What's the point of using a 3rd party password manager over the one built-into your browser?
With minimal effort, both Firefox and Chrome could encrypt the built-in password database with a separate password that secures it from Mozilla's/Google's sync servers.
The integration will automatically be so much better than any 3rd party offering. Plus you get actually audited code, compared to proprietary shit like 1Password and LastPass (which already suffered from multiple stupid mistakes) and even Keepass (which has abysmally insecure methods of talking with the browser called Keepasshttp).
KeePass can store much more than site/username/password. It utilizes much more software/memory protection technologies than your browser. It don't need 3rd-party botnet account to sync.
Why do you need this? Why don't you just sync the .kdbx file across devices?
Josiah Ward
why not use pass? slim, elegant, simple. also easy to backup and synch. it does exactly what it should do and is easy enough to use, even if you normally despise programs without a gui (although i think theres additional guis if you really want them. i dont see the point though.)
Christian Butler
I need something that I can use with qutebrowser, dillo, Firefox, Fennec, and at least one command line application that isn't a web browser. I doubt this would work better than KeePassX+Syncthing.
Jace Jenkins
Passwords for things other than sites. Attach things, e.g. a private key. History. More than 1 database. Key files. Expiry tracking. Using on more than 1 device without Fagfox or ((Google)) servers.
Jack Bennett
Windowslet, when will they learn.
Jaxon Nguyen
That's a shitty analogy though. 3rd party password managers perform worse than the built-in one due to their lack of integration. Heck, most of them even have trouble detecting which website it is and feeding in the correct password. To this day Keepass+ChromeIpass still fails with 2-page logins like Google's.
Andrew Clark
It's called isolating vulnerabilities, a standard security paradigm.
James Turner
Since this thread is up I might as well ask here instead of starting a new thread: What's the recommended workflow if I want to migrate from Chromium's built in password vault to keepassxc? (running linux here) Do I have to manually copy and paste my hundreds of passwords? And how do I disable Chromium's built in vault once i've migrated?
Thomas Richardson
What's the point of trusting unknown code by unknown developers who write browsers and password managers, any of whom could have long since complied with their 'National Security Letter', when you can just generate strong passwords yourself and store them in a plain text file encrypted with gpg?
Lincoln Edwards
What's the point of a password manager? Don't you have memory?
Jaxson Edwards
generate new passwords
have you evaluated gpg's code? have you built it yourself with a non-compromised compiler on non-compromised hardware? didn't think so faggot
Carter Stewart
This way I can use a different twenty-character long randomly generated password for each service.
Juan Rogers
or you can just do hash("masterpassword" + "kikebook.com")
Jonathan Garcia
1. The time it takes to load a hashing program and input those values are equivalent to running a password manager. 2. There aren't many people who will memorize 50+ different hash codes that you will need to generate for all your accounts.
Nicholas Martinez
what about keeping the password db in sync on all devices you use? i dont understand what you are trying to say. you only need to remember your master password. same as with a password manager.
Dominic Moore
I don't keep up with memeware (I have maybe 2 or 3 internet things that require passwords and I have my own solution for this) but didn't those programs you mention each have vulns? Why would you use software from someone who can't build something as trivial as a password manager without vulnerabilities? inb4 >software is hard
Connor Kelly
also, fuck firecox for obfuscating passwords by default. many times I had to pull out passwords from firecox's password database, but I had to use some shit software or firecox on a separate computer to get it out.
Xavier Gray
Nirvana fallacy aka defeatism.
Dylan Sullivan
fucking retard
Connor Barnes
Distributed data synchronisation is beyond the scope of a password database. It is the users' own responsibility to deal with those kinds of issues.
I assumed that the reason why you use a hashing program is that the output of the hashing program is the password you enter for the account. If this is the case, you'd have to remember 50 different hash values that are no different to remembering 50 different password. Otherwise, you'd have to input your masterpass+account scheme into your hashing program every time you want access to your password. I would think that a password manager would be easier to deal with than a hashing program.
Henry Torres
yeah. with my scheme there is no database you also have to input your masterpassword into your password manager every time you want to access your passwords.
Benjamin Collins
There's no JS or internet request incorporated in them.
Owen Anderson
well this is a whole new level of retard so now we have is there any type of program that is not _hard_? im pretty sure you idiots who say this shit are just a mix of the 9-5 retards ive been pwning for the last 10 years and non-programmers. and guess what? ive programmed the first 3 myself
Jace Allen
It's not the password managers or chat programs themselves that are hard to write but getting the security portions correct. See the pdf and ask the openssl authors for some more examples.
no yes yes yes post source of your password manager pls
Jacob Cooper
keepass is written in c by a retard who doesnt understand crypto. also it is bloated. pass follows the unix philosophy (fucking LOL) which apparently means writing a shell script invoking gpg (which is written in c and its codebase is massive). also pass leaks metadata. having a gpg encrypted textfile would be better than pass. pass is a meme tbh. im going to write the most secure password manager ever to be seen (in rust).
Logan White
5RuHL5LQnT9G VxatwBj9COnW
Christian Sanchez
openssl are morons and have no say on anything. openssl is a shit protocol. X.509 is a fucking braindamaged academic idea. when some fucking neckbeard is crying "WORSE IS BETTER OOGA BOOGA" and "XYZ is not practical!!11", they should be referred to X.509 coupled with the cancer that is DNS (which it critically relies on in order to work)
you are a faggot my password manager is literally just a list of key-value pairs and you can press a button to copy it to the X clipboard. i don't need whatever trendy shit OP is talking about because I have the passwords stored on an encrypted disk. and no, it _still_ wouldn't be hard even if i did whatever trendy bullshit people to today like storing your _FUCKING WEB PASSWORD_ in secure memory or fucking around with hashes
literally this
Adrian Reed
to elaborate, i can't even remember what memes there are for password managers. for web you have 2FA, for secure messaging today you have forward secracy. what is there for password managers?
oh and browser integration bugs don't count. you shouldn't have those "features" in your password manager in the first place. the browser is a 1000000000000 LOC black box made by a bunch of dumbfucks who have no clue about software engineering nor security. if you're expecting it to provide any stable API for you to send the password to it and for it to do this securely, you deserve whatever you get