Password manager and kiwifarms.

  • 🏰 The Fediverse is up. If you know, you know.
  • Want to keep track of this thread?
    Accounts can bookmark posts, watch threads for updates, and jump back to where you stopped reading.
    Create account
UncleNamedDad

UncleNamedDad

kiwifarms.net
Joined
Jan 27, 2023
On rejoining I noticed suggestion to use password manager, last pass was compromised, so I regard all password mangers unsafe.

So only safe option is to store farms locally on separate files far away from cloud drive, eg cloud drives.

Would it possible possible the suggestion on joining page?
 
Sort by date Sort by votes
there are locally managed password managers. just because lastpass didn't do its job doesn't mean there aren't sane options.

Best Free Password Manager & 2FA Tools in 2023

Find the best free password manager and two-factor authentication tools to secure your online accounts. Easy to use, free to download.
www.privacytools.io www.privacytools.io
www.privacyguides.org

Password Managers - Privacy Guides

Password managers allow you to securely store and manage passwords and other credentials.
www.privacyguides.org www.privacyguides.org

some of these are open source or audited by 3rd parties which publish their findings transparently.
 
Upvote 3 Downvote
Let me give a bit more long winded explanation. LastPass has been compromised because it was the biggest password manager that was hosted on some big corpo's servers, therefore a massive fucking target was painted on the service, and after many years of shots fired, one managed to hit the critical spot leading to a full leak of data of millions of users.

That is not to say that all password managers are bad. Password managers that store your passwords on some server you have zero access to and do so for millions of people are bad because it's only a matter of time before it gets compromised because of how prominent this is.

Note that Bitwarden, by default, is no different than LastPass. You register on their servers, and save all your passwords on their servers. Therefore those servers can share the same fate as LastPass.

However unlike LastPass, Bitwarden is open source, and they offer a self-hosting solution, so that you can host all your passwords on your own devices that you have access to. This also means that your private server will be less likely to be hacked simply because barely anyone will know of it's existence.

As for what I use and I find the best option for me, that would be KeePass, as all the passwords get saved in a single file on your computer. Then it's up to you how you want to synchronize and backup the said file, and there are solutions for it that will allow you to do so without ever using the Internet to do so.

For example Syncthing after proper configuration will only synchronize files in your local network, and if you happen to know and are able to set up a VPN connection to your home network, you can synchronize your files wherever you are through a private, encrypted tunnel that only you have access to.

Hell, you could even use something like Dropbox and it would still be infinitely more secure than LastPass, as there is no big target on DropBox as the place that stores passwords, and if your password database got leaked, and you weren't a mongoloid and used a strong master password or even some form of 2FA, the hackers won't be able to compromise it anyway.

However do note that this means how you take care of your password database is up to you. You can fuck up and lose all the copies to it, losing all of your passwords. But if you're not a complete retard, you'll keep them safe, you'll have access to them, and you won't ever get compromised. But this is a less normie friendly method due to how much depends on your know-how of how to keep your shit backed up and safe.
 
Upvote 1 Downvote
Slav Power said:
Let me give a bit more long winded explanation. LastPass has been compromised because it was the biggest password manager that was hosted on some big corpo's servers, therefore a massive fucking target was painted on the service, and after many years of shots fired, one managed to hit the critical spot leading to a full leak of data of millions of users.

That is not to say that all password managers are bad. Password managers that store your passwords on some server you have zero access to and do so for millions of people are bad because it's only a matter of time before it gets compromised because of how prominent this is.

Note that Bitwarden, by default, is no different than LastPass. You register on their servers, and save all your passwords on their servers. Therefore those servers can share the same fate as LastPass.

However unlike LastPass, Bitwarden is open source, and they offer a self-hosting solution, so that you can host all your passwords on your own devices that you have access to. This also means that your private server will be less likely to be hacked simply because barely anyone will know of it's existence.

As for what I use and I find the best option for me, that would be KeePass, as all the passwords get saved in a single file on your computer. Then it's up to you how you want to synchronize and backup the said file, and there are solutions for it that will allow you to do so without ever using the Internet to do so.

For example Syncthing after proper configuration will only synchronize files in your local network, and if you happen to know and are able to set up a VPN connection to your home network, you can synchronize your files wherever you are through a private, encrypted tunnel that only you have access to.

Hell, you could even use something like Dropbox and it would still be infinitely more secure than LastPass, as there is no big target on DropBox as the place that stores passwords, and if your password database got leaked, and you weren't a mongoloid and used a strong master password or even some form of 2FA, the hackers won't be able to compromise it anyway.

However do note that this means how you take care of your password database is up to you. You can fuck up and lose all the copies to it, losing all of your passwords. But if you're not a complete retard, you'll keep them safe, you'll have access to them, and you won't ever get compromised. But this is a less normie friendly method due to how much depends on your know-how of how to keep your shit backed up and safe.
Click to expand...
I've been using the original KeePass for ages too. Making a backup of the database file every now and then beats storing your passwords on fucking cloud servers. What I didn't know is that there is a community fork called KeePassXC. Does anyone have experience with that? I'd like the least pozzed version with the fewest troon developers.
There seems to be a version for Android too: KeePassDX
 
Upvote 0 Downvote
JoshPlz said:
I've been using the original KeePass for ages too. Making a backup of the database file every now and then beats storing your passwords on fucking cloud servers. What I didn't know is that there is a community fork called KeePassXC. Does anyone have experience with that? I'd like the least pozzed version with the fewest troon developers.
There seems to be a version for Android too: KeePassDX
Click to expand...
KeePassXC? I think it's a pretty good alternative, albeit I don't like it that much as it misses some functionality I add to KeePass 2 via plugins, however you can't run KeePass 2 as easily on Linux as KeePassXC which has native Linux binaries. And KeePassDX is my Android fork of choice, solely because of it's Magikeyboard.

However do keep in mind that KeePassXC has no cloud sync options and can only open local files, so you'll need to sync the file on your phone somehow, and a bunch of cloud solutions have issues with it.

For me, KeePass DX has no issues with Syncthing for me, at least if you don't end up saving the database on two devices at once which will lead to a conflict, so make sure to avoid such situations. But then again, if being pozzed is a concern for you, then you'll avoid Syncthing because of them having Contributor Covenant and openly fellating BLM/Ukraine on their front page.
 
Upvote 0 Downvote
JoshPlz said:
I've been using the original KeePass for ages too. Making a backup of the database file every now and then beats storing your passwords on fucking cloud servers. What I didn't know is that there is a community fork called KeePassXC. Does anyone have experience with that? I'd like the least pozzed version with the fewest troon developers.
There seems to be a version for Android too: KeePassDX
Click to expand...
I use KeePassXC on PC, Android and as browser plugin. Works perfectly so far.
 
Upvote 0 Downvote
Slav Power said:
But then again, if being pozzed is a concern for you, then you'll avoid Syncthing because of them having Contributor Covenant and openly fellating BLM/Ukraine on their front page.
Click to expand...
It's not a complete dealbreaker. I could barely use any software then, with how widespread that shit is.
It's just a point to consider, as people who mutilate their genitals for a fetish or delusion probably don't make the most reasonable and sane decisions when programming either.

So if one fork was run by insane troons and the other not, my choice would be obvious.
 
Upvote 0 Downvote
I do vaultwarden (self hosted bitwarden) with local network access only, then run wireguard on my phone to access. I used to run Keepass and sync the databases, but vaultwarden is just a smoother and more polished experience.
 
Upvote 0 Downvote
This is my first post ever on this site and for a topic I take very seriously, which is good security, privacy, etc.
If you are exceedingly autistic, you also use KeepassXC, and need a slightly better layer of security for your KeepassXC database.
1. Use linux
2. setup GPG
3. encrypt your KeepassXC master password using gpg
This is really redundant, I understand. But, asymmetric encryption on your password is far better than symmetric or
typing in your master password yourself.

This is the bash script I wrote to make this work. This relies on your gpg being unlocked to be able to pipe the result into keepassXC. There's probably a better way but this keeps it simple.
save this code as a file, edit it to fit what you need and don't forget to
Bash: 
chmod +x filename
it.

Bash: 
#!/bin/sh
pass="$(gpg2 -d /home/USER/key.asc)"
gpg2 -dq /home/USER/key.asc | keepassxc --pw-stdin /home/USER/database.kdbx
 
Upvote 0 Downvote
BitWarden is pretty well trusted and I like using it.
If you don't self-host there is always a chance of the company servers getting hacked or whatever, of course, but then again you do keep your money in a bank that always has a chance to go bankrupt, your e-mails on a google server that can be hacked, etc, there is no perfect solution.

I'm a bit weirded out by those with paper password managers though. You are far more likely to get a home robbery/house fire/dog ate my passwords situation than having the servers of a big corporation get hacked and people using your accounts before you have a chance to change the passwords.
The knowledge that my mother's bank account credentials are on a sticky note underneath her keyboard does not put me at ease.
 
Upvote 0 Downvote
You must log in or register to reply here.
Back
Top Bottom