I put all my passwords in a text document, then print it on a little strip of paper and shove it up my ass. Whenever I take a crap, I dig it out from the turds and try to memorise some of them again. Then I shove it back up there where noone else can find my data and I won’t lose it.
Ah yes, KeepAss
Spectacular
sh.itjust.works
Forgot to mention I delete the text document and set fire to the computer’s hard drive. The passwords are only ever in my ass, with the rest of my personal shit.
Following up your own shit post with another shit post is shit post gold.
This tracks very close to my idea of the suppository flask stick.
No $10 gift card?
Lame.
“Here’s what you need to know” - Avoid anything Google.
Bitwarden here. Works well.
I guess now is as good a time as any for them to start using a proper password manager.
Personally, I recommend Keepass - it has multiple clients for all platforms, and you can keep the file in sync with a program of your own choosing, like Dropbox, syncthing or whatever you like.
Bitwarden is probably a more pragmatic choice for most users, given that it’s free and without having to manage the syncing yourself.
Any password manager is better than the alternative, though.
I’m not sure what you’re comparing it to. Keepass is free too, in fact it’s open source. In my opinion, local software and database that is under your control is always superior to cloud.
Keepass over Bitwarden offers a lot of plugins and integrations, again, if you want more customization or automation.
But, I would say you can use any online password manager as long as it’s end to end encrypted, so Bitwarden is a good choice.
Also, local software and database is always superior to cloud.
Now there’s an unfounded blanket statement if I ever saw one.
I think your bias may be showing. The average computer user doesn’t even think about using a password manager. It just exists and works in their browser.
Keepass XC on PC, Keepass DX on Android, Syncthing to sync database
Works flawlessly!
Most amazingly, this setup is also unexpectedly resilient against merge conflicts and can sync even when two copies have changed. You wouldn’t expect that from tools relying on 3rd party file syncing.
I still try to avoid it, but every time it accidentally happened, I could just merge the changes automatically without losing data.
How did you enable merge conflict resolution for KeePassXC databases?
Vaultwarden ftw
+1 for a self-hosted Vaultwarden instance. If you’re technically capable and have extra hardware laying around this is the best way to go.
Although a backup is still required or you are gambling on hardware outliving your need for your data.
Anyone with the knowledge to self host will quickly discover 3-2-1. If they choose to follow it, that’s on them but data loss won’t be from ignorance
Exactly! Self hosted FTW. Chances of a data breach… Typically pretty minor if you are smart.
Chances of losing the data is higher with selfhosting too. Unless you’re doing some sort of multizone replication, or course.
I would rather lose my passwords than have my password database be accessed by someone else. Most websites have a “forgot password” function, and for passwords that don’t have that (e.g. to decrypt my hard drive or log into my computer) I’ve memorised the passphrase and always type it manually anyway. And for passwords where neither applies, it’s probably not a huge loss anyway if I’ve not prepared for the possibility of losing my password db for that particular password.
I use syncthing so there’s a copy of my password database on each of my devices.
Borg backup to borgbase is not very expensive and borg will encrypt the data plus the vault is also encrypted
As long as you’re still signed into BW from any of your devices, you can always export the vault from there.
(But yes, actual backups are always a plus)
Shoutouts to paper and pen.
Keep the booklet in a safe place.
If you never, ever need your passwords outside of your home, that’s great advice - it’s as secure as can be against digital theft. Less so against fire though, and backups are out of the question.
I just store all my passwords in robots.txt on my web server, makes it easy for me to access them anywhere I go…
/s
This is the first suggestion here that’s actually within the technical abilities of most people, even most Lemmy users.
The level of technical knowledge some of people here seem to think the general public has is absurd.
If getting a Dropbox account is too difficult for them, I seriously wonder why they’d be subscribed here, or reading articles about password management in browsers.
We’re lost
Typically, the drawer just below the keyboard (in my experience)
“Chrome users” or “Chrome under windows users” would be closer to the truth. Still, quite a screw up.
Something like 2/3rds of the world uses chrome for desktop. I’d bet that number is higher for windows specifically. If you’re the rare person who doesn’t use chrome then you’re savy enough to know this doesn’t apply to you
Keepass has been working with no issues
All of them are vulnerable to bugs though. Just a matter of luck.
Which bugs breaks Keepass encryption?
One of the mobile clients corrupted all passwords for me. I ended up losing only 2 passwords, and only 1 I wasn’t able to restore. Good lesson on why backups are important though :)
If he knew, do you think he’d be wasting time talking here about it instead of, I don’t know, ransoming millions of user passwords?
I like to think that most people would just contact the devs privately to get a fix pushed asap instead of ransoming everyone’s passwords.
No password manager is 100% safe. Make back-ups.
Premium Bitwarden is so cheap and effective that I find it difficult to justify using an alternative.
Keepass with syncthing is completely free and doesn’t rely on cloud hosting
Still. Back it up
Not a bad idea to back up to a json, but every computer you’ve used has a local encrypted copy you can export from using the app or extension.
Well sure… I have a local offline encrypted copy, rather than a whole separate password manager.
I use encfs and sync it to dropbox etc. Then use gopass password manager to store password in the encfs folders. Not fully auto-integrated but good enough for me.
Sweet. A special sunday collaboration episode of Why You Use Firefox, and Why You Use Linux.
How do you know someone runs Linux?
Don’t worry, they’ll tell you.
A better statement should be: you should remain vigilant and light on attachment to any banner. If an ill wind blows and you don’t like it, it’s time to move. Control your data- aspire to be a digital nomad.
Firefox isn’t without it’s own issues, recently. Google used to be viewed as a paragon once, too.
Google was always incorrectly viewed as a paragon.
Well, there does keep being more reasons by the day…
I don’t use the password manager in Firefox, what a terrible idea.
Use an independent password manager, something purpose-built.
And using Linux? Hahaha, right, right. Call me when there’s a serious OneNote, or even more importantly, Excel competitor. (Or even a standard shell on Linux, or the same set of tools built in).
Call me when there’s a serious OneNote…
OneNote works on the web, but there’s also Notenook if someone is looking for similar features with an app for offline access + End-to-end encryption and open source alternative. I’ve got it syncing to my Android, Windows, Linux and Mac clients without issue.
…or even more importantly, Excel competitor.
There’s OnlyOffice which has a spreadsheet. Yeah it’s not Excel which has existed for a million years, but it should work for the vast majority of users’ basic needs. It may not work for your specific use case, but it is a viable alternative that exists today. If you want more online collaborative features (like the o365 version has) you can use CryptPad, which provides an end-to-end encrypted and open-source collaboration suite, including the web version of OnlyOffice Spreadsheets.
Or even a standard shell on Linux…
What does this even mean? Nearly every major Linux distro sets bash as the default shell, and if not the default, is probably already installed and called if needed. Not sure I understand the problem here.
…or the same set of tools built in
Stick to a single OS and you get the same set of tools built in? This is a strange statement to be making against a system that not only thrives on diversity but has lots of niche systems that require a myriad of default tools.
I do completely agree about not using any browser’s built-in password manager.
Me when I don’t use Chrome, I don’t use Windows, and I don’t use browser password saving either
Switches to Proton Pass
Oh those government-suckers with proprietary servers. Good luck trusting your password to a shady entity
That’s definitely a change from companies just leaving passwords around for anyone to find.
A friend has a notebook next to her computer with all her passwords in it. Initially I was horrified - what if you’re burgled? - but actually it’s genius. Much more secure than letting a browser remember them, and she doesn’t even need to memorise a Bitwarden password.
I just make all of my passwords password123 then I don’t have to worry about memorizing them
