#Keepassxc opens very slowly
Explore tagged Tumblr posts
Note
can you actually talk about bitwarden / password managers, or direct me to a post about them? Idk my (completely uneducated) instinct says that trusting one application with all your passwords is about as bad as having the same password for everything, but clearly that isn’t the case.
So it is true that online password managers present a big juicy target, and if you have very stringent security requirements you'd be better off with an offline password manager that is not exposed to attack.
However, for most people the alternative is "reusing the same password/closely related password patterns for everything", the risk that one random site gets compromised is much higher than the risk that a highly security focussed password provider gets compromised.
Which is not to say it can't happen, LastPass gets hacked alarmingly often, but most online password managers do their due diligence. I am more willing to stash my passwords with 1Password or Bitwarden or Dashlane than I am to go through the rigamarole of self-managing an array of unique passwords across multiple devices.
Bitwarden and other password managers try to store only an encrypted copy of your password vault, and they take steps to ensure you never ever send them your decryption key. When you want a password, you ask them for your vault, you decrypt it with your key, and now you have a local decrypted copy without ever sending your key to anyone. If you make changes, you make them locally and send back an encrypted updated vault.
As a result, someone who hacks Bitwarden should in the absolute worst case get a pile of encrypted vaults, but without each individuals' decryption key those vaults are useless. They'd still have to go around decrypting each vault one by one. Combining a good encryption algorithm, robust salting, and a decent key, you can easily get a vault to "taking the full lifetime of the universe" levels on security against modern cryptographic attacks.
Now there can be issues with this. Auto-fill can be attacked if you go onto a malicious website, poorly coded managers can leak information or accidentally include logging of passwords when they shouldn't, and obviously you don't know that 1Password isn't backdoored by the CIA/Mossad/Vatican. If these are concerns then you shouldn't trust online password managers, and you should use something where you remain in control of your vault and only ever manually handle your password.
Bitwarden is open source and fairly regularly audited, so you can be somewhat assured that they're not compromised. If you are worried about that, you can use something like KeePassXC/GNU Pass/Himitsu/ (which all hand you the vault file and it's your job to keep track of it and keep it safe) or use clever cryptographic methods (like instead of storing a password you use a secret key to encrypt and hash a reproducible code and use that as your password, e.g. my netflix password could be hash(crypt("netflixkalium", MySecretKey)), I know a few people who use that method.
Now with any luck because Apple is pushing for passkeys (which is just a nice name for a family of cryptographic verification systems that includes FIDO2/Webauthn) we can slowly move away from the nightmare that is passwords altogether with some kind of user friendly public key based verification, but it'll be a few years before that takes off. Seriously the real issue with a password is that with normal implementations every time you want to use it you have to send your ultra secret password over the internet to the verifying party.
239 notes
·
View notes
Text
Keepassxc opens very slowly
#Keepassxc opens very slowly pdf#
#Keepassxc opens very slowly portable#
#Keepassxc opens very slowly password#
I'm going to look through them and see what seems best for my use case, and start switching to it.
#Keepassxc opens very slowly password#
Luckily now there's a whole heap of these services from vendor specific solutions like Firefox Sync (which has questionable security regarding encryption) to general password managers like 1Password, LastPass, Bitwarden and Dashlane. Giving all my passwords to someone else makes me a bit nervous but I have to rely on the commercial reputation they would lose in a breach to give my confidence that my secrets are relatively secure (for my use case). So I'm giving up control of open source to find a managed service to handle this for me. Manually syncing is difficult and error prone, and I have to fall back to typing in passwords from my mobile app which is painfully slow. I was using Syncthing to sync the Keepass database between devices, but it seems like Syncthing is unexpectedly opening Tor connections (without being configured to do so) which makes me really suspicious and makes it a no go to use in work devices. I was using the Kee Firefox Addon to automatically fill passwords, but in a recent version it's stopped supporting KeePass and become it's own management system that I don't trust or want to use.Īutomatic filling is both convenient, but it's also important for security it prevents you copy pasting into a forged website if you don't carefully check the domain (which can happen with email phishing attacks). However it doesn't have a native way to automatically fill passwords into pages or sync across devices, so I am looking for an alternative. It's open source, been audited to be relatively secure, and everything is stored in a local file which makes it easy to backup and you know who has control.
#Keepassxc opens very slowly pdf#
The reader supports PDF but also EPUB, MOBI, CHM, XPS, DjVU, CBZ, CBR, CB7 and CBT.
#Keepassxc opens very slowly portable#
I've been using KeePass and it's derivatives (such as KeePassDroid and KeePassXC) for years. Here is a quick overview of the core features that Sumatra supports now (based on Sumatra 3.0): Sumatra is available as a portable version that you can run from any location. However for the rest of us a password manager is likely worth the cost since it's so convenient you're likely to actually use it. However it's really hard to remember lots of strong passwords.Ī password manager does exactly that generate and store strong passwords for lots of sites.Ī password manager is also a huge target if you can infiltrate it you can access all their passwords.įor someone who is a very likely target for sophisticated hackers a password manager is a bad idea - it's a liability, and they should take the effort to do something like diceware. Their email and password is revealed in some online breach of a website, and then these credentials can be used on other websites. One of the most frequent ways people get their accounts hacked is by password reuse. A password manager is one of the best ways for the majority of people to keep their logins secure.Īfter using KeePass and its derivatives for years, the Kee Firefox Addon dropped support for Keepass and it's now less convenient to use.Īfter looking at the alternatives I'm going to switch to an online alternative.
0 notes