1527
submitted 1 year ago by Kagathara@lemmy.ca to c/android@lemmy.world
(page 3) 50 comments
sorted by: hot top controversial new old
[-] FatherOfHoodoo@lemmy.world 13 points 1 year ago

I don't like to keep any security stuff in "the cloud", written down anywhere, or even on my own devices. It's too easy to lose everything after one security breach.

Instead, I use password algorithms seeded from both the service name/identifier and one or more private passwords. This lets me keep thousands of service/site unique passwords in my head just by memorizing twenty or so words.

load more comments (5 replies)
[-] learningduck@programming.dev 13 points 1 year ago

I used KeePass for years. Now I switched to BitWarden since it's open source and audited.

load more comments (4 replies)
[-] tun@lemmy.world 12 points 1 year ago

LastPass -> Enpass -> BitWarden

Tried KeePass (on Windows), 1Password and pass before settling with BitWarden.

[-] WiseassWolfOfYoitsu@lemmy.world 12 points 1 year ago

I switched from LastPass to Bitwarden. I think they're great, being able to use a strong bespoke password for every service along with one nuclear missile arming grade password plus 2FA for the manager itself.

load more comments (1 replies)
[-] kanzalibrary@lemmy.world 11 points 1 year ago* (last edited 1 year ago)

I don't know if this totally credible or not, but I found news that KeepassXC receives positive audit from independent security consultant. Very rare to happen in pass manager apps..

I got this news from Linux Magazine first as I remembered, so I think this is credible and best alternative solution for us to use KeepassXC than other (never heard other apps has been audits by independent security firms / consultants like this).

load more comments (1 replies)
[-] neijzero@lemmy.world 11 points 1 year ago

Im using KeepassXC and sync it with Nextcloud

load more comments (1 replies)
[-] Greenskye@lemmy.world 11 points 1 year ago

I honestly don't know how anyone manages without one these days. How would you even keep track of it all? Even if you go the 'same password for everything' route of horrible security, different websites have different requirements for both username and password. Wouldn't be able keep it all straight at all.

I personally use 1password, which is better than Lastpass for sure. Probably not as good as Bitwarden, but I'm too lazy to switch a second time.

[-] agentnz@lemmy.nz 11 points 1 year ago* (last edited 1 year ago)

I use Bitwarden. Used to use Last pass, but that got crappy a while back.

load more comments (1 replies)
[-] cullvox@lemmy.world 11 points 1 year ago

Password managers are a requirement for me these days. With how many breaches occur daily that we might not even know about you probably want a password that hasn't been reversed or used before. For me I don't know what I'd do without Bitwarden. I previously used LastPass until they added some restrictions and I figured out that Bitwarden was opensource. I don't currently run my own instance of it but easily could, keeping my passwords off other peoples computers.

[-] golamas1999@lemmy.world 11 points 1 year ago
[-] Tekchip@lemmy.world 11 points 1 year ago* (last edited 1 year ago)

As with most things security it's about assessing your risk.

If you're a granny with a hand full of passwords then a notebook is probably fine.

I think for most people, who aren't CEOs, high value employees, or some kind of holder of the keys to a kingdom beyond their personal bank account, a solid full e2ee password manager that's cloud synced is a nice middle ground of security vs convenience. It beats a post it under keyboard or a notebook left on the night stand.

For those CEOs, or high value employees then something offline is in order. Or as I've seen others note perhaps a combo of full offline and cloud synced for less important logins.

I recommend Bitwarden as others have here. It seems to be the one that's come through unscathed thus far and the company behind it seems to be making the right moves to stay ahead of risks. https://bitwarden.com/help/is-bitwarden-audited/

[-] flickertail@lemmy.world 11 points 1 year ago

I like the simplicity of password-store. It's just a simple wrapper around a text editor, gpg, and git that allows you to make an encrypted, version controlled password repository that you can sync between devices using GitHub/Gitlab/etc. It also doesn't lock you in to any app since the passwords are just stored in gpg-encrypted files.

load more comments (1 replies)
[-] pacjo@lemmy.world 11 points 1 year ago

Currently I use Bitwarden on both my phone and my pc, but I'm looking into self hosting it with vaultwarden. This gives you access to premium features (such as TOTP support, for which I currently use Aegis Authenticator). It also gives you full control over your data.

load more comments (3 replies)
[-] mp3@lemmy.ca 10 points 1 year ago

They're much more than passwords managers nowadays, they're secrets managers. You can't store sensitive info like passport info, insurance cards, etc in a way that you know is safe if you make sure to use a unique and strong password as well as 2FA.

[-] notavote@lemmy.world 10 points 1 year ago

KeepassXC on desktop with browser plugin, KeePassDX on android I find it less confusing to use than Keepass2Android.

It is only a bit difficult to setup sync, but you can use syncthing, or drive and it works nicely.

load more comments (2 replies)
[-] srwax@lemmy.world 10 points 1 year ago

I think the best quote on PW Managers was "Password Managers are the vegetables of the internet. We all know they're good for us, but a lot of people are still content with the equivalent of password junk food".

Password managers are great, and the time i have to spend unlocking Bitwarden to autofill my password, is about the same time that it would take me to type out a password on my own. AND my passwords are exponentially more secure!

load more comments (2 replies)
[-] decadentrebel@lemmy.world 10 points 1 year ago

Been using KeePass for years since I couldn't keep track of every single random passphrase I have. And yes, I recommend it highly.

[-] bladewdr@infosec.pub 10 points 1 year ago

As others have said, bitwarden. I've also heard good things about roboform.

I really love that bitwarden is not only open source but has been professionally code reviewed, and can be self hosted if you've got the knowledge to do so.

Of course, if you're self hosting it make sure you have a solid backup strategy for your vault.

[-] Rob@lemmy.world 10 points 1 year ago

Lots of love for Bitwarden in this thread; I’d also like to pitch in with 1Password. It’s got a great UX and I even got my mom on board.

Used to use Lastpass since ~2013; really glad I switched last year. Lastpass has turned to absolute shit.

load more comments (6 replies)
[-] willnever_fadeaway@lemm.ee 9 points 1 year ago

So many answers for Bitwarden but I too will agree. It's my go-to ever since I've found out about it, I don't know any of my passwords apart from my Bitwarden vault master password tbh.

[-] Kissaki@feddit.de 9 points 1 year ago

Using different passwords for different services protects you against data leaks opening attack vectors for all your services as well as malicious actors using your passwords like that as well as phishing impact.

A password manager is a must for reasonable security.

I use keepass. Local DB file with Master password. No hosted service or Browser extension is another layer of protection, of risk reduction. I manually copy/sync the DB file via cloud storage as a backup and for mobile use.

I use Browser password storage selectively. The most critical stuff definitely only belongs into my memory and password database.

load more comments (4 replies)
[-] mayo@lemmy.world 9 points 1 year ago

Keepassxc for storage/backup and then I let the browser save the passwords I use. I like this setup.

[-] avail@lemmy.world 9 points 1 year ago

1Password family account for my partner and I. Super handy to have a shared vault for household things.

load more comments (1 replies)
[-] ultratiem@lemmy.world 9 points 1 year ago* (last edited 1 year ago)

1Password since forever. Can’t imagine having to type passwords or remember them.

load more comments (1 replies)

I prefer a password with pronounceable content of nonsense words, separated by dashes, with some numbers and symbols in there somewhere. Such as: tostog-Meenish-flurbit-dalsag-3023# . It's long enough to be very secure, and easy to transcribe if I have to type it. None of the words are in a dictionary. I keep a big list in a note on my desktop, and peel'em off as needed, finally keeping the utilized PWs in Enpass.

load more comments (2 replies)
[-] jzefbeio54@lemmy.world 9 points 1 year ago

KeePass is the perfect tool for me ! The cybersecurity practice at work also use it,

load more comments
view more: ‹ prev next ›
this post was submitted on 05 Jul 2023
1527 points (98.5% liked)

Android

28045 readers
236 users here now

DROID DOES

Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules


1. All posts must be relevant to Android devices/operating system.


2. Posts cannot be illegal or NSFW material.


3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.


4. Non-whitelisted bots will be banned.


5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.


6. Memes are not allowed to be posts, but are allowed in the comments.


7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.


8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.


Community Resources:


We are Android girls*,

In our Lemmy.world.

The back is plastic,

It's fantastic.

*Well, not just girls: people of all gender identities are welcomed here.


Our Partner Communities:

!android@lemmy.ml


founded 1 year ago
MODERATORS