I started using Keepass and changed all my passwords to auto generated passwords. Somehow, my PC crashed before I saved the database. That was the day, where I lost access to my primary email address.

I was looking through old entries in my keepass, and I happened across this bit from when I worked in places that still had unix servers. I was so angry at the impossible input issues they had that I put this into my 'handy commands' section.

Forgot a keepass password.
Brute force script to find the password.
It worked.

So, I just created an account on a premium objective information website. It basically sells access to several articles on laws and general "financial relevant subjects". It is important for my work and they have pretty strict password requirements, with minimum: 18 characters length, 2 HC, 2 LC, 2 special, 2 numbers.

Without thinking twice, openned Keepass and generated a 64 length password, used it, saved it. All's good. They then unlocked my access and... wrong password. I try again... wrong password.

Thinking to myself: "No, it can't be that, maybe I only copied a portion of the password or something, let me check on CopyQ to see what password I actually used."

Nope, the password is indeed correct.

Copy the first 32 characters of the password, try it... it works...

yeah, they limit password length to 32 characters and do not mention it anywhere ... and allow you to use whatever length you want... "Just truncate it, its fine"

The other day, I was in a sub folder of ~/Downloads and did a cd ../.. rather than cd .. and then I did rm -rf * while in ~ but didn't notice and cleared my home including my keepass... fml

Decided to try keepass again and the combination of it all nowadays is just (nearly) perfect:

- Keepass2
- KeepassXC Browser extension (the only reason for "nearly" since NatMsg tries to emulate keepassxc but sometimes fails)
- KeePassNatMsg
- Syncthing
- Keepass2Android

There's tons of more things to discover still, but that already gave me a much easier (especially backups wise) and plugin setup than what I had before with bitwarden!

Syncthing also _just works_ (not like it used to be) which makes me all the time question what's wrong with it haha

I've been using keepass for everything and just recently I've just come to realization of just how hard it is to get into my accounts now that I've done this.

Literally, I'm useless if i don't have a computer to get my passwords. (I know it's for android too, but i need the database)

I was trying to log into my spotify, but I couldn't remember my password. Then I thought, oh i know i'll just log into facebook and do it that way.

LOL JK you don't know the password
Fuck... what about my email???
LOL NOPE!

Seriously if i was held at gun point and told to log into anything I'd be dead. I've literally secured myself out of my own accounts...

I guess if there is any silver lining, it's that no-one, and I mean 'no-one' is getting into my accounts any time soon.

Because I am very interested in cyber security and plan on doing my masters in it security I always try to stay up to date with the latest news and tools. However sometimes its a good idea to ask similar-minded people on how they approach these things, - and maybe I can learn a couple of things. So maybe people like @linuxxx have some advice :D Let's discuss :D

1) What's your goto OS? I currently use Antergos x64 and a Win10 Dualboot. Most likely you guys will recommend Linux, but if so what ditro, and why? I know that people like Snowden use QubesOS. What makes it much better then other distro? Would you use it for everyday tasks or is it overkill? What about Kali or Parrot-OS?

2) Your go-to privacy/security tools? Personally, I am always conencted to a VPN with openvpn (Killswitch on). In my browser (Firefox) I use UBlock and HttpsEverywhere. Used NoScript for a while but had more trouble then actual use with it (blocked too much). Search engine is DDG. All of my data is stored in VeraCrypt containers, so even if the system is compromised nobody is able to access any private data. Passwords are stored in KeePass. What other tools would you recommend?

3) What websites are you browsing for competent news reports in the it security scene? What websites can you recommend to find academic writeups/white papers about certain topics?

4) Google. Yeah a hate-love relationship, but its hard to completely avoid it. I do actually have a Google-Home device (dont kill me), which I use for calender entries, timers, alarms, reminders, and weather updates as well as IOT stuff such as turning my LED lights on and off. I wouldn"t mind switching to an open source solution which is equally good, however so far I couldnt find anything that would a good option. Suggestions?

5) What actions do you take to secure your phone and prevent things such as being tracked/spyed? Personally so far I havent really done much except for installing AdAway on my rooted device aswell as the same Firefox plugins I use on my desktop PC.

6) Are there ways to create mirror images of my entire linux system? Every now and then stuff breaks, that is tedious to fix and reinstalling the system takes a couple of hours. I remember from Windows that software such as Acronis or Paragon can create a full image of your system that you can backup and restore at any point to get a stable, healthy system back (without the need to install everything by hand).

7) Would you encrypt the boot partition of your system, even tho all data is already stored in encrypted containers?

8) Any other advice you can give :P ?

Can we stop that trend of only showing the username field and then show the password field after filling the username clicking next? It messes with my Keepass browser addon.
Apart from that, it messes with human workflow as well. Enter Username -> TAB -> Enter Password -> ENTER. With that stupid UI you have to either focus the next button with Tab and hope hitting Enter does not already submit the login form or switch to mouse and click the Next button.

Why does open source software has to look like shit? Is it part of the FOSS manifest? I'm looking at you eclipse, eclipse dark theme, keepass, ...

Originally wanted to get a head start on work since gonna be out Monday... And don't want to be distracted while working on it... But UAT db was down.

So spent all morning working on side projects like a password manager because we're not allowed to use keepass...

I spent about an hour writing my own password generator at work... (And probably my item password safe) because my company doesn't allow using Keepass...

But require super complex passwords... That need to be exactly 8 characters...

And they expect us to somehow think of and remember them... And change it every 6 months....

As a developer, isn't it a given that if we can't have something, we'll just build one ourselves... But one that is lower quality since it is adhoc and with by a single dev... That doesn't have time or the experience of a domain expert...

They also blocked GitHub/Sourceforge so I can't just download from my own repo... And basically need to do it on company time... For better or worse.

I'm trying to upgrade my account passwords etc. keepass (password manager) doesn't generate resizable windows, so when I want to generate a new password or do anything that creates a new window, THE NEW WINDOW IS TOO TALL FOR ME TO SEE WHAT'S AT THE BOTTOM AND THERE'S NOT EVEN THE OPTION TO SCROLL OR ZOOM OUT. YOU'RE OPEN SOURCE AND GIVING ME THIS BULLSHIT? If you were a living creature you'd be a giraffe with short stubby legs. Your missing features mean you don't get the best leaves and leave you dining with the rest of the peasants. At least I can interact with what I CAN see and closing the window prompts me to save changes, and passwords are generated by the rules I can actually see to manipulate.

Maybe I should look into the source or look at others' screenshots to see what I can't and tab into it to make blind changes, but I'm sufficiently happy with the passwords it gives already. I'm just pissed something so well rated has a flaw like that. Like a game where some levels are locked and you can't unlock them through play -_-

Heyyy DevRant Fam! It’s definitely been quite awhile since i have posted in this amazing community and I apologise, i’ve been extremely busy with my uni work and just life caught up to me 😅, also as always I really hope everyone is doing very well wherever you may be as always :-).

I’d love to ask you guys a question that has been on my mind for a while now 😊, I’ve been thinking of making my own password manager for a side/fun project. What I’ve been doing is I’ve found a open source project on github and downloaded it , loaded it up and read through some code, from memory the project is called ‘keepass’ and its written in c++!.

I’d love to get some advice from you guys, how do i go about learning and understanding open source code :-)? What is some advice you can give to me? Anyways I’d be very grateful for any piece of advice :D once again as always hope everyone has an amazing Sunday night and long weekend, wherever you may be!.

Thank you for reading my very long post sorry for rambling on 😅.

Kind regards,
Milo ☺️

I started using Keepass like 2 months ago, and recently i started going through all my email accounts to compile a list of all the services i've ever signed up to; delete the accounts you don't need and move everything else to keepass with a strong passwd, that was the plan.
I'm still going, but out of the 60 i have so far, 10 sites just had the password, *in plain text*, in the confirmation email!! I don't even konw anymore, just end me now plz 😢

I've had a lot of jobs, and they've all employed some form of single sign-on. But all of them have required enough individual logins for various services that I had to maintain a full category for that employer in my keepass. Until now.

This company has, by far, the most comprehensive SSO I have ever seen. Perhaps it should not be surprising that it works so well, as it is 100% made in-house. But for a company of this size, that's an amazing achievement. It speaks to excellent planning, it seems to me.

Anybody else ever worked for a large company that had a truly unified SSO?

Holy balls, autofill is my favorite new feature of Android!

My keepass, which I've been using and been hopelessly dependent on since 2002 or so, is now compliant with autofill through keepass2android. Cackling with glee over here.

(TL;DR at bottom)
Does anyone else feel that modern GUI's or webpages or anything thats 2-D and modernized, just seem to contain 10x less data that old interfaces.
Disclaimer: First time uploading picture, idk how it will go)
Let's say Google's Inbox, compared to the old Gmail interface... (In attached picture)

I am the only one annoyed by this?

I really like the look and everything and I love modern designs, but please please, keep the functionality there. I just feel like there is 10x less options to do when I see a system converted to a new modernized design. Even YouTube look ugly now, that I am convinced there are about 10 buttons less under each video.
(New <-> Old in attached picture)

Thinking objectively, all of the buttons are still there, but from other experiences, I just always get discouraged when I see a product with a minimalistic design, and am immediately turned away from it, expecting that I wont have any sort of ability to customize my settings.

If you say that fancier GUI's take too much work to make all he settings, the fucking don't make a modern GUI... I want something I can tailor to my needs... There is always a good line in between, just like "old" youtube's design...

Maybe thats why I hated LastPass with it's fancy GUI's and instead preferred KeePass for my passwords...

As promised:

TL;DR
Anyone else hate modern GUI's since they usually lack features?

I just set up KeePass for my momas she requested after I told her about. I'm so proud of you mom 😍

I've been working here for a little under a month keep hearing about them not remembering passwords, or not being able to access something due to a rarely used forgotten password, so I decided to Set up a shared password manager for the team using keepass and a generic intranet setup, pulled a password csv from one random on the floor person's chrome to start with. Turns out they ALL sync data from the owners account, and the owners saved passwords include HER payroll login info, and the accounts for ebay, amazon, etsy, basically anywhere you can buy anything....
yeah I think this is gonna need to be a conversation with her soon.

I am working on partitioning my life and getting my tech stuff and online life organized. Partially fun, partially dread. Still one of the better things I'm dealing with right now.

Tech stuff mainly includes desktop PC (Qubes OS), network (to be driven by openwrt) and smartphone (already running Lineage OS, but I want to build my own LOS). This is the fun part. I want to add a NAS, but I'm too cheap for a proper one (at least for my >20TB media).

Furthermore offline stuff: Remove clutter, get analog documents properly organized (with a sustainable system) and possibly digitalized. I already have maybe half of the things I own in boxes each with a specific purpose (e.g. audio cables, network cables and game controllers each have their own box). Can be tiresome, but it's easy to see a progress and that makes it quite okay.

Online life: That's a big one. A large chunk is email and the hundreds of website accounts. I have them in a keepass file, but all running under the same address. Unfortunately I need to have a Facebook account for some purposes, but I'd like to start over with a new one. Not so easy when you have to transfer group admin privileges though, when I tried the last time I tripped some system and the new account was banned. Annoying.

Anyone have a better option for password management besides KeePass?