Follow

i will never not be paranoid about password managers. storing all of your passwords in one place just screams compromisable to me

this is probably an irrational fear of mine, but i can never get it out of my head

Show thread
@CyclopsCaveman i have my password database setup so it takes 30 seconds to decrypt due to the extra encryption BS. on a 4ghz multicore machine. Takes ages to open on other devices as a result, but

also means that if the db file gets leaked somehow, it's gonna take whoever is trying to break in a feckin longass time to get in

@urusan this actually seems pretty cool, since it doesn't store any of the passwords in a database. the only way to compromise it would he to get the master password, which in this case looks like it can be anything? and would be much easier to keep secure than one for an online password manager

@CyclopsCaveman Yup, that's correct.

There's actually 2 keys: your master password and the name you use for the service.

You'll want a consistent naming scheme so you remember how to get your passwords, but the names can also serve as an extra layer of security.

Really, technically, all the options in lesspass are separate keys, though presumably you'd want to also keep your options consistent so you don't forget them.

@CyclopsCaveman you gotta secure that one place appropriately, but it also means you can trivially have different passwords for each account, which ends up much safer?

@CyclopsCaveman the counterpoint to this being that it is easier to secure one building than to secure two or three or eleven. (your fear is not irrational, it is a high value target.)

@CyclopsCaveman I get what you mean, I keep accounts that contain important stuff or that I've put a lot of money into (master email, steam etc) jotted locally.

I then use the password generator in bitwarden to generated the best password possible using all the options, write that down on paper and make it store all of my accounts that don't hold much value (twitter etc) then make duplicates of that bit of paper with all my master passwords on and keep one on me and keep the others elsewhere.

@CyclopsCaveman forever afraid that one day I'll succumb the hubris of being Tech Savvy and then forget my master password

@CyclopsCaveman cloud password managers sketch me out but if someone's got access to my physical hardware already, they're fully welcome to crack open my keepass databass. fuck it

Sign in to participate in the conversation
Cyrene Savage's Post Hole

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!