this post was submitted on 24 Dec 2024
95 points (98.0% liked)
Asklemmy
44160 readers
1539 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy ๐
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Just use a password manager, FFS it makes all of your online interactions safer.
Once setup, it is easier than not using one.
Which app would you recommend/suggest?
Have used LastPass before it was shit, self hosted bitwarden and KeePass synced with nextcloud (whatever cloud service works). I ended up using KeePass with nextcloud and set KeePass to automatically save changes. Use it on Android with KeePassDX that also includes auto fill across apps. KeePass doesn't require much setup whereas you need to setup server with bitwarden. Also had some weird sync errors with bitwarden. Having said that, bitwarden is a great piece of software.
Doesn't hosting your password database in the cloud make it vulnerable to cracking? If it transmits across a network, then an ISP (at the very least; this assumes no malicious actors) will have seen it, and you can no longer be certain no one else has access to it.
Yes it does but it's a chance that I'm willing to take as I find it extremely u likely to happen. And if it happens all my important logins requires 2FA/TOTP anyway. I put my trust in encryption. You can use syncting to keep it all local if you want to avoid transmission over the web.
https://bitwarden.com/help/what-encryption-is-used/
I don't know about other password managers, but Bitwarden handles your password pretty well. Of course, if someone has access to your local machine, then it'd fail, but at that point everything is compromised.
KeePass is open source and is easy to sync via whatever service you use, Google Drive, Dropbox, OneDrive or something.
Bitwarden is the best in my opinion
I'm seconding Bitwarden. I'll also say that whilst self-hosting (if one can do it securely) may be more secure than using a service, security is always going to be a sliding scale trade off of convenience and security.
I recommend Bitwarden to everyone, but I'm sure there are options that are probably equally good. But most people could probably benefit from a password manager because we have so many different services demanding we make accounts that I reckon it's next to impossible for any reasonable person to avoid reusing passwords across services (that's one of the biggest security risks that hit regular people).
Start up tips: make sure your master password is strong and memorable. I found Bitwarden's password generator for this. A passphrase tends to be more memorable than an equally long password โ a good master pass phrase would have at least four words (four is sufficient for most people). Write this down in a physical place, as a backup, ideally not your wallet. it doesn't necessarily need to be locked away, just make sure you'll know where to find it if you forget it (I forgot mine a bunch at first and had to reference my backup a few times).
Password managers and security in general can feel overwhelming because of the instinct to do things properly, which might include things like self hosting a password manager, or only avoiding biometric sign-in on the phone app version rtc. However, the best password manager is one that you use, and if bits of convenience like this help, then it's a good trade off.
It reminds me of the joke about two people who see an angry Grizzly bear in the forest, which starts charging at them. One of the people starts running away, and the other shouts "Where are you going, you'll never outrun the bear". The running person replies "I don't need to outrun the bear, I just need to outrun you". That's a bad paraphrase, but the sentiment is that using a password manager at all puts you way ahead of many people, in terms of security. Obviously, you'd feel more secure if you knew you could outrun the bear, but if we spent too long being anxious about our ability to do that, we definitely will get eaten. (Apologies for such a long comment. I always do this when I'm procrastinating going to bed. I hope you have a nice Christmas, if you're celebrating that wherever you are.)
I use keepass XC, and keep it up to date on all my devices using syncthing.
I have considered bitwarden with self hosting, but keepass had always worked well.