Password Managers

Runs on my distribution (Arch Linux) you Ubuntu faggot. Maybe get the proprietary canonical botnet cock out of your mouth first.

stop projecting winfag

I use keepass. I just have to remember 1 good master password. I have the file backed up locally on multiple thumb drives. I store some passwords for shit I don't really care about via the firefox password manager, not sure how secure that is.

Not my fault your taste in Linux/GNU distributions is shit tier. It also can't help that you're too inept and stupid to use a CLI. Kys, macfag.

oh im sorry i didnt know you are retarded.
windows 10 is the best operating system and you are right, keepass is the only open source password manager.

Top kek, pajeet. Now fuck off to your designated shitting street.

...

KeePassXC. It's actually actively developed

www.passwordstore.org

No, it's pointless. You're more likely to have your password manager compromised than all the different passwords to websites, even if they are not "random" enough.

Bullshit. If you use a proper password manager with a very good passphrase, the only thing that can compromise it is a keylogger running on your machine. You aren't safe from that either, it just takes a little bit of time.

Using a lot of shitty, low entropy passwords (probably with a lot of reuse) is dangerous because it just needs one leak and all your other logins are even more likely to be guessed.

Yes. I use Zoho ManageEngine Password Manager Pro. It has a web interface, phone apps, firefox plugin. You have to run your own server, and I have it store the data in a encrypted MS SQL database in a AlwaysOn availability group. It also has some other nifty features like a web based telnet/ssh client. Its overkill for just me, but it looks good on a resume to have experience with enterprise class password managers.

KeePass 2 is what I use. I like that it's open source and that I can keep the fucking file where I want. Fuck this cloud shit.

If you have a keylogger, it would catch your password no matter how you store it (or don't), when you enter it to login.

Nice but

I just save my passwords as a text file on my desktop

If they have access to your files you're fucked anyway

Yes, you'd have to be pretty retarded to think otherwise

That's exactly what I already wrote.

no you are retarded. assuming a non shitty password it is practically impossible to gain access to a keepass database in your lifetime * 6 gorillion.

How about a backdoor or a bug in the password manager? What if you forget your "very good passphrase" ?

Password managers are just useless clutter.

Password managers are useful for account security, not personal computer security. With a manager you can have every single password for every single online account and site and service be totally unique and distinct from every other one. It's not about your personal computer getting hacked, it's about Apple's fucktastic databases getting hacked and leaking everybody's iTunes password -- and then enterprising types cross referencing different accounts and trying the same password and getting into your Amazon and your Bank and your Facebook and ruining your life.

That said it's really no more or less secure for your "manager" to be keepass or a text file on the desktop. Just so long as you're not using the same fucking password on all of the internet like your mother does.

Pretty much agree with this. One benefit 1Password has is that it flags accounts on services that have had breaches or old/reused passwords so it makes it a bit more convenient keeping track of what I need to change. I presume other managers have similar features too.

I store all my passwords in a spreadsheet on CipherShed encrypted drive with a very strong password. Tell me how I'm a moron Holla Forums because I don't see any downsides to this method. I could host it in a git repo if I wanted remote access but not having it online makes me feel better.

I use pass, which by the way was designed not to be clutter. It's a bash script with less than 600 lines that uses GPG for encryption.

That won't happen unless I get serious brain damage. It's too deeply ingrained into my mind because I type it at least 3x a day.

See world.std.com/~reinhold/diceware.html for how to create memorizable ones. You should be pretty secure with 8+ words.

github.com/InaneBob/rustpass

If you're on linux then pass makes the most sense to use and it is already available in your repos, whichever distro you have.
As user said, your passwords are simple text files (encrypted with gpg), meaning you can edit them with the $EDITOR of your choice and put whatever content you want in them (not necessarily passwords), as well organize these files in a directory structure, which is all done through pass' intuitive command-line interface.
Due to it's unix philosophy it's not even a password manager but simply an "encrypted notes manager", with the added feature of generating passwords (using pwgen behind the scenes). It is actually so simple that you can read and understand its source code in a few minutes.

Actually no. Zoho ManageEngine Password Manager Pro fag here again. It supports 2FA with smart cards. And with browser plugins/or copy/paste it would make it so that a key logger couldn't get your password. This assumes it was hardware based, if the key logger was software based your probably already fucked no matter what you do.

Are there any password managers that don't send the unencrypted password to the clipboard in order to send it where it is needed?

pass doesn't use a clipboard by default, it prints the contents to stdout, which isn't as insecure since a clipboard is easier to read from than figuring out where in memory your terminal instance stores its output. But you still have to then manually use a clipboard to pass the text to wherever your want it, unless you're piping the output straight to the program where you need it.
Which makes me think: why don't clipboards store encrypted content? Sure, the keys are still in memory (as are many other crypto keys you use), but at least the contents of the clipboard can't be read straight from it.

Hope that drive is encrypted, or you're fucked when a burglar steals your comp.

I thought you meant the keylogger can steal your password manager master pass. My bad.

I think keepass obfuscates it.

How would that work? The malware would just call clipboard.paste(). Or are you thinking a popup dialog asking for key whenever you Ctrl+V?

Because the /proc/processID/1 file is difficult to find?

/proc/processID/fd/1

We already know what algorithm (AES with password stretching) KeepassX uses retard, that doesn't make it broken

wew burgers

I don't use anything that needs a password other than my mail and my git/uni account, so I don't need a password manager.
I suppose I'll start needing more sometime, but I like being mostly offline/un-accounted on most of the Internet.
I did, however, make mistakes when web 2.0 was new and I was impressionable. But they are all abandoned, so eh. I can't care less for them.

There is an option for auto type that does that, sending it on two parts I believe However auto type doesn't unfortunately work as easily on KeePassX (which performs so much better than the mono wrapper).

Who wouldn't use the file feature and make the file less obvious?

I tattoo all my passwords onto my dick, there's no chance anybody will get their hands on them.

I use this one:
nsd.dyndns.org/pwsafe/
But my home directory is also encrypted.

nobody wants to check out rustpass? it is a password manager written in rust.

Do they call it Rust cause nothing written in it is ever maintained?

?

you mean "do browser plugins exist" or are you talking about file encryption? if someone's owned you to the point that they can read your pw from memory, they can read the filesystem once you unencrypt it too

how about storing it in passwords.txt?

Yes, that's also possible. I don't see how that's a contradiction to what I said.

I actually had a leak happen on a site recently that would have compromised me had I not been using a manager so fuck yes. Password managers are like the best antibiotic to hackers atm.

I create throwaway accounts for everything. I make sure absolutely nothing is connected to each other. If I need an email to create an account somewhere, I will create a new throwaway email account just for that.
The result of this is that my password manager has a lot of junk in it, but I have it all organized in a tree structure (I'm using "pass").

rustpass > pass tbh
github.com/InaneBob/rustpass

Do you use Pass in Windows?

I prefer the "paranoid conservatism" of installing software that a lot of people already use, so that there's a higher chance bugs get discovered and fixed.
Why is rustpass worth breaking this principle? I don't need more features, but I always like more security, although my threat model doesn't really consider password manager to be such a critical point (should it?).

Why? Do you guys at NSA use Windows too?

...

rustpass encrypts the database with a one-time pad. it is literally unbreakable. no other password manager can make that claim.
just look at the crypto module: github.com/InaneBob/rustpass/blob/master/src/crypto.rs
very simple and elegant code using a single cryptographic primitive. right now only the key derivation is a bit lacking, but that is not a problem if you are using a strong masterpassword.
also it is written in rust

KeepassX is open source, if you want to go look at the algorithm you can. But there are plenty of open source encryption algorithms that are effectively impossible to crack with modern hardware, you should read up on how encryption works.

You do realize this is bullshit? See X11
theregister.co.uk/2014/01/09/x11_has_privilege_escalation_bug/

It's like you WANT them to find your rare pepe collection

Did you not understand >higher chance

Passwords? I write them down with ink and paper.
Why even bother keeping them in your pc if you're going to become paranoid with security.

wew, have fun with those security updates there

So long as no one knows you do that, you should be safe.

Isn't that stuff pretty insecure in his shell history? I know you'll say "oh if they can see your shell history then..." but the point is that you might as well keep them in a plaintext file for the same amount of security and more convenience.

But at least viruses can't steal it

so long a no one knows my masterpassword i am safe.

i actually do it with pen and paper and eat all the paper afterwards. i have to use special nontoxic ink because of this.

Maybe you should apply security updates more than once every 4 years.

You mean that's your trick for memorizing them?

...

Masterpassword fag here too. My algo's even open source and all that jazz.

I use keepassx and keep the master password on a piece of paper under my keyboard.