Lastpass has fucked me for one last time, is this a good password manager?

lastpass has fucked me for one last time, is this a good password manager?

enpass.io/

Other urls found in this thread:

webhostingtalk.com/showthread.php?t=1599694
mobile.twitter.com/olesovhcom/status/778019962036314112
cvedetails.com/top-50-vendors.php
twitter.com/NSFWRedditGif

Which one?

is enpass.io good

Just use keypass and sync the master key to Dropbox or Google drive. Also use a secondary key file that you only store locally so if someone manages to hack into your Dropbox or Google account, they still won't be able to ever open master key because the secondary file is stored offline.

Got this strategy from another user on Cred Forums.

Stop relying on third parties to supply you with a free password management service

If you're ok with the limitations/payment for the mobile version, I guess it's fine. See if you can find any info on them, first. Keepass does the exact same thing, it's FOSS, and it's known to be secure, so you might as well consider that, too.

KeePassX, sync with Google/Dropbox. Use a password + key file and don't put the key file in cloud sync service.

where should i put the key

+1 for keepassx

put it in your asshole you brain dead moron average joe looks like einstein compared to you

no need to be rude.

notebook and pen

>Get robbed by tyrone
>He now has access to your email and online banking

Your database is supposed to be local as well, what the fuck did you do retard

>get hacked by Lyukovsky
>have to pay to get your passwords back
>M$ or Applel has your passwords on their cloud

keepass with syncthing to sync the database

GNU/Linux doesn't have that problem

>impying I'm not doing keyed rot in my head before writing them down

>he thinks Loonix is secure

This. So much. Can't shill KeePass enough. I have the key on a 8MB SD card that I plug in whenever I need to access my passwords.

Hell of a lot more secure than applel or winblows is.

Use keepass2 and just put the database on Gdrive/dropbox. You can use a keyfile but I wouldn't recommend it because of the chance to lose it unless you put it on a cloud service, which defeats the point.

I just use a 30+ character password

But it's not. Being open source makes anything inherently less secure, since it's 100x easier to find vulnerabilities when you can simply skim through the source code at your leisure to find parts that seem promising.

$5 raspberry pi with networking disabled and the wifi card fried

Could be related tot the huge attacks happening lately there are people running around with 600-900gbps attacks 1Tbps even spotted towards OVH few days ago
webhostingtalk.com/showthread.php?t=1599694
mobile.twitter.com/olesovhcom/status/778019962036314112

Right, definitely better than having no clue about the vulnerabilities that you have to rely on microsoft or apple to patch or even admit they're even an exploit in the first place that might take weeks or months to patch. Any exploit for GNU/Linux got patched in a matter of hours. Microsoft and Apple are yet to get it out that long.

Are you seriously implying that your average end user has the knowledge and free time to gain a comprehensive enough knowledge of their operating system of choice to get any security benefit whatsoever?

I doubt even a single person on Cred Forums has done that. The amount of code you'd have to go through would be massive, and you'd have to keep checking back every time something got updated.

Copy it manually to the devices that only you use, install KeePass for Android and get the passwords from there if you ever need to use someone else's computer.

The USA should ban maps so they can make their country more secure

>install KeePass for Android
No, use Keepass2Android. Keepass for android is pretty shitty

>But it's not. Being open source makes anything inherently less secure, since it's 100x easier to find vulnerabilities when you can simply skim through the source code at your leisure to find parts that seem promising.


That makes it more secure because anyone can find vulnerabilities.

There's a reason why Opensource software has had infinitely less secure issues than Closed source.

If I can go to city hall and see a floor plan of your home, complete with details on every aspect of your home security system and where all of your valuables are stored, does this make your home more secure?

Anyone being able to find vulnerabilities works both ways though. It's a matter of luck whether the guy finding it is doing it with malicious intent or not.

KeePass has made my life easy as shit. I put it on a cloud account and I just log in, use my USB key, and I have access.

It spoiled me.

That's a shit comparison - the two are not equivalent in the slightest.

Imagine the developers of some program had found every single bug in their code - it is essentially perfect. Now you could practically never exploit it, even if you had the code in front of you.

With your floor plan example, it would always be vulnerable as it is not code that you can take the weaknesses out of.

This is the benefit of the "many eyes" mantra.

>is this a good password manager

No password manager is a good password manager.

Stop allowing your memory to degrade to the point that you can't remember a few passwords of decent length.

>don't put the key file in cloud sync service.
why not?

If someone can brute force my keepass container with simply the key file (without my password), their encryption is inherently shit and you might as well use a plain txt file

I'd be more afraid of losing the actual file if I use a flash drive

What's your method to creating secure passwords of sufficient entropy?

passwordstore.org

this is the only tech guru-approved password manager out there

>all these people advocating keepass+forks
>Cred Forums - Technology

Might as well rename it to Cred Forums - Normie Central

i don't use key files, but if i used it i would sync it in other cloud service than the one with my database

normies use 1pass or whatever it's called

they are not paranoid enough to care about a password manager being open source

99.9% of people need only ever worry about phishing attacks and calling moron CS reps to reset passwords.

"sufficient entropy" is just something more complicated than password123 for all it fucking matters

Thanks for at least replying to show yourself up.

I currently have about 200 passwords stored in my password manager. Are you telling me that you can easily remember 200 passwords of sufficient quality (64 bits of entropy or higher), even when you haven't used them in 3 years, and you've absolutely never forgotten a password?

If so, I truly salute you for being of vastly superior intellect to me. Out of curiosity, what do your passwords look like and what mnemonic techniques do you use?

All the normies I know either use keepassx or write them down

Yes, please.

Try and convince me that my facebook is under brute force attack.

200 passwords is unecessary to begin with.

This.

Most attacks these days happen because
>people use the same passwords across multiple sites and some service that got breached thought it'd be a good idea to save their user's details in plain text
>social engineering (phishing, fake phone calls etc. - there are more scenarios that apply more to celebrities, e.g. faking your ID with your mobile carrier so as to circumvent 2FA etc. - but those are direct attacks for "VIP targets")
>brute force + shit-tier dictionary password + sites not locking you out after some failed attempts

No one is going to break into your dropbox account and set up a server farm to crack your keepass file (not that it'd work unless you literally use "123456" anyway)

>Try and convince me that my facebook is under brute force attack.

What does that have to do with anything?

Again, how to you create secure passwords with sufficient entropy?

No normie I know uses this because it's too expensive for them. They just use the name of their dog or whatever.

200 passwords being unnecessary is very relative

i would say that having 200 accounts with 64bits passwords is a bit execessice, but having 200 passwords is not unnecessary.

>Again, how to you create secure passwords with sufficient entropy?

I can string 4 words together and get 64 bits of entropy, doesn't mean jack shit.

>200 passwords is unecessary to begin with.
So you advocate reusing passwords across services? If so, opinion discarded

Just write the password in a sticky note like everyone else.

I don't think you have 200 services requiring passwords to begin with.

But creating a central point of failure if you did, and not remembering ANY of those passwords is somewhat retarded in itself.

Only if you use a stupidly large dictionary, giving you such obscure passwords as:

>contumacious presenility carburate bejazz
>preforceps corneocalcareous rigmarolic rotate
>catechismal impactionize exsectile undersneer
and I can guarantee you, you can remember none of those

If you use a “normal”-sized dictionary, then 4 words will be significantly less than 64 bits of entropy.

Again, how to you create secure passwords with sufficient entropy?

It's okay, we know you're full of shit and won't answer this as you're exhibiting nothing more than Dunning-Kruger effect.

You have autism, and this is the last time I'm replying.

Creating a password of sufficient entropy, a point which you seem to be grasping onto like a crack addict, is pretty much irrelevant.

>I don't think you have 200 services requiring passwords to begin with.
But I literally do. That's how many passwords I have stored in my password manager. So I'm not sure what you're trying to imply here, that my password manager can't count?

>But creating a central point of failure if you did, and not remembering ANY of those passwords is somewhat retarded in itself.
Why? My password manager is future-proof since it only relies on GnuPG for encryption and can easily be migrated to new versions.

It's also decentralized (via git) and backed up in multiple locations. I type in my decryption password often enough to have very little risk of ever forgetting it, unless I suffer massive brain damage (in which case I would forget passwords one way or the other)

>password must be at least 8 characters long
>must not contain real words from any language
>must contain at least one lowercase
>must contain at least one uppercase
>must contain at least a number
>must contain at least a Non-alphanumeric symbol
>must contain at least one Unicode character


NO WONDER WHY I USE A FUCKING PASSWORD MANAGER

REEEEEEEEEEEEEEEEEEEEEEE

>must contain at least one unicode snowman

It is the last time you are replying because you are full of shit. You don't want to answer because you have no way of creating secure passwords. Instead, you ridicule the only thing that matters - entropy. It's the only thing that is relevant. You are a colossal moron.

>literally storing your passwords on somebody else's server
What kind of dumb fuck would even use one of these services?

Cred Forums has been saying for years to stop using this trash

>your password cannot contain any of these symbols: < > ^ & : ' " ( )

:^)

no need to be rude.

WHICH IS IT

Dashlane
When premium runs out just use a fake email and refer yourself

Keeweb

A good chunk of Linux users have the knowledge, and the number of users with the necessary skills is also relatively large within the Linux community. There is a reason most bugs affecting the kernel are patched within hours. Many hands make light work. A couple years back when I was playing with one of OS X media frameworks I stumbled upon a vulnerability in the way quicktime parsed RTSP streams. Turns out it wasn't just the QT implementation that was bad, the same kind of mistake was present in many other parts of Apple codebase. Just fuzz around and you could find more like it. If the code had been open-source the vulnerability could have been found much sooner and I could have searched the rest of the codebase for similar vulnerabilities and fixed them in one go. Instead, Apple got to play cat and mouse for 6 months, patching vulnerabilities only to have a similar one pop up elsewhere.

Valid reasoning, invalid conclusion (as backed by historical evidence). Ergo, false assumption.

The error, therefore: You are assuming that it is easier to find vulnerabilities in open source software than in closed source software. It's not.

Reasons why that could be the case:

1. Reverse engineering is both possible, and in many cases, relatively easy, for somebody writing malware.

2. Open-source code, especially drivers, is generally (not always, but mostly) written better than closed-source software. (Anecdotal side-note: I've found that most cases of software remaining closed source is because the authors are ashamed of or afraid of showing the source code)

3. Many eyes hypothesis. Open source code is often worked on by more people than closed source code, which leads to improved exposure, leading to a higher likelihood of bugs being caught.

4. Many users hypothesis. Open source code is often used under more or stranger conditions than closed source code, which helps expose bugs that only occur in corner cases more readily. Closed source code tends to have many similar users, since the code is inherently less flexible and also less likely to be used by hackers and enthusiasts.

I'm sure there are other potential explanations, all of which contribute in some way to the ultimate conclusion, but the fact remains that at the end of the day, open source software has virtually always had a better security track record than closed source software.

KeePass is best.

should i use keepass or keepass x?

I've been using KeePass 2 for a while, not sure what the exact difference is with X but it has served my needs pretty much perfectly when combined with KeeFox extension. (Though a small minority of sites do break auto-filling for a variety of reasons but even in those cases not hard to ctrl+alt+k and then click the relevant entry, ctrl+v and it goes back and autofills nicely.

Is it a bad idea that my Dropbox account that hosts a backup copy of my KeePass database is in itself protected by a long randomized KeePass password?

Pretty sure I could still get access from my phone even if my computer died, but would anything cause me to lose access unpredictably there as well? Would be kind of up shit creek if that happened and my HD died or something. Well, I do also have a secondary whole-computer backup service but that is also behind KeePass so...

password managers are proof millenials will end everything humanity has accomplished

human beings so unbelievably useless that need a service to keep their passwords are literally one generation apart from those fatsos in wall-e

What does Cred Forums think about Dashlane?

Its good for forums and e-commerce sites, Reddit, Tumblr, or anything else that might have a db leak easily.

Remember your bank password and primary email password

Yup, it's called a tiny userbase

cvedetails.com/top-50-vendors.php

>linux
>#vulnerabilities/#products
>100

>microsoft
>#vulnerabilities/#products
>11

Funny, you try to apply logic but fail spectacularly

>1. Reverse engineering is both possible, and in many cases, relatively easy, for somebody writing malware.

Ok, but it's not needed with open source

>2. Open-source code, especially drivers, is generally (not always, but mostly) written better than closed-source software. (Anecdotal side-note: I've found that most cases of software remaining closed source is because the authors are ashamed of or afraid of showing the source code)

First major fail on your part. You have 0 evidence to back this statement

>3. Many eyes hypothesis. Open source code is often worked on by more people than closed source code, which leads to improved exposure, leading to a higher likelihood of bugs being caught.

Again, zero evidence. It's a hypothesis, true, but anyone can make one of those

>4. Many users hypothesis. Open source code is often used under more or stranger conditions than closed source code, which helps expose bugs that only occur in corner cases more readily. Closed source code tends to have many similar users, since the code is inherently less flexible and also less likely to be used by hackers and enthusiasts.

Riiiiight. Again, zero proof. Oh, and you're seriously arguing that Ubuntu is more flexible than Windows and has a more varied demographic? That's retarded

>I'm sure there are other potential explanations, all of which contribute in some way to the ultimate conclusion, but the fact remains that at the end of the day, open source software has virtually always had a better security track record than closed source software.

Fact remains? See, i don't think you understand the meaning of that phrase because you have presented no facts at all

If you don't trust your database to be on a cloud service, you don't really trust the software managing your passwords.

I'm pretty satisfied with enpass

Its browser integration is not as smooth as lastpass but then you're not relying on some NSA honeypot server

you are dumb

i guarantee your password is weaker than mine and/or you reuse your passwords

Stfu and back to raydeet you assfag

iCloud keychain

>using the smiley with a carat nose and disallowable characters

>Closed source
Fuck that noise. KeePass 2 is king and free and better.

>All these people using and recommending keepass
Is Cred Forums really that filled with windows users these days?

>too poor to afford windows like everyone else

almost everyone uses windows idiot

KeePassX is the only acceptable option.

I've been using enpass for months. It's good. Just synch your database manually instead of using the built-in function (just as a precaution).

>says the guy who pirated windows

>implying keyed rot is secure