cross-posted from: https://infosec.pub/post/42164102
Researchers demo weaknesses affecting some of the most popular options Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.…
Am I the only person here that never used one just because of this? They all sounded too sus to me.
You can use local ones like KeePassXC.
I have a degoogled phone with e/OS. I might try if they get a bit further into my use of their products and security. It sure would simplify methods.
I have a similar setup with LineageOS. I use KeePassXC on PC (KeePassDX on Android). I can sync them via Nextcloud with peace in mind because the database is already encrypted. Syncthing-fork also works if you want completely local.
I’m sure e/OS already has a password vault app in their list but if not KeePassXC is fully local out of the box and can be used with DX on Android.
It’s far secure than Firefox’s built-in password manager.
Keeping them in your head? So, your passwords must be shit, lmao.
Zero threat prioritisation.
See explanation below.
correct horse battery staple
What did you do instead?
I have a few that I just have off the wall for a few things and I memorize those. Some I just use ssh keys. Others go off a pattern and I put hints in a file to figure it out. The account itself is not even put in this file, so I have to just know what the hints mean for both the account and what password pattern hints go with them. Usually, the user IDs are something I store in this file, because those get too tough for the aforementioned methods of determinism.