[ SOLVED ] best password manager

Quick to answer questions about finding your way around Linux Mint as a new user.
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
OunceofCommonSense
Level 5
Level 5
Posts: 666
Joined: Mon Oct 01, 2012 3:52 pm

Re: [ SOLVED ] best password manager

Post by OunceofCommonSense »

If you really think using an online password manager that stores passwords non locally (in the cloud) is safe then give your head a shake and look at what just happened to Click Studios https://www.csis.dk/newsroom-blog-overv ... ply-chain/
MB: Gigabyte model: B650M AORUS ELITE AX Memory: Corsair Low Profile Vengeance 32.00 GB. CPU Ryzen7600x Platform: x86_64 Distribution: Linux Mint 21.2
newlyminted7
Level 5
Level 5
Posts: 563
Joined: Sat Jan 02, 2021 4:44 pm

Re: [ SOLVED ] best password manager

Post by newlyminted7 »

OunceofCommonSense wrote: Fri Apr 30, 2021 10:28 pm If you really think using an online password manager that stores passwords non locally (in the cloud) is safe then give your head a shake and look at what just happened to Click Studios https://www.csis.dk/newsroom-blog-overv ... ply-chain/
+1
More people need to understand this.
User avatar
Boca
Level 5
Level 5
Posts: 693
Joined: Sun Feb 15, 2015 5:02 am

Re: [ SOLVED ] best password manager

Post by Boca »

OunceofCommonSense wrote: Fri Apr 30, 2021 10:28 pm If you really think using an online password manager that stores passwords non locally (in the cloud) is safe then give your head a shake and look at what just happened to Click Studios https://www.csis.dk/newsroom-blog-overv ... ply-chain/
There are benefits to cloud storage ( eg access from multiple locations, emergency access by nearest and dearest) ) but, as you say, there are risks and down-sides to be aware of.

I do use a cloud-based password manager but, for any sensitive passwords, I also need to append a passphrase which is not stored anywhere.

So if the cloud storage is compromised there is still another security "layer" to be defeated ( as well as any 2FA in place)
User avatar
JoeFootball
Level 13
Level 13
Posts: 4674
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: [ SOLVED ] best password manager

Post by JoeFootball »

OunceofCommonSense wrote: If you really think using an online password manager that stores passwords non locally (in the cloud) is safe then give your head a shake and look at what just happened to Click Studios https://www.csis.dk/newsroom-blog-overv ... ply-chain/
Interesting indeed. And couldn't a similar "update" compromise a local-store application as well?
OunceofCommonSense
Level 5
Level 5
Posts: 666
Joined: Mon Oct 01, 2012 3:52 pm

Re: [ SOLVED ] best password manager

Post by OunceofCommonSense »

JoeFootball wrote: Sat May 01, 2021 10:23 am
OunceofCommonSense wrote: If you really think using an online password manager that stores passwords non locally (in the cloud) is safe then give your head a shake and look at what just happened to Click Studios https://www.csis.dk/newsroom-blog-overv ... ply-chain/
Interesting indeed. And couldn't a similar "update" compromise a local-store application as well?
Perhaps but my feeling is that targets seem to be big business oriented password managers where money can be extracted easily
MB: Gigabyte model: B650M AORUS ELITE AX Memory: Corsair Low Profile Vengeance 32.00 GB. CPU Ryzen7600x Platform: x86_64 Distribution: Linux Mint 21.2
JeffF73
Level 2
Level 2
Posts: 63
Joined: Sun May 27, 2012 2:47 pm

Re: [ SOLVED ] best password manager

Post by JeffF73 »

I just recently exported my Lastpass information to a CVS file and then open it in LibreOffice. Converted it to a OSD file to open with Calc. It opens as a spreadsheet. I can modify it as I need. Compress it with a password/encryption. I can now open it in the archive and edit it within Calc. Then save it right back inside the zip file without the need to extract to my drive. Save it to an external HD that isn't connected to my PC at all times which gives it that extra layer of protection. Also changed the name of the files to be hidden files example: .Passwords.7z and .Passwords.OSD
User avatar
Boca
Level 5
Level 5
Posts: 693
Joined: Sun Feb 15, 2015 5:02 am

Re: [ SOLVED ] best password manager

Post by Boca »

JeffF73 wrote: Sat May 01, 2021 3:26 pm I just recently exported my Lastpass information to a CVS file and then open it in LibreOffice. Converted it to a OSD file to open with Calc. It opens as a spreadsheet. I can modify it as I need. Compress it with a password/encryption. I can now open it in the archive and edit it within Calc. Then save it right back inside the zip file without the need to extract to my drive. Save it to an external HD that isn't connected to my PC at all times which gives it that extra layer of protection. Also changed the name of the files to be hidden files example: .Passwords.7z and .Passwords.OSD
I like this!! ( although it doesn't meet my personal needs ( eg remote/emergency access)).

as an additional layer, instead of .Passwords.7z, I believe you could call it .elephant.abc and associate .abc to P7ZIP
ThaCrip
Level 5
Level 5
Posts: 989
Joined: Sat Dec 07, 2019 12:13 pm

Re: [ SOLVED ] best password manager

Post by ThaCrip »

JeffF73 wrote: Sat May 01, 2021 3:26 pm I just recently exported my Lastpass information to a CVS file and then open it in LibreOffice. Converted it to a OSD file to open with Calc. It opens as a spreadsheet. I can modify it as I need. Compress it with a password/encryption. I can now open it in the archive and edit it within Calc. Then save it right back inside the zip file without the need to extract to my drive. Save it to an external HD that isn't connected to my PC at all times which gives it that extra layer of protection. Also changed the name of the files to be hidden files example: .Passwords.7z and .Passwords.OSD
Unless I am misunderstanding you, I don't see how this would be of any benefit over using your password manager like usual and just have a backup copy of the password managers database file stored on say a external hard drive since both are already encrypted.
MainPC: i5-3550 (undervolted by -0.120v (CPU runs 12c cooler) /w stock i3-2120 hs/fan) | 1050 Ti 4GB | 16GB (2x 8GB) DDR3 1600Mhz RAM | Backups: AMD E-300 CPU (8GB RAM) / Athlon X2 3600+ CPU (@2.3GHz@1.35v) (4GB RAM) | All /w Mint 21.x-Xfce
User avatar
Boca
Level 5
Level 5
Posts: 693
Joined: Sun Feb 15, 2015 5:02 am

Re: [ SOLVED ] best password manager

Post by Boca »

ThaCrip wrote: Mon May 03, 2021 2:18 am
JeffF73 wrote: Sat May 01, 2021 3:26 pm I just recently exported my Lastpass information to a CVS file and then open it in LibreOffice. Converted it to a OSD file to open with Calc. It opens as a spreadsheet. I can modify it as I need. Compress it with a password/encryption. I can now open it in the archive and edit it within Calc. Then save it right back inside the zip file without the need to extract to my drive. Save it to an external HD that isn't connected to my PC at all times which gives it that extra layer of protection. Also changed the name of the files to be hidden files example: .Passwords.7z and .Passwords.OSD
Unless I am misunderstanding you, I don't see how this would be of any benefit over using your password manager like usual and just have a backup copy of the password managers database file stored on say a external hard drive since both are already encrypted.
I think JeffF73 is proposing this as a non-cloud alternate (?)
JeffF73
Level 2
Level 2
Posts: 63
Joined: Sun May 27, 2012 2:47 pm

Re: [ SOLVED ] best password manager

Post by JeffF73 »

Boca wrote: Mon May 03, 2021 2:48 am
ThaCrip wrote: Mon May 03, 2021 2:18 am
JeffF73 wrote: Sat May 01, 2021 3:26 pm I just recently exported my Lastpass information to a CVS file and then open it in LibreOffice. Converted it to a OSD file to open with Calc. It opens as a spreadsheet. I can modify it as I need. Compress it with a password/encryption. I can now open it in the archive and edit it within Calc. Then save it right back inside the zip file without the need to extract to my drive. Save it to an external HD that isn't connected to my PC at all times which gives it that extra layer of protection. Also changed the name of the files to be hidden files example: .Passwords.7z and .Passwords.OSD
Unless I am misunderstanding you, I don't see how this would be of any benefit over using your password manager like usual and just have a backup copy of the password managers database file stored on say a external hard drive since both are already encrypted.
I think JeffF73 is proposing this as a non-cloud alternate (?)
Yes exactly. Thank you. The only best password manager is under ones own security IMO. I have learned the hard way myself that nothing is safe online in someone else's hands. IMO it's best to store your personal information under your own lock. It may not be convenient for all.
ThaCrip
Level 5
Level 5
Posts: 989
Joined: Sat Dec 07, 2019 12:13 pm

Re: [ SOLVED ] best password manager

Post by ThaCrip »

JeffF73 wrote: Mon May 03, 2021 4:12 am Yes exactly. Thank you. The only best password manager is under ones own security IMO. I have learned the hard way myself that nothing is safe online in someone else's hands. IMO it's best to store your personal information under your own lock. It may not be convenient for all.
Then what I initially thought is true then. hence, no point in doing what your doing (at least with the password manager I use since it does not store anything online).

because my password manager (i.e. https://sourceforge.net/projects/passwo ... les/Linux/ ; currently v1.13.0 is newest for Mint) does not store anything online as it's entirely offline/locally stored on ones hard drive. so you just have your password database, which is already encrypted (with Twofish), that you use in general and then simply make a backup copy(or copies) in case your computer crashes it will be easy to restore from USB stick or hard drive to another computer.

p.s. I definitely agree with you about avoiding storing of ones passwords online as it seems like a unnecessary risk vs locally stored passwords. but it seems some people want TOO much convenience nowadays and sacrifice security to do so. but it's easy enough to backup the locally stored database file as with my password manager the database file is stored at... "/home/USER/.pwsafe".
MainPC: i5-3550 (undervolted by -0.120v (CPU runs 12c cooler) /w stock i3-2120 hs/fan) | 1050 Ti 4GB | 16GB (2x 8GB) DDR3 1600Mhz RAM | Backups: AMD E-300 CPU (8GB RAM) / Athlon X2 3600+ CPU (@2.3GHz@1.35v) (4GB RAM) | All /w Mint 21.x-Xfce
newlyminted7
Level 5
Level 5
Posts: 563
Joined: Sat Jan 02, 2021 4:44 pm

Re: [ SOLVED ] best password manager

Post by newlyminted7 »

ThaCrip wrote: Mon May 03, 2021 5:40 ambut it seems some people want TOO much convenience nowadays and sacrifice security to do so.
This is a big problem with computers (and people!), unfortunately. Do people have to wait until their favorite online cloud-based "secure" password service gets hacked or unscrupulously "shares" data with another company or gets aquired by some questionable company, etc? And don't forget that the hacks we hear about are only the "failed" hacks, as they say...

But I like Jeff's approach, which highlights the importance of doing it all yourself if you can; controlling each piece yourself instead of relying on a programmer. Not suggesting there's anything necessarily wrong with the programmer (but there could be), but the question is who do you trust with your data? It's also a good way to learn about computer security (which is a good thing to learn about, in my opinion).
ThaCrip
Level 5
Level 5
Posts: 989
Joined: Sat Dec 07, 2019 12:13 pm

Re: [ SOLVED ] best password manager

Post by ThaCrip »

newlyminted7 wrote: Mon May 03, 2021 2:43 pm But I like Jeff's approach, which highlights the importance of doing it all yourself if you can; controlling each piece yourself instead of relying on a programmer. Not suggesting there's anything necessarily wrong with the programmer (but there could be), but the question is who do you trust with your data?
With this mindset it assumes that the general encryption/security of the password manager one is using is flawed etc. but even here, one is still trusting some other software's encryption (i.e. 7-zip (or the like)). so basically... your just trading one type of encryption for another which is no real benefit since it just makes more work with no real improvement to ones security. plus, chances are someone whos making that password manager software (assuming it's offline storage only) will have a better overall method for this stuff than the average person coming up with their own stuff will.

so in the end... it's just overall better just to stick with ones password manager (assuming it's offline password storage only, as like I said I avoid the ones that store it online) paired with a secure master password.

besides, the password manager I use is probably better than most given it's "Designed by renowned security technologist Bruce Schneier". sure, I realize he does not currently maintain it though and has not for years but I think the guy who does maintain it knows Bruce S. but in the end whether you see this as a good thing or not, just about everyone has to trust someone on some level. so it's pretty much about finding a balance of security/easy-of-use. but I must be okay so far as I have been using Password Safe since about 2005-2007 and never had a real issue with it. even the Linux version I have been using since Jan 2019 basically which is when I switched over to Mint and just transferred the database file from the Windows version to Linux as the database file is interchangeable. even for those who don't trust using software outside of the Mint repositories can just search for 'passwordsafe' in the 'Software Manager' (or even simpler just do "sudo apt install passwordsafe") as their version is a bit older than the current one but it's still recent enough.

on a side note... while the following will be more time consuming, it would be more secure if someone did want to store their password managers database file online... encrypt it multiple times with different programs (i.e. your password managers encryption(like is already the case), then 7-zip, VeraCrypt etc), and obviously each time you encrypt it you will need to use a different password (something like Diceware would be a secure means of creating those passwords)) as this way you would not be trusting one piece of software to stop the bad guys. so even if someone did get a hold of the file you uploaded online, they would have to break multiple levels of encryption/passwords to get to the sensitive data which is very unlikely they could do assuming your using secure passwords. but this is time consuming and you would probably have to store the multiple passwords on a piece of paper and put that in a secure location. basically, while this would be pretty secure, it's time consuming and a little overkill for most people and not really practical if your always updating your password manager with new entries etc (it's of limited use). but generally speaking... just use a password manager with a secure enough master password and make backup copies of that password managers database file and you will almost certainly be good enough. because the whole point of using a password manager is it gives a solid improvement to ones basic online security. it keeps you above the low-hanging-fruit standards as they say which hacker types typically go after as they want whatever is easy as if it starts to take up too much of their time, they will just move on to something easier. but anyone who already finds it a chore to use a password manager, definitely won't even consider the multiple encryption thing I mentioned which is definitely more secure than a random password managers online storage because your not trusting the company, your trusting that between multiple encryption programs that even if some shady person immediately got a hold of the file after you upload it, they got almost no chance of getting to your sensitive data simply because multiple encryption programs would all have to fail which almost surely won't happen if your using a different/secure password for each time you wrap it into a different encryption program (i.e. password managers database files goes into a encrypted .7z, then take that .7z file and wrap it in say VeraCrypt etc)
MainPC: i5-3550 (undervolted by -0.120v (CPU runs 12c cooler) /w stock i3-2120 hs/fan) | 1050 Ti 4GB | 16GB (2x 8GB) DDR3 1600Mhz RAM | Backups: AMD E-300 CPU (8GB RAM) / Athlon X2 3600+ CPU (@2.3GHz@1.35v) (4GB RAM) | All /w Mint 21.x-Xfce
newlyminted7
Level 5
Level 5
Posts: 563
Joined: Sat Jan 02, 2021 4:44 pm

Re: [ SOLVED ] best password manager

Post by newlyminted7 »

ThaCrip wrote: Mon May 03, 2021 5:46 pm
newlyminted7 wrote: Mon May 03, 2021 2:43 pm But I like Jeff's approach, which highlights the importance of doing it all yourself if you can; controlling each piece yourself instead of relying on a programmer. Not suggesting there's anything necessarily wrong with the programmer (but there could be), but the question is who do you trust with your data?
With this mindset it assumes that the general encryption/security of the password manager one is using is flawed etc.
No. Nowhere did I say that the "general encryption/security of the password manager one is using is flawed". I'm afraid that is simply your assumption. I actually wrote that it is great if someone can do it on their own. There is sufficient encryption in the hands of the average person to do so. Jeff's solution isn't the only way. There are many ways to encrypt and store things securely, without the use of a software application. My point was that it can be very beneficial to learn, understand, and undertake such efforts on our own, without the need for "someone else's software".
ThaCrip wrote: Mon May 03, 2021 5:46 pmso basically... your just trading one type of encryption for another which is no real benefit since it just makes more work with no real improvement to ones security.
Untrue. You're gaining control over your own security setup and putting less trust in third parties.
ThaCrip wrote: Mon May 03, 2021 5:46 pmso in the end... it's just overall better just to stick with ones password manager (assuming it's offline password storage only, as like I said I avoid the ones that store it online) paired with a secure master password.
Sure, in your opinion. But that's the great thing about this, that we can all choose individually what suits us, and some people, like Jeff, have systems that aren't "password managers" that work well for them, and are secure enough.
ThaCrip
Level 5
Level 5
Posts: 989
Joined: Sat Dec 07, 2019 12:13 pm

Re: [ SOLVED ] best password manager

Post by ThaCrip »

newlyminted7 wrote: Mon May 03, 2021 7:53 pm No. Nowhere did I say that the "general encryption/security of the password manager one is using is flawed". I'm afraid that is simply your assumption. I actually wrote that it is great if someone can do it on their own. There is sufficient encryption in the hands of the average person to do so. Jeff's solution isn't the only way. There are many ways to encrypt and store things securely, without the use of a software application. My point was that it can be very beneficial to learn, understand, and undertake such efforts on our own, without the need for "someone else's software".
Sure, you did not technically say that. but it suggests that though given what you said. because why else would someone use a different method to encrypt their password data vs using a password manager which is just easier and secure enough in general. like one is creating more work do to something similar and without any real security benefit over more typical methods. surely you can see my reasoning here.

also, I agree we don't absolutely need someone else software for making passwords as one can generate their own proven secure passwords with dice (5 dice rolled at once speeds up the process even though technically one die will work) with Diceware for example as a 10 word Diceware passphrase is similar in security to a 20-character randomly generated password. 129.2 (10-word Diceware) vs 131.1 (20-characters using all characters in keyboard short of spacebar) bits of entropy. with that said, it's suggested to use a minimum of six words with Diceware. also, if someone is paranoid and does not trust the random password generation of their password manager, it's possible to generate random passwords with a bunch of random characters using dice to, but I won't get into that for now since it's a bit overkill and can be time consuming etc.
newlyminted7 wrote: Mon May 03, 2021 7:53 pmUntrue. You're gaining control over your own security setup and putting less trust in third parties.
I can't see how what I said is not true? ; because by not using a password manager and coming up with ones own method (like previously mentioned), which seems like more effort and is probably less secure (or at least not noticeably more secure), its like I said in that your basically trading one encryption type for another, but spending more effort to do it. so it's less practical than just using a standard password manager.

sure, I agree that on some level us having more control over our own stuff can be good, but I think it's safe to say that for most people a standard password manager is the best all-around practical way to store passwords on ones computer when you factor in security/ease-of-use combo. I can't see most people disagreeing with that basic comment simply because if there was a better way, people would probably not be using password managers.

with that said, the method he used is not necessarily bad or anything, it just don't seem like it's worth ones time to do that vs using a standard password manager is all.
MainPC: i5-3550 (undervolted by -0.120v (CPU runs 12c cooler) /w stock i3-2120 hs/fan) | 1050 Ti 4GB | 16GB (2x 8GB) DDR3 1600Mhz RAM | Backups: AMD E-300 CPU (8GB RAM) / Athlon X2 3600+ CPU (@2.3GHz@1.35v) (4GB RAM) | All /w Mint 21.x-Xfce
newlyminted7
Level 5
Level 5
Posts: 563
Joined: Sat Jan 02, 2021 4:44 pm

Re: [ SOLVED ] best password manager

Post by newlyminted7 »

ThaCrip wrote: Tue May 04, 2021 1:41 am
newlyminted7 wrote: Mon May 03, 2021 7:53 pm No. Nowhere did I say that the "general encryption/security of the password manager one is using is flawed". I'm afraid that is simply your assumption. I actually wrote that it is great if someone can do it on their own. There is sufficient encryption in the hands of the average person to do so. Jeff's solution isn't the only way. There are many ways to encrypt and store things securely, without the use of a software application. My point was that it can be very beneficial to learn, understand, and undertake such efforts on our own, without the need for "someone else's software".
Sure, you did not technically say that. but it suggests that though given what you said.
No, it (still) doesn't suggest that. That's just your opinion, which you are entitled to, of course.
ThaCrip wrote: Tue May 04, 2021 1:41 ambecause why else would someone use a different method to encrypt their password data vs using a password manager
As I've pointed out now more than once: for control, not having to trust third parties, learning, pride of doing it themselves, etc. In no way did I imply or write what you interpreted.
newlyminted7 wrote: Mon May 03, 2021 7:53 pmUntrue. You're gaining control over your own security setup and putting less trust in third parties.
ThaCrip wrote: Tue May 04, 2021 1:41 amI can't see how what I said is not true?
It's not empirically true because it is subjective. You wrote, "it just makes more work with no real improvement to ones security" - which is subejctive. For some people it is actually not more work, believe it or not, and the "real improvement in security" is that you don't have to trust a third party as much (you gain control). I'm not saying that is always bad to trust third parties (you basically always have to at some point - heck you have to use third party encryption code!), I'm saying that can be a real and true benefit to people to do it themselves. In my opinion, too many people opt for convenience at the cost of security, privacy, and other aspects of their lives. The reason many Linux users use Linux is often evidence of this very fact: they usually want more control over their computer lives in some form or another.
ThaCrip wrote: Tue May 04, 2021 1:41 amthe method he used is not necessarily bad or anything, it just don't seem like it's worth ones time to do that vs using a standard password manager is all.
No, the method he uses certainly isn't bad. You may not think it's worth the time to do it, and that's just your opinion, and that's great, we all have them, but we can agree to disagree. I never think it is a bad thing to teach a man to fish, even if "most people" don't want to learn.

To reiterate what I'm agreeing to is what Jeff wrote here:
The only best password manager is under ones own security IMO. I have learned the hard way myself that nothing is safe online in someone else's hands. IMO it's best to store your personal information under your own lock. It may not be convenient for all.
That's my opinion, as well. You don't have to agree with it, ThaCrip.
ThaCrip
Level 5
Level 5
Posts: 989
Joined: Sat Dec 07, 2019 12:13 pm

Re: [ SOLVED ] best password manager

Post by ThaCrip »

newlyminted7 wrote: Tue May 04, 2021 3:34 pm No, it (still) doesn't suggest that. That's just your opinion, which you are entitled to, of course.
newlyminted7 wrote: Tue May 04, 2021 3:34 pm As I've pointed out now more than once: for control, not having to trust third parties, learning, pride of doing it themselves, etc. In no way did I imply or write what you interpreted.
Okay, my mistake. I see what you mean now. so I retract my previous assumptions about what you said.

but I guess the bottom line for me is password managers are generally made by someone who's more familiar with password security/encryption etc and will probably be the safer bet than using alternative methods by the common person, especially if the person is using passwords not up to a certain standard and is using the same (or nearly the same) password across multiple websites, which is a bad idea as you already know.

but for those who opt for more control over their passwords, assuming they outright don't use any standard password manager, I think we can both agree whatever method they use, they should, at the very least, make sure that their passwords are different for each website (especially any important accounts) and that whatever method they are using for creating their passwords is at least a fair amount above the low-hanging-fruit standard. because with at least these minimums, one is probably 'safe enough'.
newlyminted7 wrote: Tue May 04, 2021 3:34 pmIt's not empirically true because it is subjective. You wrote, "it just makes more work with no real improvement to ones security" - which is subejctive. For some people it is actually not more work, believe it or not, and the "real improvement in security" is that you don't have to trust a third party as much (you gain control).
Well in terms of the passwords generated, short of maybe using something physical like real dice to generate really long passwords (as I can see how this might be some level of improvement in security vs a computer generating passwords which 'may' be less random(?)), chances are there will be no measurable improvement in security as far as the passwords themselves go.

because assuming the average person's desktop computer is in no way compromised, and that whatever passwords they are using for random sites are different/secure enough, then it probably does not really matter whether someone using their own method (like mentioned already) or a password manager (assuming offline since it's the least risk for password managers).

so I guess for those who are more of that 'do-it-themselves' mindset they might prefer to go outside of the norm and not use a password manager but whatever method they use, main thing is it needs to be above the low-hanging-fruit standard.
newlyminted7 wrote: Tue May 04, 2021 3:34 pmI'm not saying that is always bad to trust third parties (you basically always have to at some point - heck you have to use third party encryption code!), I'm saying that can be a real and true benefit to people to do it themselves.
Yeah, like I previously mentioned about trading one encryption method(i.e. password manager) for another (i.e. 7-zip etc). probably not much point in doing this unless the person happens to feel one is a bit more trustworthy than the other etc.
newlyminted7 wrote: Tue May 04, 2021 3:34 pmIn my opinion, too many people opt for convenience at the cost of security, privacy, and other aspects of their lives. The reason many Linux users use Linux is often evidence of this very fact: they usually want more control over their computer lives in some form or another.
I agree.

because there are probably still millions of people who still have weak passwords online as you can see by looking into this stuff online with people using passwords like '123456' and the like. still, I would imagine more and more people are becoming a bit more security conscious though, which is a good thing. still, it comes back to many people like to take the easy way out by default which, as you already know, don't work well with security as the main thing is, even for someone who wants to put in the least amount of effort, is to make sure whatever passwords they use are above low-hanging-fruit standards at the very least otherwise they are gambling, especially if that's done on accounts that if they got taken over could wreak havoc on their lives/online lives and sadly many people probably use the same password (or maybe a small amount of passwords at most) across multiple accounts.
newlyminted7 wrote: Tue May 04, 2021 3:34 pmNo, the method he uses certainly isn't bad. You may not think it's worth the time to do it, and that's just your opinion, and that's great, we all have them, but we can agree to disagree. I never think it is a bad thing to teach a man to fish, even if "most people" don't want to learn.
I get your point here and I basically agree with your analogy about 'teaching a man to fish' kind of mindset, which could apply to stuff in life in general as those who learn more stuff depend less on others, which can't be a bad thing ;)
newlyminted7 wrote: Tue May 04, 2021 3:34 pmTo reiterate what I'm agreeing to is what Jeff wrote here:
The only best password manager is under ones own security IMO. I have learned the hard way myself that nothing is safe online in someone else's hands. IMO it's best to store your personal information under your own lock. It may not be convenient for all.
I would agree with that basic concept on some level. but like I mentioned before, whatever method someone uses, even if they end up weaking their security by doing it, as long as the passwords they use are different on each website and the passwords themselves are above the low-hanging-fruit standard is the most obvious/critical thing, especially for higher importance stuff online.

--------------------

so with all of that said... I don't think we are that far apart now ;) ; it seems you just prefer to 'do-it-yourself' a bit more where as I, while I get your point and agree with it on some level, when it comes to password management in general, I prefer to stick to a decent offline password manager since it's easier (since you just enter a master password and then immediately have access to all of your website login info) and more than secure enough. even if I wanted a more 'do-it-yourself' mindset for creating passwords I would probably opt for creating passwords using dice either using passphrases or random generation using the characters on keyboard.

thanks for your time, and patience with me ;)
MainPC: i5-3550 (undervolted by -0.120v (CPU runs 12c cooler) /w stock i3-2120 hs/fan) | 1050 Ti 4GB | 16GB (2x 8GB) DDR3 1600Mhz RAM | Backups: AMD E-300 CPU (8GB RAM) / Athlon X2 3600+ CPU (@2.3GHz@1.35v) (4GB RAM) | All /w Mint 21.x-Xfce
Rubin_Farr
Level 2
Level 2
Posts: 75
Joined: Sun Jul 09, 2017 3:50 pm

Re: [ SOLVED ] best password manager

Post by Rubin_Farr »

I would not consider encrypted .zip files as good enough for password storage. I wish I knew enough about it to give a nice detailed response but suffice it to say, Winzip/.zip files, etc. are not designed as security products and its encryption isn't implemented as such. Encrypted .zip files are rather famously easy to bypass so please do your research first if you plan to trust this method.
OunceofCommonSense
Level 5
Level 5
Posts: 666
Joined: Mon Oct 01, 2012 3:52 pm

Re: [ SOLVED ] best password manager

Post by OunceofCommonSense »

Rubin_Farr wrote: Wed May 05, 2021 2:30 am I would not consider encrypted .zip files as good enough for password storage. I wish I knew enough about it to give a nice detailed response but suffice it to say, Winzip/.zip files, etc. are not designed as security products and its encryption isn't implemented as such. Encrypted .zip files are rather famously easy to bypass so please do your research first if you plan to trust this method.
+1
MB: Gigabyte model: B650M AORUS ELITE AX Memory: Corsair Low Profile Vengeance 32.00 GB. CPU Ryzen7600x Platform: x86_64 Distribution: Linux Mint 21.2
newlyminted7
Level 5
Level 5
Posts: 563
Joined: Sat Jan 02, 2021 4:44 pm

Re: [ SOLVED ] best password manager

Post by newlyminted7 »

Put it in a VeraCrypt container.
Locked

Return to “Beginner Questions”