this post was submitted on 28 Jul 2024
587 points (98.5% liked)

Technology

59525 readers
3589 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 157 points 3 months ago (23 children)

I guess now is as good a time as any for them to start using a proper password manager.

Personally, I recommend Keepass - it has multiple clients for all platforms, and you can keep the file in sync with a program of your own choosing, like Dropbox, syncthing or whatever you like.

[–] [email protected] 62 points 3 months ago (6 children)

Bitwarden is probably a more pragmatic choice for most users, given that it's free and without having to manage the syncing yourself.

Any password manager is better than the alternative, though.

load more comments (6 replies)
[–] [email protected] 57 points 3 months ago (4 children)

Keepass XC on PC, Keepass DX on Android, Syncthing to sync database

Works flawlessly!

[–] [email protected] 21 points 3 months ago (1 children)

Most amazingly, this setup is also unexpectedly resilient against merge conflicts and can sync even when two copies have changed. You wouldn't expect that from tools relying on 3rd party file syncing.

I still try to avoid it, but every time it accidentally happened, I could just merge the changes automatically without losing data.

[–] [email protected] 11 points 3 months ago (3 children)

How did you enable merge conflict resolution for KeePassXC databases?

load more comments (3 replies)
load more comments (3 replies)
[–] [email protected] 34 points 3 months ago (5 children)
[–] [email protected] 17 points 3 months ago (4 children)

Exactly! Self hosted FTW. Chances of a data breach.... Typically pretty minor if you are smart.

[–] [email protected] 19 points 3 months ago (6 children)

Chances of losing the data is higher with selfhosting too. Unless you’re doing some sort of multizone replication, or course.

[–] [email protected] 10 points 3 months ago

I use syncthing so there's a copy of my password database on each of my devices.

load more comments (5 replies)
load more comments (3 replies)
load more comments (4 replies)
load more comments (20 replies)
[–] [email protected] 104 points 3 months ago

Bitwarden here. Works well.

[–] [email protected] 86 points 3 months ago

No $10 gift card?

Lame.

[–] [email protected] 78 points 3 months ago (1 children)

"Chrome users" or "Chrome under windows users" would be closer to the truth. Still, quite a screw up.

[–] [email protected] 12 points 3 months ago

Something like 2/3rds of the world uses chrome for desktop. I'd bet that number is higher for windows specifically. If you're the rare person who doesn't use chrome then you're savy enough to know this doesn't apply to you

[–] [email protected] 53 points 3 months ago (1 children)

"Here's what you need to know" - Avoid anything Google.

load more comments (1 replies)
[–] [email protected] 53 points 3 months ago (8 children)

No-one should be using any password manager built into any browser, neither Chromium-based nor Firefox-based. Browser password databases are almost trivially easy for malware to harvest.

Go with something external, BitWarden or 1Password, or if you are entirely within the Apple ecosystem their new password system built into iOS 18 is apparently really good.

[–] [email protected] 24 points 3 months ago* (last edited 3 months ago) (4 children)

Go with something external, BitWarden or 1Password,

When it comes to security software, I usually recommend sticking to open-source solutions, which is why I'd recommend Bitwarden over 1Password. Their whole stack (backend, frontend, and native apps) is all open-source. A premium account is well worth the $10/year.

You can self-host their server, or self-host Vaultwarden which is an unofficial API-compatible reimplementation of the Bitwarden backend designed to be lighter weight. Note that Vaultwarden is unofficial and hasn't gone through the same security audits as Bitwarden has. It's a good piece of software though.

load more comments (4 replies)
[–] [email protected] 11 points 3 months ago (2 children)

I use Keepass. Free, secure, great.

load more comments (2 replies)
load more comments (6 replies)
[–] [email protected] 50 points 3 months ago (7 children)

Keepass has been working with no issues

load more comments (7 replies)
[–] [email protected] 44 points 3 months ago (20 children)

Recently started using Bitwarden and it works really well. You can even ditch authenticator because it has OTP built in too.

I selfhost it though because I trust nobody with this type of sensitive data, encrypted or not.

[–] [email protected] 38 points 3 months ago (13 children)

By storing your passwords and otp in the same place it becomes 1 factor authentification

[–] [email protected] 17 points 3 months ago (1 children)

Not really as you're still protected from password breaches, which is most likely to happen anyways, especially if you self host.

If you're actively being targeted for your bitwarden password, you likely have bigger problems

load more comments (1 replies)
load more comments (12 replies)
load more comments (19 replies)
[–] [email protected] 23 points 3 months ago (6 children)

Premium Bitwarden is so cheap and effective that I find it difficult to justify using an alternative.

load more comments (6 replies)
[–] [email protected] 23 points 3 months ago (16 children)

A friend has a notebook next to her computer with all her passwords in it. Initially I was horrified - what if you're burgled? - but actually it's genius. Much more secure than letting a browser remember them, and she doesn't even need to memorise a Bitwarden password.

[–] captain_aggravated 33 points 3 months ago

In a household it's probably not that bad. There aren't many people breaking into homes looking for account details.

I've had my identity stolen several times, and every single time it was stolen from a Fortune 500 company.

[–] [email protected] 16 points 3 months ago (7 children)

I just make all of my passwords password123 then I don't have to worry about memorizing them

load more comments (7 replies)
[–] [email protected] 13 points 3 months ago (2 children)

Just add the same memorized bit to the end. Something simple like "123" would work. Even if the book is stolen it won't do them any good.

[–] [email protected] 10 points 3 months ago (1 children)
[–] [email protected] 12 points 3 months ago
load more comments (1 replies)
load more comments (13 replies)
[–] [email protected] 22 points 3 months ago (1 children)
[–] [email protected] 16 points 3 months ago

feel like "aaand it's gone" would fit better here

[–] [email protected] 21 points 3 months ago

No password manager is 100% safe. Make back-ups.

[–] [email protected] 13 points 3 months ago

That's definitely a change from companies just leaving passwords around for anyone to find.

[–] [email protected] 11 points 3 months ago

Me when I don't use Chrome, I don't use Windows, and I don't use browser password saving either

load more comments
view more: next ›