Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@Jilano So, since online password managers should use heavy encryption techniques .. I think it should be secure.
And also they provide multi platforms support (Desktop/mobile ..etc.)
I think this is a huge difference here vs the other free/open source projects? -
bahua129046yI hereby expend this comment to express my approval and love for KeePassXC on PC(Linux, Mac, and windoze) and keepass2android for mobile.
-
@bahua Can we share passwords between teams? Can I generate passwords for each website and change them automatically?
-
bahua129046y@abdulmoniem
What about it? The KeePass databases I've seen in use by teams have always lived in a dedicated git repo. Is that what you mean? -
@bahua I mean can I share it with my team .. we are working remotely not in a single place?
-
bahua129046y@abdulmoniem
You can easily set up a git repo for version control and file history of the database, you can just use a public cloud like Google, Dropbox, Asus, or whatever, or you can set up your own cloud with something like owncloud or nextcloud. -
@Jilano In businesses it doesn't work like that. You buy an account which has a license and we need as a team to work using the same account. For example, Zoom for meetings. It provides you with only 1 host account on the basic plan. So, if you want to create a meeting without any limits, you will need to use that host account. So, it should be shared. And instead of sharing that on Slack for example, you use a password manager to do it for you in a secure way.
-
@bahua I see. So, it is not a full fledged product like the online one .. but it can be used for simpler scenarios to save a couple of bucks any way. Thanks.
-
bahua129046y@abdulmoniem
I'm not taking your meaning. It is a release-level product, under active development and far more mindful of security issues than any of the previously mentioned products. -
@bahua I mean .. you will not have all the features of an online product like LastPass/DashLane .. etc.
If you compared the features and the security measures you will understand what I mean.
Open source is not always a good thing. I use both worlds as much as it fits my needs. -
bahua129046y@abdulmoniem
You seem determined to claim KeePass is somehow inferior to commercial products-- products with a less than sterling commitment to security and privacy, which for me categorically rules them out. Fine for your aunt's iPhone, but not for real business doing real things. -
@Jilano Thanks and you clarified your opinion as well which is respected any how.
I hope I can get more answers on other products as well. -
Enpass. Because it is cross platform (data saved on your cloud drive). Has a good password generator. Free on PC. 10$ for the Android premium version (Free version limited to 20 accounts.
-
LLAMS37486y@abdulmoniem You can buy them on Amazon. Its an Integral 256 bit AES encrypted flash drive. When you plug it in it appears as an executable CD. It has built in software so it only mounts it as a disk when you enter the password. Leaves no footprint so you can use it on any machine if you need to look up a password.
-
LLAMS37486y@abdulmoniem Difference is it still works like a normal flash drive so you can store whatever you want on it. I have a Yubikey as well. Its just a 2FA device.
-
Anyone using Bitwarden? I've been using it for two years and I find it great. You can even host it on your own if you like. This year we started using it in our company as well.
-
rhodium116yI use pass. It stores passwords in individual files encrypted with your GPG key. Naming schemes are left to the user but I use filenames as usernames and directories as service names.
It works for me because I can store those files in gitolite on a pi, and then I can clone the repo on Linux, or on Android using the awesome git-enabled client app Password Store.
Because the passwords are just files, I can handle them in shell scripts and the like. Very cool.
And it's free software! -
rhodium116y@Jilano Yes, and I love it. As you say, it's really important these days to have access to these passwords on the go, and the Password Store app delivers that. I have it bound to a hardware button on my phone because I need regular access to it.
I have a couple of tiny usability niggles but overall it's been a dream experience. -
h4xx3r17166yKeePassXC on desktop and KeePassDroid for smartphone(I don't mind the old looking UI, the notification username and password is a godsent), keeping them in sync through SyncThing. Needless to say I do no longer bother creating passwords on my own nor keep them in mind ... Except the master password for the keepass file
-
devnope5696yQtpass
It's gpg secured, every pass is a file, which alliws distribution of single keys, which is jandy for shared credentials...
And it supports git -
-
ajit55518886y@h4xx3r I use similar to yours except one more security layer, i.e. keyfile, in addition to password. Keyfile I manually maintain separately, not cloud synced.
-
h4xx3r17166y@ajit555 I thought about it too, but that's an extra step that goes into bothersome. I like the simplicity and comfort u.u
-
ajit55518886y@h4xx3r I keep all my passwords including banking n credit cards at one place, so worth extra efforts. I change the master keyfile every six month and password every month.
-
HobbieJ306y@abdulmoniem Yup! I used LastPass for two years, and 1Password was a breath of fresh air from a UI standpoint. Better fill in, less janky software, etc. As for Dashlane, I used it once, but I still prefer the overall form feel of 1Password. It's beautiful, yet functional.
-
creadom836y@Jilano Alright thanks for that. I already read that report. I'm personally using it in a self-hosted manner, which is what drew me to Bitwarden in the first place.
-
Snob20926yI don't use any because of overhead.. I tried a few (dashlane, LastPass, ...) But none of them work really fine on all platforms I use. It's faster for me to mentally generate good but safe passwords that I can remember and type by myself and not by a third party tool relying on databases
-
Fexell6586y1Password. Their security policy is insane. Replaced Google Authenticator with 1Password's 2FA. I've tried LastPass and some other relatively new password manager (cannot remember the name), but 1Password just feels superior.
-
@abdulmoniem The thing is that with a closed source one, you can never be sure that the service/application does what it says it does.
In the context of a text editor or calculator, that might not be that big of an issue (for me it would be but for 'general people' it wouldn't, but when youre talking about extremely sensitive data, I'd call that a huge security risk which can easily be mitigated.
Take a look at BitWarden, fully open source and its an actively maintained (free + paid plans including the option of running your own instance) with excellent support for all platforms.
And @Jilano is right, yes. -
@linuxxx I mean if I used the hosted version of this software .. you think it will be secure?
What is your favorite password manager and why?
question