Random reminder to use a password manager if you aren't already! It'll help you stay safe online by using long, unique passwords for each service you use.

While LastPass or 1Password are great choices, I prefer KeePassXC

Official site: keepassxc.org/

Official quick-start guide: keepassxc.org/quickstart/

My getting-started guide: sts10.github.io/2017/06/27/kee


@sproid yep, I've definitely been keeping an eye on them. I was kind of waiting for an audit to be completed, which may be soon? Do you use it?

Β· Web Β· 1 Β· 0 Β· 0

@schlink Yes. I moved from #keepass. I found the sharing feature really handy and it syncs without needing #dropbox or #GDrive, so I don't worry about 3rd party service for synchronization.

@sproid right-- easier syncing + easier access on mobile is a big pro for me.

But I think I'm hung-up on the (at least theoretical) loss of security by moving from offline (KeePass) to any online manager... (I know I technically could self-host bitwarden but it looks too intense for me)

@schlink Previously I was using Keepass plugins and that in itself made it less secure. The https, chromepass, 3rd party/community ports for Linux and for Android. See, the risks were increasing so I figure Bitwarden was more streamlined and all apps and browser extensions are from them. They don't have an audit yet but they have a bounty program on HackerOne.

@schlink I think that when a program is really secure like a password managers, the vulnerabilities and stealing/hacking happens at the service server side, or the browser, or the OS, or a virus in your system, or an extension/plugin/add-on. So IMO trying to make it all offline might as well not use the Internet at all.

@sproid fair.

fwiw I use KeePassXC and I purposefully do not use any browser extensions. Instead I use XC's AutoType feature most of the time, though the disadvantage there is that it would happily autofills credentials on halfway decent phishing pages.

I like your all-one-system-is-better theory though. Can you speak to bitwarden's support of Linux desktop?

@schlink mostly use the browser extension on Vivaldi browser but the desktop app is written using Electron and Angular and some have a problem with that.

Sign in to participate in the conversation

Octodon is a nice general purpose instance. more