Chris's Wiki :: blog/tech/MasterPasswordsWhyNot Commentshttps://utcc.utoronto.ca/~cks/space/blog/tech/MasterPasswordsWhyNot?atomcommentsDWiki2018-09-25T14:07:46ZRecent comments in Chris's Wiki :: blog/tech/MasterPasswordsWhyNot.By tt on /blog/tech/MasterPasswordsWhyNottag:CSpace:blog/tech/MasterPasswordsWhyNot:00c78bf58636903b59957c03c4fc023d51a69b58tt<div class="wikitext"><p>Till some time back I have found <a href="https://getvau.lt/">https://getvau.lt/</a> to be a decent password generator. It is browser based (but has no 3rd party js, nor makes any network calls to the server) and creates a password when user provides a passphrase and a service name. There's also an npm package for the same.</p>
<p>These days I am trying to move some things over to keypassxc since it provides me with a local (and more importantly encrypted) database for my passwords. </p>
<p>Coming to browsers, I am a FF user but one thing that tricked me with FF password manager is the fact that even if I set a master password on my machine, I'm able to sync the passwords on a different machine without the master password. Ideally, both the passwords and the master password should be synced and I shouldn't be able to access the passwords on another machine without my master password. Due to the same reason I'm gradually moving my passwords to keypassxc. It's a bit cumbersome but if one wants a bit of privacy these days then cumbersome is your friend.</p>
</div>2018-09-25T14:07:46ZBy Bill on /blog/tech/MasterPasswordsWhyNottag:CSpace:blog/tech/MasterPasswordsWhyNot:5148f71651af294523676fa9f94ab0dd6931a9d9Bill<div class="wikitext"><p>Does your skepticism extend to password-management tools in general? If so, then what do you store passwords in? I share your distrust of browser-based password management, since browsers are huge, complicated, difficult-to-secure things that get exposed to untrusted input all day long, and of "cloud" services in general, since outfits like LastPass and 1Password are both a.) high-value targets, and b.) could go away, like other as-a-service things have. I'm a lot more willing to trust something like KeePass that's just a local application that keeps a local password database. It's a much smaller program than a browser (and should thus be easier to make secure), and the password database is just an encrypted file that I can back up or move around myself. I've found the copy-and-pasting to be a pretty minor inconvenience well worth putting up with, especially considering there's no way I could remember more than a few strong, unique passwords without some kind of manager. </p>
<p>KeePass having cross-platform implementations helped. I suppose if I were Unixy to the core I could use pass, but I'm not that dedicated.</p>
</div>2018-09-25T09:08:32Z