• itslilith@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      I’m using KeepassXC, which has a browser integration that is quite good, and a local database. I synchronize it to my devices (using Syncthing, so it’s p2p). The database is encrypted with a pretty good password, and a key file. the key file has never and will hopefully never be transported via internet. The database is synced to a server I’ve rented as well, but never the key.

      It’s not perfect, but potential attackers would need to

      a) have access to one of my daily devices (the server won’t be enough, since they need the key file)

      b) crack my password

      Obviously, for someone dedicated this is still quite reasonable, but then again, I don’t think that’s my threat profile. The chance of getting caught up in a larger breach is a basically zero once you use your own solution, and it should be reasonably safe, if you don’t do anything stupid.

      • Paradachshund@lemmy.today
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Oof, I barely understand most of that so definitely over my head I think. It sounds like you’ve made a good system for yourself though, nice job!

        • itslilith@lemmy.blahaj.zone
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          I could’ve phrased some things simpler, haha

          But yeah, I’m quite happy with it. KeepassXC is a local password manager, and Syncthing lets you synchronize files and folders across devices, and it uses Peer-to-Peer (p2p) technology, so unlike something like Google drive you’re not relying on some could server, it just transfers between your devices directly.

          It’s not plug and play to install, but not that hard either. But still, I can see that commercial options are a lot easier for many people c:

      • Piemanding@sh.itjust.works
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        They would also need to know what you are using in the first place. Since fewer people do this it does make it a bit safer.

        • itslilith@lemmy.blahaj.zone
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Exactly. As long as you don’t have someone really determined or some three letter agency after you, it’s going to be pretty safe

    • Hexarei@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I store mine in a selfhosted Nextcloud instance, KeepassDX on Android supports accessing it directly. Works perfectly and even provides an autofill service for Android. Very easy and very convenient.

    • Rodeo@lemmy.ca
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      That’s the neat part, you don’t.

      Security and convenience are opposites. You have to decide if you want a local-only manager that is more secure, a sync service like syncthing that you can set up yourself, or a third-party cloud app like LastPass (which has been compromised at least once that I know of).

      Personally I just do all my email and banking on my desktop at home, and it’s actually only inconvenienced me a few times over the years.

      • itslilith@lemmy.blahaj.zone
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        the only thing that gets less secure is more devices potentially compromised, but the act of syncing shouldn’t make it more dangerous by itself (if using a key file or a master password too long to be reasonably cracked), right?

        or am I missing something?

      • Hexarei@programming.dev
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I store mine in a selfhosted Nextcloud instance accessible only via a Nebula overlay network (alternative to tailscale) and it’s both convenient and secure.

      • Paradachshund@lemmy.today
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Sticking to desktop only wouldn’t be realistic for me unfortunately. Sounds like the solutions aren’t quite there yet for an average user.

        • 0xD@infosec.pub
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          1 year ago

          They are, just use a normal one (I use bitwarden) that you can access from everywhere and protect it with 2FA.

          The goal is to have varied, secure passwords across everything.