What's your password manager?

Well that’s more or less what I would like to avoid. Besides, he already has a long list of other more immediate projects on the to-do list I graciously provided him with.

And I used the word IT guy very loosely referring to him. It was hard to convey sarcasm in my wording, I apologize. He’s an engineer with a hobby in computers. So in layman terms, how much new equipment and how complex would this project be typically? (AKA how long is it likely to take him and how much is this gonna cost me?)

rsync is just a file synchronization utility. There’s no extra cost – if you already have a “server” for Bitwarden self-hosting, you could use it for rsync. I’ve heard good things but never used it, so if I had to do something like this it’d just be a time investment to RTFM. It doesn’t solve the problem of exposing your home network to the outside world though, assuming you want to sync across internet and not just LAN. IMO OneDrive is a much simpler solution for file synchronization as it doesn’t expose your network and doesn’t require much time to set up.

1 Like

I was using lastpass. SInce the $ announcement I have changed to bitwarden. The export out of lastpass and the import into bitwarden was easy. Best off all free across all platforms.

Sorry @Shandril - I was being sarcastic too… :slight_smile:

I would NOT recommend doing a dedicated server & rsync for this. It would be much cheaper in time and likely money to use one of the ‘off the shelf’ solutions. Beyond Keepass, I don’t have any specific recommendations but scripta and others have posted a lot of good ones.

To further muddy the waters (sorry), I have been using rsync.net for a few years for backup. It works great. Their service is great and very versatile.

They recently sent an email about sync’ing data from various cloud providers using their service at no additional charge (ie no charge for transfers through their data center). It struck me that someone might leverage this to sync their password storage (whatever platform). More info can be found here if anyone is interested:

and

2 Likes

That would work but we’d have to forgo using form filling if I understand how it’d work. In addition, would that be more secure than having your password database hosted on the servers of a manager app? It’d still be in the cloud both ways, right?

On a related note, why do people take it personally when something of value they were getting for free is no longer free? I can understand getting upset if this is the first time your airline points have been devalued, or the first time your cable bill went up, or the first time a small free service you used got big and starting charging. But this sort of thing has been going on for over decade for most of us (there aren’t any 22 year olds on here, are there?). To me, it’s much better to have the attitude of: “I got a lot of value out of these guys for a while, I guess I can pay for it now if I think it’s worth it.” I also understand the attitude of, “Oh well, I guess its time to switch over to a vendor that offers the same thing for free.” But I don’t understand, “I’d hate to reward them for the switch,” when what they are doing clearly has value and you can’t really blame them for trying to make a buck (not to mention the fact that they are still offering a huge chunk of their service for free - just not the same as before).

3 Likes

I sort of like not having to care about any of this as an Apple user.

Google has it built in too. But so much stuff would already be exposed if my google account were breached that I wouldn’t (and I assume everyone here wouldn’t) want all of my financial institutions’ passwords stored with that account as well.

How does apple do it? If someone was able to hack your apple account, would they have access to all your passwords?

I think they’re only stored on the devices somehow. I’m not a computer professional, but it’s good enough for me, Especially considering there’s hardware two-factor on anything that involves lots of money or valuable data. Really important stuff doesn’t go in the stored keychain at all.

Obviously though the Apple system is only as secure as physical custody of the devices, but I imagine that’s true regardless of what system you’re using if you broke into the persons house.

I imagine life will be better once more sites allow Yubikeys.

What do you mean? PasswordSafe has a feature called AutoType that can type out the username, the tabs to switch to the password field, and the password into any application, which is usually a web browser. This is customizable (sometimes two or three tabs are needed to jump from the username field to the password field, for example). There’s also a Notes field in PasswordSafe that I think can be used to fill out long forms with many fields, like name, address, etc, but I’ve never used this.

I think perhaps the threads got crossed and you aren’t seeing the big picture, so let me draw it again – the idea is to use a local application like PasswordSafe that does not provide “cloud” or syncing capability, then use another application like OneDrive to sync the PasswordSafe database file across multiple internet-connected devices.

“The cloud” just means internet. Yes it’ll be somewhere on the internet. But it’s one thing when it’s hosted on “I’m a password manager, come and get me!” service, and another when it’s hosted by an unrelated file storage service. When someone hacks LastPass, they might get access to your entire password storage. When (if) someone gets into your OneDrive account and downloads all your files, one of those files is an encrypted database that is not identified as such by its filename, only by it’s contents (they’d have to examine the first few bytes of the file to determine that it’s a PasswordSafe database). Then they’d have to try to open it, and if your database password is not the same as your OneDrive password, for example, it would be quite expensive and time-consuming to crack it (i.e., impractical).

1 Like

I think you’re confusing different things. Are you allowing your browser to save your logins? You can do that on Windows and Linux too. But you can’t share passwords. And your browser could get hacked, so that the security provided by the operating system is skipped entirely – they can just extract it from the browser, after the browser gets it from the keychain.

I do not let my browsers remember anything, so I need another application to store my logins securely.

Just part of human psychology. We get used to things and we don’t like it when prices go up, be it from $0 to $5 or from $20 to $25. Your positive attitude is probably better for your health since you don’t see this as a conflict. It’s also good for the businesses, as it’s easier to profit from you than from other people who aren’t as chill about it.

1 Like

My dislike of them going for a quick money grab is based on them being purchased by private equity firm and within 3 months, without changing any features or making any improvement just starting charging for something they had offered for free for years. Often companies do this when they’re introducing some kind of upgrade to their product telling customers that it’s now improved so much that the added value is worth paying for it. But this change adds 0 functionality to their previously-free product. They just killed some essential features from the free version in order to make the premium version the only usable one.

Don’t get me wrong, I think it’s totally fair for them to make that move but on the flip side, I also don’t owe them any loyalty (just like they don’t owe me a free product). So part of my inquiry is based on wanting to re-evaluate their new value proposition compared to other free or paid products.

Ah that makes much more sense. I thought you were hinting at using a local database file (before managers way way back I was using an encrypted excel file so I pictured something like that where I’d have to copy/paste username and passwords). But the way you describe it makes total sense now. Thanks. I’ll definitely look into that now. Any reason to use OneDrive vs say dropbox or the like?

I would probably trust Microsoft over dropbox. I am pretty sure dropbox was hacked a few years ago. Of course, all of these services could get hacked one day…

1 Like

Dropbox has had lots of security issues, don’t know if they’re all fixed. OneDrive should be pretty solid. There’s also Google Drive and lots of others.

1 Like