this post was submitted on 27 Oct 2023
1294 points (98.0% liked)
Memes
45887 readers
1223 users here now
Rules:
- Be civil and nice.
- Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm using KeepassXC, which has a browser integration that is quite good, and a local database. I synchronize it to my devices (using Syncthing, so it's p2p). The database is encrypted with a pretty good password, and a key file. the key file has never and will hopefully never be transported via internet. The database is synced to a server I've rented as well, but never the key.
It's not perfect, but potential attackers would need to
a) have access to one of my daily devices (the server won't be enough, since they need the key file)
b) crack my password
Obviously, for someone dedicated this is still quite reasonable, but then again, I don't think that's my threat profile. The chance of getting caught up in a larger breach is a basically zero once you use your own solution, and it should be reasonably safe, if you don't do anything stupid.
Oof, I barely understand most of that so definitely over my head I think. It sounds like you've made a good system for yourself though, nice job!
I could've phrased some things simpler, haha
But yeah, I'm quite happy with it. KeepassXC is a local password manager, and Syncthing lets you synchronize files and folders across devices, and it uses Peer-to-Peer (p2p) technology, so unlike something like Google drive you're not relying on some could server, it just transfers between your devices directly.
It's not plug and play to install, but not that hard either. But still, I can see that commercial options are a lot easier for many people c:
Syncthing sounds like a nice app in general. I might need to look into that.
They would also need to know what you are using in the first place. Since fewer people do this it does make it a bit safer.
Exactly. As long as you don't have someone really determined or some three letter agency after you, it's going to be pretty safe