@stux

Not far enough to have anything useful. Was going to use SSO from github, gitlab, google, and LDAP to unify the services here. But was too much of an undertaking for the time i had.

@se7en

@freemo Users would always need to setup a password right? Email can fetched but after that, password and confirm?
@se7en

@stux

depends entierly on how you configure it. Its not uncommon to rely on the external service to authenticate without needing a local password of any kind. Though that isnt necessarily the setup I'd recommend if you went with a SSO solution.

@se7en

@freemo That way you always rely on that service right? Perhaps this would be a lot easier in Pleroma
@se7en

@stux

If a user doesnt setup their own password then yes, you'd always be relying on the external service. which also means that external service has some degree of power over your users.

Again this is why I said I wouldn't necceseraly suggest that configuration.

@se7en

@freemo @stux Just use pass and other offline password managers. Why use a botnet?

@se7en @freemo @stux I've been using Bitwarden and have found it handy. It's a browser extension with an associated website. It also generates strong passwords and stores payment card information - all encrypted of course.

@Creepella @freemo @stux

>I use a browser extention

You've already proved yourself in the wrong mindest

@se7en @freemo @stux ok... then what do you recommend?

@Creepella @freemo @stux I already recommended pass. There's also simply making a diceware password and writing it down, but having all your passwords in a notebook is scary.

@se7en @freemo @stux I will take a look at pass, and do some research to find out why a browser extension that stores password info in encrypted format is not secure.

@se7en @freemo @stux Unfortunately pass would not be suitable for me. First, I'm running Windows. Second, I haven't touched Unix in years and have pretty much forgotten it = huge learning curve. I'd rather not balls up my entire password list by accident. Third, there appears to be no way to import password data from Bitwarden which exports to a json file.

Bitwarden does have a desktop app which I could use instead of the browser version. By the way it's open source and they use end-to-end AES-256 bit encryption, salted hashing, and PBKDF2 SHA-256. Data is encrypted before it reaches their cloud. You don't have to use their cloud, you can use Docker to host its infrastructure stack locally. Since my new PC has a huge hard drive I could probably do this.

@Creepella @freemo @stux If you're using Windows 10, any encryption you use is pointless

@se7en @freemo @stux Yes I know, we pay for it with Microsoft's intrusive "updates", bloatware and spying.

@se7en @freemo @stux I will have to look into Linux again. I tried a couple of variants a few years ago but I couldn't use my graphics tablet, no compatible drivers in Linux. I'll also have to check to see if reimaging it would void my warranty.

@se7en

Mostly to give each user the power for themselves to use whatever they want IMO

@stux