What do people think of password managers?
Frankly I'm not sure what to think of them. I could manage my families passwords non-digitally but it would be helpful to have one.
#asknostr #infosec
Discussion
I use keepassxc in a dedicated vm with no internet access. I have ~1000 entries between my wife, my kid, and me. Don't see how it's manageable any other way.
I second the recommendation of keepassxc. Really great tool. Open source and you run it on your own computer.
I use a locally hosted vaultwarden. Passwords only sync on the local network.
My thought behind this is you're generally not making a bunch of accounts when you're on the go. You're only trying to log in to what you already have. So if you're at home, dicking around, making new accounts, those will sync up with all of your other devices while you're home. Then when you leave, you don't have to worry about having a publicly exposed passport manager.
KeePass user since... Hmmm... 2007? 2008?
Something on these lines! xD
I just use a really good password and keep my file on my (encrypted) hardrive on my desktop/notebook/cellphone with some (encrypted) backups.
Then... I sort of make fun with everyone from my family that doesn't use it! 😂
The more valuable function of a password manager, is the random password generator. Password created by humans are often insufficiently random, and vulnerable to automated attacks. Particularly if there's a data leak, because then there's no rate limit on failed attempts.