• sugar_in_your_tea
    link
    fedilink
    arrow-up
    3
    ·
    11 months ago

    Another reminder to not put all your eggs in one basket. Maybe this will convince me to self-host my password manager.

    • ALERT
      link
      fedilink
      English
      arrow-up
      7
      ·
      11 months ago

      vaultwarden is perfect. go ahead and host it!

    • Tail
      link
      fedilink
      arrow-up
      4
      ·
      11 months ago

      Better yet keep it all offline

      • sugar_in_your_tea
        link
        fedilink
        arrow-up
        2
        ·
        11 months ago

        Nah, the UX of a browser extension is really nice, especially since it seamlessly syncs between my phone, work computer, personal laptop, and personal desktop.

        That said, I would never put cryptocurrency keys in the cloud, that stays offline. But bank accounts have insurance and most other important services have MFA, so just moving my passwords to a self-hosted server is good enough for me.

      • folkrav@lemmy.ca
        link
        fedilink
        arrow-up
        1
        ·
        11 months ago

        I’m not too sure that the relative additional security, considering most people’s threat models, really justifies this much inconvenience. YMMV I guess.

    • spaghettiwestern
      link
      fedilink
      arrow-up
      4
      ·
      11 months ago

      In 2015 when Lastpass was purchased by Logmein was what convinced me to move to Keepass and ultimately KeepassXC. Syncthing on Linux, Android and Windows, a complex password and separate key file provide multiple layers of security. It works reliably and provides easy access to login information on any device.

      • sugar_in_your_tea
        link
        fedilink
        arrow-up
        4
        ·
        11 months ago

        I’ll have to look at it again, but the last time I did, the inconvenience of it not being integrated with my browser kept me away. Bitwarden has been audited, is open source, and can be self hosted.

        • spaghettiwestern
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          11 months ago

          KeepassXC has a browser addon that works well for most sites, but I don’t think you can go wrong with Bitwarden either.

          • sugar_in_your_tea
            link
            fedilink
            arrow-up
            1
            ·
            11 months ago

            I’ll have to look into it again.

            Is there anything for Android autofill in apps? It’s not a deal breaker, just nice to have.

            • decisivelyhoodnoises
              link
              fedilink
              arrow-up
              3
              ·
              11 months ago

              Keepassxc has a keyboard which you can change to and it fills fields without typing (you need to type your master password though)

              • sugar_in_your_tea
                link
                fedilink
                arrow-up
                1
                ·
                11 months ago

                Does it stay unlocked for a while (say, an hour or so)? If so, that’s absolutely an option. I use a very long password, so having to do it every time would be extremely tedious.

            • spaghettiwestern
              link
              fedilink
              arrow-up
              2
              ·
              11 months ago

              There is, but I can’t tell you anything except that it exists. I use passwords so infrequently on Android that I’ve never bothered with it.