• delirious_owl@discuss.online
          link
          fedilink
          arrow-up
          11
          arrow-down
          1
          ·
          edit-2
          9 months ago

          because not all encryption is created equal.

          Also password managers should lock after some seconds. You wouldn’t want your note taking app to lock as frequently as your password manager.

          The key to opsec is compartmentalizing.

          • Natanael@slrpnk.net
            link
            fedilink
            arrow-up
            5
            ·
            9 months ago

            This. Good password managers are careful with securely handling stuff like data caching, etc

            • Gooey0210
              link
              fedilink
              arrow-up
              1
              arrow-down
              1
              ·
              9 months ago

              Good password managers, but what if not every single person wants to use “good password managers”

              I agree it’s not perfect, but at the same time it’s better than using some third party service, or using plaintext, or using the same password everywhere

              If somebody wants to use some gocryptfs or veracrypt for storing passwords, why not, it’s not the best, but still pretty nice

              • Natanael@slrpnk.net
                link
                fedilink
                arrow-up
                1
                ·
                9 months ago

                Good password managers can even check the current open browser tab domain and autofill securely. Your random note taking app won’t detect a phishing site.

                • Gooey0210
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  9 months ago

                  On desktop it’s the matter of extensions, so following your idea keepass or pass won’t make a good password manager without a third party browser addon

          • Gooey0210
            link
            fedilink
            arrow-up
            1
            arrow-down
            2
            ·
            9 months ago

            because not all encryption is created equal.

            XChaCha20-Poly1305 is used by a lot of stuff, pretty solid thing

            Also password managers should lock after some seconds. You wouldn’t want your note taking app to lock as frequently as your password manager.

            I would love my notes to lock in some time

            The key to opsec is compartmentalizing.

            It’s more true for privacy and anonymity, but security doesn’t really care about compartmentalizing your everyday notes from your everyday passwords.

            And in general, some people might need some lighter approach for storing passwords, unless it’s some google keep, or some other plaintext, I think it should be fine

            • chebra@mstdn.io
              link
              fedilink
              arrow-up
              1
              ·
              9 months ago

              @Gooey0210

              That’s like if someone wants a lighter approach to treating their broken leg, so they ignore the doctors. The doctors don’t need your leg, they have their own. You need the doctor’s expertise regarding how broken legs work. But feel free to find out for yourself.

            • tengkuizdihar@programming.devOP
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              9 months ago

              Just for disclaimer, @[email protected] isnt me. I agree, even though the encryption used in treedome is pretty solid (imo), my note taking app is definitely not recommended for keeping your password. Use a dedicated password manager, open source one ofc. I think the lock time idea is good.

              But I did put my password there, for when I can’t access my other password manager. Backup of a backup of a backup.