What password manager do you use?


(Austin) #1

So what password managers is everyone in the community using? If you are using a self hosted database, like keepass, how do you sync the databases if at all? Why did you choose this password manager over all the others.

edit: Adding a poll (@oaktree)

  • KeePass
  • LastPass
  • BitWarden
  • 1Password
  • GNOME Keyring
  • KWallet
  • Google Chrome
  • Firefox
  • Safari
  • Paper
  • None: Other
  • None: None

0 voters


(Austin) #2

I am currently using keepass to store all passwords and secure notes. I use dropbox to sync between my phone and my two computers (I know this isn’t the best solution but its the easiest). But I have been looking into switching from keepass to bitwarden but I still haven’t decided yet. I use keepass over the others because i enjoy the aspect of having multiple databases and having control of where I put that is really nice.


(No software interupts) #3

Im using lastpass, but I’m not sure I want to stay there. I’d rather be in total control of all my passwords on a private server but this will undoubtedly introduce problems on its own e.g ease of use and a single point of failure.


(mad scientist and king skid) #4

Exactly my words. I think @pry0cc can also contribute to this line of thought :smiley:
I’d like LastPass but offline on my PC. Never did my research on that until yet though…


(Command-Line Ninja) #5

All password managers have their disadvantages, no one manager does them all. It really depends on what you want out of a password manager.


#6

I always used KeePass and never had problems with it.
It is a really simple password manager and what I really like about it is the Auto-Type function.

Sadly I don’t have any comparisons to other password manager tools…


(Full Snack Developer) #7

GPG + Git
https://www.passwordstore.org/


(← ∨ ↑ = ␀) #8

Same as @fraq there, GNU Pass. Instead of git I use syncthing to have a decentralized store of the passwords across all devices(2 computers, 1 tablet and a phone). Means I don’t mind about the names leaking as it’s all contained with in my own little network.


(Dimitris Zervas) #9

it rocks <3
what “adapters” do you use?
I’m using browserpass.
also do you use it on your phone? (I dont trust my crappy android with my private key…)


#10

Post-it notes, stuck to the frame of my computer’s monitor. I don’t see why this thread is even a thing.

/thread


(Command-Line Ninja) #11

There are “adapters”? I was under the impression that this system only worked in the linux cli?

EDIT: Just looked at Pass and it looks amazing. I mean, way better than how fraq tried to sell it on IRC. I think I am going to have to switch.


(3,4,5-trimethoxyphenethylamine) #12

I only use Firefox’s encrypted password manager.


(Dimitris Zervas) #14

hint: it’s not encrypted


(Dimitris Zervas) #15

it’s actually pretty feature full & mature. it has browser/desktop/mobile/etc. integrations. And you don’t have to remember YET another password (apart from GPG, SSH, linux user, LUKS decrypt & nuke and EFI system user)


(3,4,5-trimethoxyphenethylamine) #16

yes it is, you just need to set a master password. please don’t make any claims without information.

“Firefox uses triple DES in CBC mode with Master Password”



(oaktree) #17

Why on Earth would it still use 3DES!?!?!


(mad scientist and king skid) #18

I don’t get that either but according to this analysis from 2013 of browser password managers:

When a Firefox profile is first created, a random key called an SDR key and a salt are created and stored in a file called “key3.db”. This key and salt are used in the 3DES (DES-EDE-CBC) algorithm to encrypt all usernames and passwords. These encrypted values are then base64-encoded, and stored in a sqlite database called signons.sqlite. Both the “signons.sqlite” and “key3.db” files are located at %APPDATA%/Mozilla/Firefox/Profiles/[random_profile].

Analysis Result:

In the case of Firefox, if a strong Master Password is chosen, account details are very unlikely to be harvested.


#19

I use PasswordSafe.
But now I’m about to do a writeup on OpSec via password managing.


(Dimitris Zervas) #20

oops, had old ff in mind. thing is, why 3des and not aes?


#21

I changed my mind.
Instead here’s a photo of Joanna’s computer and how she uses Qubes and VMs to secure her passwords and private keys. Each box is a VM and the arrows are how they’re connected.


As you can see in the blackbox, it is a VM, not connected to anything, and it holds her private keys. When decrypting anything, you can just send the text or message to the blackbox, to decrypt it.

As for password managers, on my blackbox, I have KeyPass’ per identity of mine. The key to unlock each KeyPass however, is not stored on the computer.
I use PasswordSafe, on an old android device, that is not able to connect to the internet, to store my keys to each KeyPass identity.

Might be “overkill”, but it’s better become lazy and relaxed with a system that’s over the top than one that’s anything less.