undefined | Better HN

0 pointssmegger0013y ago0 comments

>It’s fine to store your passwords online for convenience, but as a user, it’s important to accept that it’s no longer your private password and will, at some point, leak.

ehh. I store my passwords online but its on a file I encrypted offline with strong password (over 20+ characters) and key. I use keepass which is a locally encrypted and stored password manger, and I store the DB on Dropbox and download it to any of my computers/devices were it is decrypted locally when needed. I don't trust password wallet services ass they all seem to want to do the enryption server side with a reset-able password which really means they have the master password not you, but my set up seems secure enough to me.

0 comments

konha3y ago

> I don't trust password wallet services ass they all seem to want to do the enryption server side with a reset-able password which really means they have the master password not you

None of the popular password managers work this way.

milkshakes3y ago

1password for teams works exactly this way

so does the family pack

konha3y ago

So you’re saying 1Password for families / teams differs significantly from their zero knowledge architecture?

Have a look at [0] - recovery works without 1Password having the master password.

[0] https://1passwordstatic.com/files/security/1password-white-p...

1 more reply

129078352023y ago

How does this work with mobile chrome/Firefox etc. Does it sync?

xnickb3y ago

I have a similar setup, except I use Syncthing. Works fine with Keepass2Android/KeepassXC on both Windows and Linux machines. Occasionally I might need to do some manual steps (a week ago windows stopped running Syncthing and that caused some conflicts down the road), but most of the time it just works.

If you have specific questions, feel free to ask.

smegger001OP3y ago

there is a keepass compatable app on fdroid i use, and it can sync just by syncing the db over dropbox

j / k navigate · click thread line to collapse

0 pointssmegger0013y ago0 comments

>It’s fine to store your passwords online for convenience, but as a user, it’s important to accept that it’s no longer your private password and will, at some point, leak.

0 comments

konha3y ago

> I don't trust password wallet services ass they all seem to want to do the enryption server side with a reset-able password which really means they have the master password not you

None of the popular password managers work this way.

milkshakes3y ago

1password for teams works exactly this way

so does the family pack

konha3y ago

So you’re saying 1Password for families / teams differs significantly from their zero knowledge architecture?

Have a look at [0] - recovery works without 1Password having the master password.

[0] https://1passwordstatic.com/files/security/1password-white-p...

1 more reply

129078352023y ago

How does this work with mobile chrome/Firefox etc. Does it sync?

xnickb3y ago

If you have specific questions, feel free to ask.

smegger001OP3y ago

there is a keepass compatable app on fdroid i use, and it can sync just by syncing the db over dropbox

j / k navigate · click thread line to collapse