What's your favorite password manager? I'm looking for something that:
- Automatically syncs across Mac, Windows, Linux, and Android
- Does not use a font that makes I, l, 1, and | indistinguishable.
My current manager fails on both counts.
@freemo @peterdrake you didn’t say the actual name of the manager I think.
🇳🇱
@freemo @peterdrake Thank you. I will have a look at that.
Hit me up if you have any questions. I am pretty happy with it. It is the first solution that works the way I feel comfortable.
My issue with other solutions is either they had access and the ability to get to my data (like lastpass) or I didnt feel the backup options were good enough (either id have to backup traditionally or to a cloud... this uses git so i get all my revisions and history kept and my backup is still cloud hosted but encrypted and secure)
@peterdrake my new password is lI1IllII|1|1lI 😂 🤣
@peterdrake KeePass. And you can choose your password font yourself.
@MBoffin Thanks!
I'm pro-FOSS, but the claim on KeePass's website that "you can have a look at its full source code and check whether the security features are implemented correctly" is pollyannaish. Nobody can tell by inspection if a nontrivial program contains bugs or security holes. Certainly nobody has time to read the source code for all the software they use. Deep philosophical questions about trust follow from this.
@peterdrake Very true, on an individual level. However, the EU-FOSSA (European Commission's Free and Open Source Software Auditing) did take the time to read through all the source code and nothing major was found. Here's the report, if that helps: https://joinup.ec.europa.eu/sites/default/files/inline-files/DLV%20WP6%20-01-%20KeePass%20Code%20Review%20Results%20Report_published.pdf
@peterdrake the one between my ears ;)
@peterdrake I built https://buttercup.pw which ticks your boxes.
Currently planning a hosted and self hosted option, but it already supports Dropbox, Google Drive and WebDAV sync’ing.
@peterdrake My favorite manager does meet all your criteria... but i get a feeling it may not be what your after.. it runs on all platforms but is designed in a way a linux user would love most and a windows user might hate...
But its leaps and bounds above how the others do it IMO.
First off its free, and there is no cloud hosting. Instead it backs upyour DB using git.. so its always there, and free, and you have a complete history of changes.
That said it is complete secure even if your git repo is public. Thats because it uses GPG keys to encrypt and sign everything... This has sooo many cool advantages like
1) You can use hardware encryption to secure your keys (just as a yubikey or other pgp usb key)
2) Far more secure since only you can access it and it uses PGP to do the security side
3) You can share repositories of passwords with people so both of you can edit/add/use them by simply selecting encryption to both of your pgp keys instead of just one
4) if you use a hardware key you get all the security of a long secure master password, without needing a long secure master password... your hardware pgp key is the key so all you need is a 4 digit pin... since the pgp keys self destruct after 4 tries a 4 digit pin is as strong as the strongest of passwords.
5) Hardware encryption means they cant hack your passwords without phsyical access to your key.