undefined | Better HN

0 pointspmontra7y ago0 comments

I use keepassx, a local password manager. I don't trust centralized online password managers with browser extensions. Huge attack surface. I copy and paste usernames and passwords.

0 comments

stef257y ago

Same. Where do you keep the db file? Mine's in the cloud and I can't help but think it reduces security, but then I need access to this data from various locations.

walton_simons7y ago

I worry about this too. I store the database itself in Dropbox, and I also use a keyfile alongside the password to open it. I can easily recreate the keyfile on any computer, but it never goes anywhere near the internet.

In addition to that, for my really critical "gatekeeper" accounts, I don't put the full password in the database. Just a reminder that this is a "special" password, which needs to be combined with another bit of info in order to work.

I just live with the fact that I can't use this system on my phone, and for my usage patterns, that's fine. There's nothing I need to do that's so urgent that it can't wait until I'm back in front of my computer.

taco_emoji7y ago

Why can't you use it on your phone? There are various apps for Keepass available.

pmontraOP7y ago

On my laptop. I synch to my phone and tablet using Syncthing. I write into the file only on the laptop.

pimeys7y ago

I keep my db in my own freenas box and sync it between devices using resilio sync.

beatgammit7y ago

I use BitWarden, and they let you self host the service if you want. I haven't done it yet, but I'm definitely considering it. However, passwords are encrypted on your machine then uploaded, so it's a bit more secure than them managing everything on the server.

kiriakasis7y ago

I also do that (almost, keeweb + dropbox) and copy paste logins, but a serious problem is that you need to clear the clipboard after, otherwise any other site you visit can read it.

deeg7y ago

Dunno about Keeweb but KeePass automatically wipes the clipboard after a configurable number of seconds.

mk897y ago

Same here! Except I use Keychain (without icloud) from OSX, as it's built in.

I can't trust a website to keep all my passwords.

Angostura7y ago

I basically decided to trust Apple’s privacy and security teams so iCloud Keychain is the one service that I use it syncing.

j / k navigate · click thread line to collapse