | [standalone]

#137214

In article <sch9i1$k05$1@dont-email.me>, Wade Garrett <wade@cooler.net>
wrote:

> I'd like to use a password manager but I'm not comfortable with that 
> data being on some server somewhere- allegedly encrypted or not.
> 
> If there's one that keeps the data just on the local machine, I'd be 
> interested.

most do, but that means syncing between devices will be limited or
non-existent.

[toc] | [prev] | [next] | [standalone]

#137215

On Mon, 12 Jul 2021 07:37:35 -0400
Wade Garrett wrote:

> On 7/12/21 5:53 AM, Unbreakable Disease wrote:
> > My 50-year old brain isn't capable of memorizing that many passwords 
> > anymore, so I use KeePassXC. I keep basically everything here including 
> > my financial passwords and credit card data, with the exception of 
> > passwords that I would have to remember anyway (full-disk encryption, 
> > login, primary e-mail passwords, etc.)
> > 
> > Overall, it's much easier to remember and much harder to forget 10 
> > complicated passwords that you use everyday than 100+ simple passwords 
> > you use every month or even less.
> > 
> > I can't speak about Windows version of KeePass, because with the 
> > exception of playing games not available on Macintosh, I haven't used 
> > one since Windows 95 days.  
> 
> I'd like to use a password manager but I'm not comfortable with that 
> data being on some server somewhere- allegedly encrypted or not.
> 
> If there's one that keeps the data just on the local machine, I'd be 
> interested.
> 
> I keep a spreadsheet with my PWs on my FileVault-encrypted iMac hard 
> drive and copy/paste to logins that need to stay secure- financial, 
> vendors, healthcare, etc.
> 
> I always log out before leaving the house.

I'm using KeepassX which is purely local, and am very happy with it.

AndyK

[toc] | [prev] | [next] | [standalone]

#137229

On 12.07.2021 13:14, Andy K. wrote:
> On Mon, 12 Jul 2021 07:37:35 -0400
> Wade Garrett wrote:
> 
>> On 7/12/21 5:53 AM, Unbreakable Disease wrote:
>>> My 50-year old brain isn't capable of memorizing that many passwords
>>> anymore, so I use KeePassXC. I keep basically everything here including
>>> my financial passwords and credit card data, with the exception of
>>> passwords that I would have to remember anyway (full-disk encryption,
>>> login, primary e-mail passwords, etc.)
>>>
>>> Overall, it's much easier to remember and much harder to forget 10
>>> complicated passwords that you use everyday than 100+ simple passwords
>>> you use every month or even less.
>>>
>>> I can't speak about Windows version of KeePass, because with the
>>> exception of playing games not available on Macintosh, I haven't used
>>> one since Windows 95 days.
>>
>> I'd like to use a password manager but I'm not comfortable with that
>> data being on some server somewhere- allegedly encrypted or not.
>>
>> If there's one that keeps the data just on the local machine, I'd be
>> interested.
>>
>> I keep a spreadsheet with my PWs on my FileVault-encrypted iMac hard
>> drive and copy/paste to logins that need to stay secure- financial,
>> vendors, healthcare, etc.
>>
>> I always log out before leaving the house.
> 
> I'm using KeepassX which is purely local, and am very happy with it.
> 
> AndyK
> 
I use KeePassXC which is a modernized version of KeepassX. Can be also 
cloudified if you put the database on Dropbox (which I don't recommend) 
or somewhere else.

-- 
Tip me: bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

bitcoin:bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

[toc] | [prev] | [next] | [standalone]

#137218

In article <sch9i1$k05$1@dont-email.me>, Wade Garrett  <wade@cooler.net> wrote:
>On 7/12/21 5:53 AM, Unbreakable Disease wrote:
>> My 50-year old brain isn't capable of memorizing that many passwords 
>> anymore, so I use KeePassXC. I keep basically everything here including 
>> my financial passwords and credit card data, with the exception of 
>> passwords that I would have to remember anyway (full-disk encryption, 
>> login, primary e-mail passwords, etc.)
>> 
>> Overall, it's much easier to remember and much harder to forget 10 
>> complicated passwords that you use everyday than 100+ simple passwords 
>> you use every month or even less.
>> 
>> I can't speak about Windows version of KeePass, because with the 
>> exception of playing games not available on Macintosh, I haven't used 
>> one since Windows 95 days.
>
>I'd like to use a password manager but I'm not comfortable with that 
>data being on some server somewhere- allegedly encrypted or not.
>
>If there's one that keeps the data just on the local machine, I'd be 
>interested.

KeePass stores its file wherever you tell it.  It could be local storage,
storage on a server you control (as on a VPS or a dedicated server), or
whatever cloud storage is supported on the OS you're using.  I use a WebDAV
share on a VPS.  It's accessible to my phone and my computers, but not to
others.  (I suppose Linode could grab the file, but without the password to
unlock it, it's useless to anybody else.)

  _/_
 / v \ Scott Alfter (remove the obvious to send mail)
(IIGS( https://alfter.us/           Top-posting!
 \_^_/                              >What's the most annoying thing on Usenet?

[toc] | [prev] | [next] | [standalone]

#137220

On Mon, 12 Jul 2021 15:17:43 GMT, Scott Alfter
<scott@alfter.diespammersdie.us> wrote:

>In article <sch9i1$k05$1@dont-email.me>, Wade Garrett  <wade@cooler.net> wrote:
>>On 7/12/21 5:53 AM, Unbreakable Disease wrote:
>>> My 50-year old brain isn't capable of memorizing that many passwords 
>>> anymore, so I use KeePassXC. I keep basically everything here including 
>>> my financial passwords and credit card data, with the exception of 
>>> passwords that I would have to remember anyway (full-disk encryption, 
>>> login, primary e-mail passwords, etc.)
>>> 
>>> Overall, it's much easier to remember and much harder to forget 10 
>>> complicated passwords that you use everyday than 100+ simple passwords 
>>> you use every month or even less.
>>> 
>>> I can't speak about Windows version of KeePass, because with the 
>>> exception of playing games not available on Macintosh, I haven't used 
>>> one since Windows 95 days.
>>
>>I'd like to use a password manager but I'm not comfortable with that 
>>data being on some server somewhere- allegedly encrypted or not.
>>
>>If there's one that keeps the data just on the local machine, I'd be 
>>interested.
>
>KeePass stores its file wherever you tell it.  It could be local storage,
>storage on a server you control (as on a VPS or a dedicated server), or
>whatever cloud storage is supported on the OS you're using.  I use a WebDAV
>share on a VPS.  It's accessible to my phone and my computers, but not to
>others.  (I suppose Linode could grab the file, but without the password to
>unlock it, it's useless to anybody else.)
>
If it's out there than people can access it if they want.

[toc] | [prev] | [next] | [standalone]

#137230

On 12.07.2021 15:36, Lamey wrote:
> On Mon, 12 Jul 2021 15:17:43 GMT, Scott Alfter
> <scott@alfter.diespammersdie.us> wrote:
> 
>> In article <sch9i1$k05$1@dont-email.me>, Wade Garrett  <wade@cooler.net> wrote:
>>> On 7/12/21 5:53 AM, Unbreakable Disease wrote:
>>>> My 50-year old brain isn't capable of memorizing that many passwords
>>>> anymore, so I use KeePassXC. I keep basically everything here including
>>>> my financial passwords and credit card data, with the exception of
>>>> passwords that I would have to remember anyway (full-disk encryption,
>>>> login, primary e-mail passwords, etc.)
>>>>
>>>> Overall, it's much easier to remember and much harder to forget 10
>>>> complicated passwords that you use everyday than 100+ simple passwords
>>>> you use every month or even less.
>>>>
>>>> I can't speak about Windows version of KeePass, because with the
>>>> exception of playing games not available on Macintosh, I haven't used
>>>> one since Windows 95 days.
>>>
>>> I'd like to use a password manager but I'm not comfortable with that
>>> data being on some server somewhere- allegedly encrypted or not.
>>>
>>> If there's one that keeps the data just on the local machine, I'd be
>>> interested.
>>
>> KeePass stores its file wherever you tell it.  It could be local storage,
>> storage on a server you control (as on a VPS or a dedicated server), or
>> whatever cloud storage is supported on the OS you're using.  I use a WebDAV
>> share on a VPS.  It's accessible to my phone and my computers, but not to
>> others.  (I suppose Linode could grab the file, but without the password to
>> unlock it, it's useless to anybody else.)
>>
> If it's out there than people can access it if they want.
> Hackers are looking out for easy targets, almost nobody is going to 
chase Scott Alfter. Too much risk and unknown benefits.

-- 
Tip me: bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

bitcoin:bc1qtwmjzywve5v7z6jzk4dkg7v6masw2erpahsn9f

[toc] | [prev] | [next] | [standalone]

#137301

On 2021-07-12 11:36, Lamey wrote:
> On Mon, 12 Jul 2021 15:17:43 GMT, Scott Alfter
> <scott@alfter.diespammersdie.us> wrote:
> 
>> In article <sch9i1$k05$1@dont-email.me>, Wade Garrett  <wade@cooler.net> wrote:
>>> On 7/12/21 5:53 AM, Unbreakable Disease wrote:
>>>> My 50-year old brain isn't capable of memorizing that many passwords
>>>> anymore, so I use KeePassXC. I keep basically everything here including
>>>> my financial passwords and credit card data, with the exception of
>>>> passwords that I would have to remember anyway (full-disk encryption,
>>>> login, primary e-mail passwords, etc.)
>>>>
>>>> Overall, it's much easier to remember and much harder to forget 10
>>>> complicated passwords that you use everyday than 100+ simple passwords
>>>> you use every month or even less.
>>>>
>>>> I can't speak about Windows version of KeePass, because with the
>>>> exception of playing games not available on Macintosh, I haven't used
>>>> one since Windows 95 days.
>>>
>>> I'd like to use a password manager but I'm not comfortable with that
>>> data being on some server somewhere- allegedly encrypted or not.
>>>
>>> If there's one that keeps the data just on the local machine, I'd be
>>> interested.
>>
>> KeePass stores its file wherever you tell it.  It could be local storage,
>> storage on a server you control (as on a VPS or a dedicated server), or
>> whatever cloud storage is supported on the OS you're using.  I use a WebDAV
>> share on a VPS.  It's accessible to my phone and my computers, but not to
>> others.  (I suppose Linode could grab the file, but without the password to
>> unlock it, it's useless to anybody else.)
>>
> If it's out there than people can access it if they want.

Access ≠ decryption.


-- 
"...there are many humorous things in this world; among them the white
  man's notion that he is less savage than the other savages."
                                             -Samuel Clemens

[toc] | [prev] | [next] | [standalone]

#137221

In comp.misc Wade Garrett <wade@cooler.net> wrote:
> On 7/12/21 5:53 AM, Unbreakable Disease wrote:
>> My 50-year old brain isn't capable of memorizing that many passwords 
>> anymore, so I use KeePassXC. I keep basically everything here including 
>> my financial passwords and credit card data, with the exception of 
>> passwords that I would have to remember anyway (full-disk encryption, 
>> login, primary e-mail passwords, etc.)
>> 
>> Overall, it's much easier to remember and much harder to forget 10 
>> complicated passwords that you use everyday than 100+ simple passwords 
>> you use every month or even less.
>> 
>> I can't speak about Windows version of KeePass, because with the 
>> exception of playing games not available on Macintosh, I haven't used 
>> one since Windows 95 days.
> 
> I'd like to use a password manager but I'm not comfortable with that 
> data being on some server somewhere- allegedly encrypted or not.
> 
> If there's one that keeps the data just on the local machine, I'd be 
> interested.

This one stores everything locally:
https://github.com/zdia/gorilla

There are probably others that do so as well.

[toc] | [prev] | [next] | [standalone]

#137222

[I don't know why the OP cross-posted to alt.atheism.  I've dropped it]

Wade Garrett <wade@cooler.net> writes:
> On 7/12/21 5:53 AM, Unbreakable Disease wrote:
>> My 50-year old brain isn't capable of memorizing that many passwords
>> anymore, so I use KeePassXC. I keep basically everything here
>> including my financial passwords and credit card data, with the
>> exception of passwords that I would have to remember anyway
>> (full-disk encryption, login, primary e-mail passwords, etc.)
>> Overall, it's much easier to remember and much harder to forget 10 
>> complicated passwords that you use everyday than 100+ simple
>> passwords you use every month or even less.
>> I can't speak about Windows version of KeePass, because with the 
>> exception of playing games not available on Macintosh, I haven't
>> used one since Windows 95 days.
>
> I'd like to use a password manager but I'm not comfortable with that
> data being on some server somewhere- allegedly encrypted or not.
>
> If there's one that keeps the data just on the local machine, I'd be
> interested.
>
> I keep a spreadsheet with my PWs on my FileVault-encrypted iMac hard
> drive and copy/paste to logins that need to stay secure- financial, 
> vendors, healthcare, etc.
>
> I always log out before leaving the house.

I use PasswordSafe https://pwsafe.org/ .

It's a Windows application with clones available for Android, iOS, and Mac.

There's a Linux version, available as "passwordsafe" in the Ubuntu repos
(and presumably others), but I haven't gotten it to work.

password-gorilla is a Linux application that uses the same file format
and should be available in the package repos for most distributions.

Keeping the database synchronized across devices is left as an exercise.

-- 
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
Working, but not speaking, for Philips
void Void(void) { Void(); } /* The recursive call of the void */

[toc] | [prev] | [next] | [standalone]

#137223

In message <874kcz5pqn.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
> [I don't know why the OP cross-posted to alt.atheism.  I've dropped it]

> Wade Garrett <wade@cooler.net> writes:
>> On 7/12/21 5:53 AM, Unbreakable Disease wrote:
>>> My 50-year old brain isn't capable of memorizing that many passwords
>>> anymore, so I use KeePassXC. I keep basically everything here
>>> including my financial passwords and credit card data, with the
>>> exception of passwords that I would have to remember anyway
>>> (full-disk encryption, login, primary e-mail passwords, etc.)
>>> Overall, it's much easier to remember and much harder to forget 10 
>>> complicated passwords that you use everyday than 100+ simple
>>> passwords you use every month or even less.
>>> I can't speak about Windows version of KeePass, because with the 
>>> exception of playing games not available on Macintosh, I haven't
>>> used one since Windows 95 days.
>>
>> I'd like to use a password manager but I'm not comfortable with that
>> data being on some server somewhere- allegedly encrypted or not.

There is no "allegedly" about the encryption with LastPass, 1password,
or BitWarden. I know all three of these have been certified and tested
by third parties.

Having them on a server makes it simple to sync them to multiple
devices. At least 1Password can be synced manaully, and I would not be
surprised if the others allowed this in some way as well.

>> I keep a spreadsheet with my PWs on my FileVault-encrypted iMac hard
>> drive and copy/paste to logins that need to stay secure- financial, 
>> vendors, healthcare, etc.

That is a very inefficient system, but it is a lot better than what
some people do. It also encourages patterns of passwords. One of the
main advantages of a manager is truly random passwords.

> I use PasswordSafe https://pwsafe.org/ .

> It's a Windows application with clones available for Android, iOS, and Mac.

> There's a Linux version, available as "passwordsafe" in the Ubuntu repos
> (and presumably others), but I haven't gotten it to work.

> password-gorilla is a Linux application that uses the same file format
> and should be available in the package repos for most distributions.

> Keeping the database synchronized across devices is left as an exercise.

And that means you end up with not having the password you need unless
you limit your use of the Internet to a single machine.


-- 
Everything you say is so boring, I replace it with dubstep.

[toc] | [prev] | [next] | [standalone]

#137224

Lewis <g.kreme@kreme.dont-email.me> writes:
> In message <874kcz5pqn.fsf@nosuchdomain.example.com> Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
[...]
>> I use PasswordSafe https://pwsafe.org/ .
>
>> It's a Windows application with clones available for Android, iOS, and Mac.
>
>> There's a Linux version, available as "passwordsafe" in the Ubuntu repos
>> (and presumably others), but I haven't gotten it to work.
>
>> password-gorilla is a Linux application that uses the same file format
>> and should be available in the package repos for most distributions.
>
>> Keeping the database synchronized across devices is left as an exercise.
>
> And that means you end up with not having the password you need unless
> you limit your use of the Internet to a single machine.

Not if I replicate the encrypted database across the machines I use.
I understand that that could open a potential security hole if
I'm not sufficiently careful.  But if I *am* sufficiently careful,
my database doesn't exist on anyone else's server.

-- 
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
Working, but not speaking, for Philips
void Void(void) { Void(); } /* The recursive call of the void */

[toc] | [prev] | [next] | [standalone]

#137225

In article <87zgur47bv.fsf@nosuchdomain.example.com>, Keith Thompson
<Keith.S.Thompson+u@gmail.com> wrote:

> >> Keeping the database synchronized across devices is left as an exercise.
> >
> > And that means you end up with not having the password you need unless
> > you limit your use of the Internet to a single machine.
> 
> Not if I replicate the encrypted database across the machines I use.
> I understand that that could open a potential security hole if
> I'm not sufficiently careful.  But if I *am* sufficiently careful,
> my database doesn't exist on anyone else's server.

and if you forget to sync it, murphy's law states that you won't have
the password you need.

computers are there to do work *for* you.

[toc] | [prev] | [next] | [standalone]

#137226

nospam <nospam@nospam.invalid> writes:
> In article <87zgur47bv.fsf@nosuchdomain.example.com>, Keith Thompson
> <Keith.S.Thompson+u@gmail.com> wrote:
>> >> Keeping the database synchronized across devices is left as an exercise.
>> >
>> > And that means you end up with not having the password you need unless
>> > you limit your use of the Internet to a single machine.
>> 
>> Not if I replicate the encrypted database across the machines I use.
>> I understand that that could open a potential security hole if
>> I'm not sufficiently careful.  But if I *am* sufficiently careful,
>> my database doesn't exist on anyone else's server.
>
> and if you forget to sync it, murphy's law states that you won't have
> the password you need.

Of course.  That happens now and then.  The solution is to go back and
sync it.

> computers are there to do work *for* you.

I'm not going to go into too much detail about *how* I synchronize my
password database.  I'm not confident that my method is sufficiently
secure.  (Yes, I'm doing "security through obscurity", but only as a
layer on top of other methods.)

I'm comfortable with the amount of manual work my method requires.
Others won't be.

But what do you suggest?

-- 
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
Working, but not speaking, for Philips
void Void(void) { Void(); } /* The recursive call of the void */

[toc] | [prev] | [next] | [standalone]

#137227

In article <87v95f45td.fsf@nosuchdomain.example.com>, Keith Thompson
<Keith.S.Thompson+u@gmail.com> wrote:

> >> >> Keeping the database synchronized across devices is left as an exercise.
> >> >
> >> > And that means you end up with not having the password you need unless
> >> > you limit your use of the Internet to a single machine.
> >> 
> >> Not if I replicate the encrypted database across the machines I use.
> >> I understand that that could open a potential security hole if
> >> I'm not sufficiently careful.  But if I *am* sufficiently careful,
> >> my database doesn't exist on anyone else's server.
> >
> > and if you forget to sync it, murphy's law states that you won't have
> > the password you need.
> 
> Of course.  That happens now and then.  The solution is to go back and
> sync it.

no, the solution is to have it automatically sync.

> > computers are there to do work *for* you.

^^this^^

> I'm not going to go into too much detail about *how* I synchronize my
> password database

you already said how: you manually sync it. 

automatically syncing means a new or changed entry is available on
other devices within seconds, no additional effort required.

[toc] | [prev] | [next] | [standalone]

#137228

nospam <nospam@nospam.invalid> writes:
> In article <87v95f45td.fsf@nosuchdomain.example.com>, Keith Thompson
> <Keith.S.Thompson+u@gmail.com> wrote:
>> >> >> Keeping the database synchronized across devices is left as an exercise.
>> >> >
>> >> > And that means you end up with not having the password you need unless
>> >> > you limit your use of the Internet to a single machine.
>> >> 
>> >> Not if I replicate the encrypted database across the machines I use.
>> >> I understand that that could open a potential security hole if
>> >> I'm not sufficiently careful.  But if I *am* sufficiently careful,
>> >> my database doesn't exist on anyone else's server.
>> >
>> > and if you forget to sync it, murphy's law states that you won't have
>> > the password you need.
>> 
>> Of course.  That happens now and then.  The solution is to go back and
>> sync it.
>
> no, the solution is to have it automatically sync.

The solution *I use* is to go back and sync it.  It works.

>> > computers are there to do work *for* you.
>
> ^^this^^
>
>> I'm not going to go into too much detail about *how* I synchronize my
>> password database
>
> you already said how: you manually sync it. 

There's more to it than that.

> automatically syncing means a new or changed entry is available on
> other devices within seconds, no additional effort required.

I know what "automatically syncing" means.  You haven't said anything
about how to do that.  (I use Ubuntu, Windows, and Android.)

For my situation, I've decided (so far) that automation would be more
effort than it's worth *for me*.  I'm willing to change my mind if
presented with new information.  If you have none to offer, that's fine.

-- 
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
Working, but not speaking, for Philips
void Void(void) { Void(); } /* The recursive call of the void */

[toc] | [prev] | [next] | [standalone]

#137232

In article <87r1g3439e.fsf@nosuchdomain.example.com>, Keith Thompson
<Keith.S.Thompson+u@gmail.com> wrote:

> >> >> >> Keeping the database synchronized across devices is left as an
> >> >> >> exercise.
> >> >> >
> >> >> > And that means you end up with not having the password you need unless
> >> >> > you limit your use of the Internet to a single machine.
> >> >> 
> >> >> Not if I replicate the encrypted database across the machines I use.
> >> >> I understand that that could open a potential security hole if
> >> >> I'm not sufficiently careful.  But if I *am* sufficiently careful,
> >> >> my database doesn't exist on anyone else's server.
> >> >
> >> > and if you forget to sync it, murphy's law states that you won't have
> >> > the password you need.
> >> 
> >> Of course.  That happens now and then.  The solution is to go back and
> >> sync it.
> >
> > no, the solution is to have it automatically sync.
> 
> The solution *I use* is to go back and sync it.  It works.

except when it doesn't, which you admit happens 'now and then'.

> >> > computers are there to do work *for* you.
> >
> > ^^this^^
> >
> >> I'm not going to go into too much detail about *how* I synchronize my
> >> password database
> >
> > you already said how: you manually sync it. 
> 
> There's more to it than that.

those details are irrelevant. the fact is that it's manual which means
it's a lot of extra work with the opportunity to screw it up.

i suspect whatever system you're using does not properly handle merges.

> > automatically syncing means a new or changed entry is available on
> > other devices within seconds, no additional effort required.
> 
> I know what "automatically syncing" means. 

then why not use it?

> You haven't said anything
> about how to do that.  (I use Ubuntu, Windows, and Android.)

what's to know? choose a password manager that offers automatic sync.
done.

> For my situation, I've decided (so far) that automation would be more
> effort than it's worth *for me*.  I'm willing to change my mind if
> presented with new information.  If you have none to offer, that's fine.

what effort? download a new password manager app that offers syncing,
then export passwords from your existing password manager and import
them to the new one. it should take a minute or two.

[toc] | [prev] | [next] | [standalone]

#137233

nospam <nospam@nospam.invalid> writes:
> In article <87r1g3439e.fsf@nosuchdomain.example.com>, Keith Thompson
> <Keith.S.Thompson+u@gmail.com> wrote:
>> >> >> >> Keeping the database synchronized across devices is left as an
>> >> >> >> exercise.
>> >> >> >
>> >> >> > And that means you end up with not having the password you need unless
>> >> >> > you limit your use of the Internet to a single machine.
>> >> >> 
>> >> >> Not if I replicate the encrypted database across the machines I use.
>> >> >> I understand that that could open a potential security hole if
>> >> >> I'm not sufficiently careful.  But if I *am* sufficiently careful,
>> >> >> my database doesn't exist on anyone else's server.
>> >> >
>> >> > and if you forget to sync it, murphy's law states that you won't have
>> >> > the password you need.
>> >> 
>> >> Of course.  That happens now and then.  The solution is to go back and
>> >> sync it.
>> >
>> > no, the solution is to have it automatically sync.
>> 
>> The solution *I use* is to go back and sync it.  It works.
>
> except when it doesn't, which you admit happens 'now and then'.
>
>> >> > computers are there to do work *for* you.
>> >
>> > ^^this^^
>> >
>> >> I'm not going to go into too much detail about *how* I synchronize my
>> >> password database
>> >
>> > you already said how: you manually sync it. 
>> 
>> There's more to it than that.
>
> those details are irrelevant. the fact is that it's manual which means
> it's a lot of extra work with the opportunity to screw it up.
>
> i suspect whatever system you're using does not properly handle merges.

It does not, and I did run into a problem with that not too long ago.
It took some manual work to resolve it.

>> > automatically syncing means a new or changed entry is available on
>> > other devices within seconds, no additional effort required.
>> 
>> I know what "automatically syncing" means. 
>
> then why not use it?
>
>> You haven't said anything
>> about how to do that.  (I use Ubuntu, Windows, and Android.)
>
> what's to know? choose a password manager that offers automatic sync.
> done.

I've spent *some* time looking into alternatives, but perhaps not
enough.  The password manager I use uses a local file.  Others I've
looked at store data "in the cloud", i.e., on someone else's computer.
I've decided *for myself* that I don't want to store my passwords in the
cloud, and that I'm willing to pay the price of more difficult local
updates.

>> For my situation, I've decided (so far) that automation would be more
>> effort than it's worth *for me*.  I'm willing to change my mind if
>> presented with new information.  If you have none to offer, that's fine.
>
> what effort? download a new password manager app that offers syncing,
> then export passwords from your existing password manager and import
> them to the new one. it should take a minute or two.

And install it on all my devices, and learn how to use it -- plus
convincing myself that it's sufficiently secure.  Much more than
"a minute or two".

Is there a password manager that supports automatic sync among Linux,
Android, and Windows *without* storing any of my information in the
cloud (i.e., on someone else's computer)?  (It's possible that I hadn't
made it clear enough that I don't want to use cloud storage.)

-- 
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
Working, but not speaking, for Philips
void Void(void) { Void(); } /* The recursive call of the void */

[toc] | [prev] | [next] | [standalone]

#137234

In article <87mtqr402j.fsf@nosuchdomain.example.com>, Keith Thompson
<Keith.S.Thompson+u@gmail.com> wrote:

> >> >> >> >> Keeping the database synchronized across devices is left as an
> >> >> >> >> exercise.
> >> >> >> >
> >> >> >> > And that means you end up with not having the password you need
> >> >> >> > unless
> >> >> >> > you limit your use of the Internet to a single machine.
> >> >> >> 
> >> >> >> Not if I replicate the encrypted database across the machines I use.
> >> >> >> I understand that that could open a potential security hole if
> >> >> >> I'm not sufficiently careful.  But if I *am* sufficiently careful,
> >> >> >> my database doesn't exist on anyone else's server.
> >> >> >
> >> >> > and if you forget to sync it, murphy's law states that you won't have
> >> >> > the password you need.
> >> >> 
> >> >> Of course.  That happens now and then.  The solution is to go back and
> >> >> sync it.
> >> >
> >> > no, the solution is to have it automatically sync.
> >> 
> >> The solution *I use* is to go back and sync it.  It works.
> >
> > except when it doesn't, which you admit happens 'now and then'.
> >
> >> >> > computers are there to do work *for* you.
> >> >
> >> > ^^this^^
> >> >
> >> >> I'm not going to go into too much detail about *how* I synchronize my
> >> >> password database
> >> >
> >> > you already said how: you manually sync it. 
> >> 
> >> There's more to it than that.
> >
> > those details are irrelevant. the fact is that it's manual which means
> > it's a lot of extra work with the opportunity to screw it up.
> >
> > i suspect whatever system you're using does not properly handle merges.
> 
> It does not, and I did run into a problem with that not too long ago.
> It took some manual work to resolve it.
> 
> >> > automatically syncing means a new or changed entry is available on
> >> > other devices within seconds, no additional effort required.
> >> 
> >> I know what "automatically syncing" means. 
> >
> > then why not use it?
> >
> >> You haven't said anything
> >> about how to do that.  (I use Ubuntu, Windows, and Android.)
> >
> > what's to know? choose a password manager that offers automatic sync.
> > done.
> 
> I've spent *some* time looking into alternatives, but perhaps not
> enough.  The password manager I use uses a local file.  Others I've
> looked at store data "in the cloud", i.e., on someone else's computer.
> I've decided *for myself* that I don't want to store my passwords in the
> cloud, and that I'm willing to pay the price of more difficult local
> updates.

some store it in the cloud, some store it on a local server. some do
either. 

another option is set up a personal cloud hosted on your own hardware,
over which you have full control, which has many other benefits than
just password syncing.

in every case, it's encrypted, so even if someone did gain access to
the database, they won't get the actual passwords, at least not without
a shitload of effort trying to crack it (assuming you used a good
master passphrase).

keep in mind that any of your hardware is lost or stolen, someone will
have easy access to that database, no hacking of cloud servers
required.

nothing is 100% safe.

> >> For my situation, I've decided (so far) that automation would be more
> >> effort than it's worth *for me*.  I'm willing to change my mind if
> >> presented with new information.  If you have none to offer, that's fine.
> >
> > what effort? download a new password manager app that offers syncing,
> > then export passwords from your existing password manager and import
> > them to the new one. it should take a minute or two.
> 
> And install it on all my devices, and learn how to use it -- plus
> convincing myself that it's sufficiently secure.  Much more than
> "a minute or two".

true, but that's the easy part. download a bunch, try them out, put in
some random passwords and see which ones fit your workflow. 

> Is there a password manager that supports automatic sync among Linux,
> Android, and Windows *without* storing any of my information in the
> cloud (i.e., on someone else's computer)?  (It's possible that I hadn't
> made it clear enough that I don't want to use cloud storage.)

there are several, each with different mixes of features, some with
better integration than others, and only you can decide which one fits
your needs.

[toc] | [prev] | [next] | [standalone]

Page 1 of 5  [1] 2 3 4 5  Next page →

Back to top | Article view | comp.sys.mac.system

csiph-web