Hello !
Currently looking for a password manager I had heard of Keepass, Lastpass and the sort, but found Password Safe and "made by Schneier" caught my attention, any feedbacks on it ? On password managers in general ?
@dustofgoat I'd stay the hell away from LastPass (their security posture is terrible). 1Password gets recommended a lot, but it's closed-source, which makes me leery.
Personally, I just use Firefox's built-in password manager. I like the idea of using one that *isn't* connected to the browser, though, at least for more sensitive passwords. But at that point I might as well just use Emacs' GPG integration and keep it in a file. :-P
@varx @dustofgoat 1Password (the non-cloud version) gets 👍👍 from me
@dustofgoat @jerry @bugshiv And not just cloud, but buggy, vulnerable cloud: https://www.brainonfire.net/blog/2015/12/17/lastpass-dubious-local-only/
That was almost 2.5 years ago, and they still haven't fixed their #Content-Security-Policy header to mitigate XSS -.-
@dustofgoat @varx @jerry you can use syncthing to avoid having to carry the file around.
@varx @dustofgoat @jerry using a hosted solution for password storage is never a good idea - you can't audit it and their DB can always be found leaked/stolen.
with KeepassXC you can audit the code and you're the one in control of the DB file.