The Only Password Manager I Can Trust
HTML-код
- Опубликовано: 30 сен 2024
- I have been using the standard Unix password manager (pass) for a few years and I really love it. It's simple to use and has a ton of extensions and third-party scripts that can be used with it. Pass can be used with dmenu, rofi, Xmonad prompts, Firefox, Chrome, Android and iOS devices.
REFERENCED:
► www.passwordst... - Pass
WANT TO SUPPORT THE CHANNEL?
💰 Patreon: / distrotube
💳 Paypal: www.paypal.com...
🛍️ Amazon: amzn.to/2RotFFi
👕 Teespring: teespring.com/...
DONATE CRYPTO:
💰 Bitcoin: 1Mp6ebz5bNcjNFW7XWHVht36SkiLoxPKoX
🐶 Dogecoin: D5fpRD1JRoBFPDXSBocRTp8W9uKzfwLFAu
📕 LBC: bMfA2c3zmcLxPCpyPcrykLvMhZ7A5mQuhJ
SOCIAL PLATFORMS:
🗨️ Mastodon: distrotoot.com...
👫 Reddit: / distrotube
📽️ LBRY/Odysee: odysee.com/$/i...
DT ON THE WEB:
🕸️ Website: distrotube.com/
🐿️ Gemini Capsule: gemini://distro.tube
📁 GitLab: gitlab.com/dwt1
FREE AND OPEN SOURCE SOFTWARE THAT I USE:
🌐 Brave Browser - brave.com/dis872
📽️ Open Broadcaster Software: obsproject.com/
🎬 Kdenlive: kdenlive.org
🎨 GIMP: www.gimp.org/
🎵 Audacity: www.audacityte...
💻 VirtualBox: www.virtualbox...
🗒️ Doom Emacs: github.com/hli...
Your support is very much appreciated. Thanks, guys!
Store all passwords in a text file. Then make text font color match background color.
Ultimate hacker tactics. LOL!
@@priyapepsi
Oh! You hacked my unhackable password storage! 😂 😂
#Respect
Doesn't work. I have to keep 300+ strong passwords.
Damn he knew the future about LastPass....
Keepass is a lot more convenient for me. And it doesn't show services that you use which is kind of important if you're storing them in some cloud storage
KeepassXC!!
Why KeePassXC instead of KeePassX?
KeePassX is an amazing password manager, but hasn't seen much active development for quite a while. Many good pull requests were never merged and the original project is missing some features which users can expect from a modern password manager. Hence, we decided to fork KeePassX to continue its development and provide you with everything you love about KeePassX plus many new features and bugfixes.
Why KeePassXC instead of KeePass?
KeePass is a very proven and feature-rich password manager and there is nothing fundamentally wrong with it. However, it is written in C# and therefore requires Microsoft's .NET platform. On systems other than Windows, you can run KeePass using the Mono runtime libraries, but you won't get the native look and feel which you are used to.
KeePassXC, on the other hand, is developed in C++ and runs natively on all platforms giving you the best-possible platform integration.
@@1MinuteFlipDoc I'm actually using KeepassXC. It's not like it's really good, but it's the best client for keepass for now. I hope there will be something better looking and more stable in the future
@@Rundik I don't see how it leaves anything to be desired in terms of looks or stability.
I would be happy to see a couple more features though - for example deeper configuration options for backups.
@@holleey Deeper configuration options for KeePassXC ? Like? It has everything you need.
@@hammerheadcorvette4 currently, all I am aware of is one toggle option "backup database file before saving".
this creates one copy of the database file sitting in the same folder as the original.
this is the most barebones implementation of backups possible and leaves much to be desired.
specify a custom filename pattern and location for the backup.
specify multiple backup locations.
then if we go more advanced, upload the backup to a server.
automatically mount an external drive to backup to.
have different triggers for backing up, not just on saving the file.
...
so you either have very barebones requirements for backups personally, or I am not aware of some obscure options.
Nah, nothing beats writing it down in a blank notepad/book. Also cloud based password managers aren't a great idea, security wise. Offline password managers are much preferred.
Until the notebook is found by someone beside you...
use a "double blind" method with PW manager ie ADD an extra memorized "PIN" to all the long complex auto generated PWS your manager makes. Then even if the manager gets hacked and decrypted, your PWs saved within are all incomplete anyways only YOU know the extra "PIN"..
And yea you could use this method with a note book too, to be fair lol
@@fightlikabrave This shit is genius, never thought of it. Even if its an simple addition like a single letter, noone knows
@@fightlikabrave Yea I'm gonna add a symbol instead.
Remember guys, the goal is not to protect the key, but to protect what that key can unlock.
If you spend too much effort guarding the key, but forget to lock the door, your efforts are as effective as building a sand castle to withstand the ocean waves.
Your choice of password manager should be secondary to where you put your valuables. The internet is often not the best place to store your nudes or your credit card pin, and a password manager ia really just a glorified key chain.
That is all.
If nobody else can easily enter the room or look inside the room where your computer is, it is not that bad to put a note next to the computer.
Class bad practice, but with remote working now, doesn't seem so bad. As long as your kids aren't trying to access
Classic*
@@oberlinio Not really a bad practice, if you do it the right way (nobody else you do not trust can easily enter the room or take a look at the note from outside). Or you could also lock the note with the passwords in a save. Most people do not encrypt there system. So somebody with physical access could already get most of the data. So preventing physical access is the most important thing. It is also way better than trusting some cloud service with your passwords.
@@addygreen8919 Yes it is. The answer to physical access as a security flaw is not to make it easier. If it is just as easy to extract passwords from an unencrypted computer, the solution is to encrypt the password storage, not make it easier by just sticking the password under your keyboard lmao
@@XxDarkXxXSasuxX If physical access to the room with your PC is not that easy, it is way more secure to place the note with your passwords under the keyboard, then what a lot of other people are doing: Using some shady cloud password manager.
It is also not like that you need to put the note with your passwords directly near to your PC.
About secure and open source password managers: I am pretty sure that there will be a lot of people, who get problems in some years, when their password management software does not work anymore for some reason. Maybe the user accidentally deletes some stuff or the software does not work with upgraded packages. A lot of this people won't be able to deal with this problems by them self and it would have been way better for them, if they would have just wrote their passwords with a pen on some paper.
How do you get your passwords if you’re on another machine like, say, your phone? Wouldn’t it be easier to just self-host your own Bitwarden server? I don’t see the point
Syncthing is an incredible general utility for syncing files. (No hosting required)
But any other synching method is nice
Difference with bitwarden is ease of extensibility
But to each tgeir own, peoples usecases and preferences differ
there are pass compatible clients people have made that work for ios, as well as one android client. for some reason there is more choice on the ios side.
In theory pass is quite nice ... but I don't like the implementation at all.
Having a separate file for each password can actually be quite dangerous in itself. And GnuPG is still stuck with SHA-1 for key derivation per default which is just a horrible decision. Since the main concern for GPG is mail encryption (PGP) is also doesn't support any newer more KDF functions (like pbkdf, scrypt, argon2) as they aren't part of the standard.
My method is Bitwarden (self hosted) in Docker + 2FA + Yubikey . pgp keys etc are encrypted in Cryptomator in various cloud drives and synchronised to all my computers & NASs via Syncthing. Multiple encrypted backups of all important data and passwords everywhere. A paper printout of passwords is also kept in a secure safe off site. PC and NAS access is via 2FA yubikeys. I can survive a world war , power cuts or having all my equipment stolen; and still have access to all my passwords.
WRONG. Studies have shown that LENGTH...not "special characters" or "capitalization"....is the important factor.
Perhaps I have too many apps, but I enter passwords on my phone using my password manager all the time - usually right after installing a new app, after that I switch to fingerprint if available.
In fact, writing you password on a piece of paper is most secure way to store it 😃
And hiding that!
and then somebody really hacked lastpass =))
lastpass has been breached before, more than once
Left Lastpass for Bitwarden. Lastpass restricts now access from one device only free plan.
@@vitastimator yeah i use bw as well
@@vitastimator yep…
If you use a web browser to remember your passwords and user names, you should always create a primary or master password file. Otherwise anybody can just find and view the passwords from the password section of the web browser. It can be a pain as the browser will prompt you for your master or primary password when browser starts up.
For real tho. Straight up pen and paper is as secure as your house is and that's nothing to scoff at
If you're worried about friends accessing it you maybe need to rethink who your friends are, but in these times that's less of an issue
Sure... Manually typing 30 random characters passwords multiple times a day is so fun!
Oh and that's a known fact that friends NEVER betray you. That never happens.
@@vaultdweller966 Most websites have indefinite sessions so no clue what you are talking about maybe i might have to type in a password once or twice every day at most
Your really don’t understand how these password managers like LastPass, Bitwarden and 1Password work, do you?
He is feeding speculation. Password managers have a Secret key which is stored locally and never shared to the main server, and that with a combination of a password is used to decrypt the vault.
Hi DT! This video in the new office looks great!
I mean storing your password at your house on a notebook is no more less of a security threat then pass
you dont need a master password to open a notebook
@@NamelessStudiosInc But you need to physically open the notebook. So really if you get a key logger or any remote attack thrown at you, well. Logging onto RUclips giving up your "master" password is giving the attacker the password to EVERYTHING. But with a non network or computer accessible password storage (notebook) is going to make attacks limited and take time and energy to extract anything. Or they physically brake into your home. Like if a attack is about taking your passwords then it is going to do it. But if we talk about a general safety from a big non focused attack. Well.
DO NOT RELY ON IN COMPUTER CLIPBOARDS OR ANYTHING THAT CAN BE EXPLOITED WIDELY! Better not rely on stuff that can be exploited by a bad actor for big effect. Like buying a NAS server where the software (being a big target for profit) infect and ransom people simply for being a big target that pays off. Since a attacker have a good chance of a payoff going for that! But not so much attacking someones offline NAS home setup. You need to become a big target to be worried about this stuff. No! Worry about the wide attacks that can be a PAIN! Like passwords leaking outside of your control. At home you should be in control.
If your afraid of some real attack? At that point wtf are you up to? I mean if they take everything your going to notice the attack and have a real problem. You lost your stuff! And if you do not notice a physical attack then you are in even bigger problems. Since then the attack was not about taking the computers but information. Passwords, data etc.
But to go in to your place just for passwords or data?? What? Like common. At that point your best way to defend yourself is a gun or something... And security systems and what not. Passwords matters very little at that point since this are real attacks towards you!
You need to have some serious passwords worth something that a "master" password by default is to much of a security hazard to allow. Like common you do not put the nuke passwords next to a RUclips password. So really why on earth this hole debate even exist. If you can smash the computer to bits then a sticky note is not that big of a security risk. Better avoid a attack getting that close to the computer in the first place.
Really passwords fail, like most things. Really it is better to split stuff up and limit what a attack can get from you. Like having a dedicated machine for just banking. One for web etc. And make the attacks pointless. Or hard to pull off. Like there is so many point of failures that your passwords are quite frank not safe to begin with. Heck having a network of any kind is the biggest security hole you can have. So really the levels of problems are so deep that screw passwords.
You got to little control around it to make it secure! Your better off not having passwords at all. They at best can be looked at as the locks on school lockers. Flimsy and easy to defeat. But do the job for wide attacks to not go nuts. Not much more.
I gladly sticker stuff up that only someone physically can see from the computer users view. Since they are meant to see and know it. Not some security hole in software or hardware eyes.
Unix Pass works grate on a admin level or some shit. Multi user computers kind of deal. But here we are talking passwords security at home. It should be the safest place you got. So why NOT store it there??? You live in the same room as the enemy? Why not disconnect your computer from that storage media of your passwords? Why store the keys/passwords on computers at all? It is all about laziness.
Really easy password and a second layer of defense is plain better. Since then a attack can trip alarms. But that is not a option every time. So plaster passwords around your desk or server at work all you like. Since there is no security in this world. Only ways to be safer. If a password really is impotent then you learn it. Or make a safe box that no network can reach into. Physical attacks can kill you, computers can also die to a baseball bat. And both can be made to talk. :)
@@TheDiner50 I don't use pass, I use keypassxc with a password (20+ chars) and a keyfile. And I recently bought 2 yubikeys. Not sure about you but I feel kinda safe
Huh I never heard about this. What are your thoughts on Keepass? And KeepassXC? It basically does the same thing as pass but it's not CLI. I don't know more of its advanced features but I found keyring support, something about ssh and some other stuff.
thats what i use. its fantastic
I’ve been running KeePassXC for a while now. Working great for me. Good project, and cross platform for those who need such features.
Thanks everyone here! nobody talks about keepass online. Its always laspass for the normal consumers and bitwarden for those that know a bit more. I like keepass's local assword database better than both those solutions.
Also one downside is that you have to backup the password files and the gpg key (could bei done by using paperkey). Other programms just encrypt your data with a master password. But i would agree that pass fits the GNU/Linux philosophy perfectly.
"Strong and complicated password"
the password: 'dt'
Copying password to the clipboard could be quite dangerous actually. Any app can read it. Yet regarding cloud providers - compromising is not a big isssue if e-2-e encryption is implemented - the only cocnern I've is how browser plugin sandbox is secure
Pass with pass-otp and git. All you need.
wait if you did "pass name-of-service", won't the password then be in your terminal history file then?
Good question.
I think the output is not saved. Only the command. And you have to give it a master pass.
The shell history save all given commands, entering a password after executing i.e pass, is an input to the programm not the shell, meaning it will never be saved in the shell history unless you accidentaly enter it in the shell itself
It is the same with sudo
First comment
Confirmed!
Thanks @@DistroTube 😁
Office looks great!
I have been using the Brave web browser, does Pass work with that ?
You can use git to sync your passwords with Pass
think I'll just host a Bitwarden server on a raspberry pi
Nah, pencil and paper > everything.
What about your distro's built in managers like kwalllet or gnome-paswords ?
When KeePassXC exits?! Why go through the trouble.
I use this all the time. Works great with rofi-pass. Recently set up the recommended android client. Works nice.
The one thing I got annoyed with was having to re-enter my gpg passphrase every so often (also not safe against keyloggers?). What I have now is a gpg key without a passphrase which is stored on an encrypted usb drive. The usb drive is attached to my keychain and the idea is that while the keys are plugged in and the drive decrypted. I can use pass freely without the passphrase prompt. Pull the keys out and suddenly all my passwords are secured again.
I like that, clever solution.
But you have to encrypt before pulling the Keys.
@@danilodistefanis5990 I don't think decrypting the keys changes anything on the actual storage device that you have to 're-encrypt' when you want to unmount. wiki.archlinux.org/title/Dm-crypt/Device_encryption#Cryptsetup_usage is how I've encrypted it with luks encryption and I'm fairly confident that even if you pull out the drive after decrypting, everything is still encrypted when you plug it back in.
I do write it on a paper, but in my own Alphabet and seed it with gibberish with a simple algorithm. 1000 times secured than any password manager. Also I can read it so easily.
I mean, you can create local PW vaults that store offline/locally, with PW manager services.
An EASY way to protect against PW manager hacks is to use the "double blind method": You use the PW manager to generate a long unique PW for a site and save it like that in the manager, THEN you change the sites PW to that PLUS an extra "PIN" (4-8 characters extra) that you use that can be a pattern per site or just a PIN code that you add to the end of the managers saved PW.
So if you have a PW manager save "df%ghd&63n398%egd8" as a PW then you add "*****"(whatever your memorized PIN is) to it, then IF someone hacks the PW manager and somehow breaks the encryption..they get a bunch of wrong/incomplete PWs and your accts are still safe.
Since you control your emails you can still use those to change any PWs even IF the PW manager gets compromised.
Where is several passwords that you have to remember before you get access to the pass : password for encrypted disk, password for login, master password for pass, in case you lost your pc and restore pass database from the cloud then password for cloud also have to be remembered. So we get 4 passwords to remember forever outside pass.
you would also have to have a copy of your pgp key. either printed out or on a usb key which is another vulnerability
@@rolandsharp pgp key which is anyway protected by password! Maybe the revokation certificate is not instead, not sure..
0:53 i do it, but i encrypt file LOL even nobody cant see my desktop, but if some case get hacked they have encrypted file with VERYSTRONGPASSWORD i mean its VERYSTRONG LOL
My password is IlIlIlIlllIiya
I created algorithm that allows me to convert book quotes into non-human-readable passwords on the fly. I don't manage my passwords in any software or hardware way other than my head.
So if I write my passwords on a notebook,I use encryption and hide the notebook somewhere in my home where no one knows that is somehow more dangerous?
Enpass with Dropbox sync. Compatible with all my devices and easy to use.
Still got some room echo DT. But yeah your right you should use a password manager.
But a notepad is actually more secure than you think.
Anybody saw "apple-id" in 3:41?
Wait DT, do you use Apple stuff?
just put your password in the passmanager but let out something you have to add in front or behind it that you also remember
Great idea
Pass is really amazing. Although I use Bitwarden
Personally I use Bitwarden. Hosting it on a RaspberryPi on my local network without outside access. Also allowed me to practice my Docker hosting.
Similar here. Bitwarden (or to be precise, its lightweight implementation Vaultwarden) is open source and can be self-hosted, so you get full control of the data.
Have set up automated encrypted backups in cloud (in case if house burns down) and Wireguard VPN (hosted on same rpi) for accessing from smartphone outside home network. As a bonus, mobile ads get blocked by pihole (again, same rpi), when connected to VPN.
HAHAHA lastpass pwned. You called it, nice
What about a single password protected text file?
I mean, it's probably more secure than like 80% of ways that other people store their passwords but you should make sure temp files of the unencrypted file are being deleted.
Writing down passwords isn't by itself a bad thing if you keep that piece of paper in your wallet for example
Security guru Bruce Schneier recommends it too
Obviously nobody should use a cloud-based password manager (let alone paying a monthly fee for the privilege)
The voice of reason!
You can self-host bitwarden
a keepass db for me.
a paper notepad is perfectly secure against online attacks and you have some physical protection of your home as well - it's perfect for patents and grandparents.
unless they press the "save password" button on the browser XD
2:00 yes why give your password to 3rd party to saved on cloud. they see password they made it so they can say your password is weak LOL. what if that cloud or database is leaked YEAH there your passwords even hashed, but still passwords should be hashed by uniq way bu creator not just md5() or sha256() it need be multiple times so hacker cant simplu run bruteforce lol
This video, I find useless. Firstly video is made about what? And then, what’s the use of password manager if u need to access PC always for it and it’s not available anywhere else.
"Thank you!", DT!
I was doing it wrong!
Now I know better (still doing it wrong but I'm working on it).
Have a GREAT day, Neighbor!
Can pass automatically fill in the password if URL of the website matches the saved template? Also can you save a set of URLs/domains associated with one login/password pair? This way when the account's password changes, it'll affect all websites that use this account (e.g. Microsoft account, MS Exchange account, other corporate/ecosystem accounts).
Bitwarden offers these features and they really make a difference. My only gripe about Bitwarden client apps is that they aren't as fast as other services/apps I'm used to (Telegram, Aegis, Syncthing...).
Keepass + Syncthing. No need to manually sync git repo, no need to import/export gpg keys. But I can see there are pros and cons to both pass and keypass
Very useful information! Thanks!
2:10 smart boy. could be 2nd in world lol
This is only useful if you have the same user name and email everywhere. Bitwarden saves and autofills all my usernames and extra notes too.
Not true, you can also store your usernames in the password files. And the extensions like rofi-pass can also autotype username/password/whatever into wherever you like.
@@MoopyToopy How's that supposed to work? If you copy something into Dmenu, you can either copy and paste the password or the user name, since it is two different fields on a website.
@@maxarendorff6521 RUclips keeps deleting my comments so I'll try one last time.
I can't speak for dmenu because I use rofi but I'm assuming it's similar. I've installed the rofi-pass extension which has a feature to autotype whatever you like into whatever program you want. It's not limited to just usernames and passwords and I use it all the time.
@@MoopyToopy Ok cool, thanks for the clarification
Interesting video, I’ll still use Bitwarden and going to recommend that to others. For non technical user it is still the best choice and way better than any proprietrary alternative even if you don’t self host it.
Bitwarden saves your password "good knows where" how can you trust it ?!
@@maumuxas ah, youtube is shadowbanning me, but the decryption happens client side and the server only holds encrypted data. This is verified by third parties and I did check the source code too
And in my case I have my own bitwarden server
@@jimbo-dev I can imagine if there was third party check that data safe for hacking, but is it safe for loss ? if hackers simply delete it, you loose all your passwords. Could happen many things, like fire, electricity problems, or anything else so you loose your passwords ?!
Well it is kinda painful to have all passwords on my computer so if I need pass of any thing I have to go to my pc what about if I am outside ....
I guess using password manager which stores pass on database and using double blind technique would be better
4:08 its open source so peoples know how it works. if get hacked only need those keys and they know where they are LOL. best way do it your self, but do it way so entered password is not in command history lol
Save passwords on an old Android phone that has Wi-Fi/Bluetooth disabled. The only way to retrieve passwords is physically having the phone and looking at its screen.
You should really add two-step authentication to all your sites. No one cares about my Mastadon password, or whatever is the classic rationalization for using a non-secure system.
4:57 dont install someone else made app LOL
I am looking for the best way to store passwords I use for all my various crypto accounts would this be good for that?
This is just too inconvenient ngl
I do agree with the sentiment, but, there is something to be said for having your passwords out of the digital world.
A keylogger can break your entire password database wide open, it can't read your password book.
I've heard it put that people have a long history of maintaining physical security, but the digital world is new and so out of there control for many.
you have to type the passwords in eventually. when you do, the keylogger will see it all the same.
@@Nathanwithz But they don't steal all your passwords at once then, just that single one
Here after the last pass hack 😅
Your solution in ok when you are at your computer at home. But I also need my passwords with at work or not at home. What do you do for that?
I'm actually using my passwords on mobile a lot.
How do you get the GUI menu that pops up asking for your password?
Keepassxc ftw
Just store the password on a post it note under your keyboard that way only you will know it is there
Fast forward to 2023 and LastPass has indeed been pwn’d 😂
Plz tell your opinion about bitwarden , because it also can self host
Never used pass before. Will give it a try. Please also review Buttercup password manager.
so it's "dT" and not "dt" or "DT". We have been bamboozled.
Looks like your comments about lastpass was a prophecy!
Hey if it isn't.... Buddha :D out of all ppl , next to a cup :D
I'm looking for a solution to share passwords with my coworkers, any suggestion?
LastPass and Bitwarden both advertise team password solutions. Don't use them, so cannot advise.
That looks hard lol
Best way to use/manage passwords? Don't. Reset them and forget them. Your Mail is the manager of passwords and your accounts.
You bind the passwords for stuff into your mail. Stuff that you use day to day you learn them by hart or rethink what you use for the day to day. Why bother with a password manager? It is just a security risk. Just make a good plan about passwords. Change them at some point just in case.
Stuff I use regularly I auto login into. Security is a joke on most sites. Most places I use day to day do not require much security since if I lose them ho cares? I do not want to have my accounts hijacked, but as long as mails and important stuff is safe there is a way to recover. But stuff you do not use often just reset and forget the passwords. Copy paste stuff or somehow make a temporary password to remember for just 5min. Reset at next log in. (works grate for that odd forum or what not you use rarely)
You can have a complex password that only change a little bit from site to site. So you do not have a weak password but a password that is quite the same to many sites. But not similar or short enough to be a problem if leaked. It is a hint but the passwords on outer sites can still take effort to figure out.
Really there is only like 5 passwords that are critical that needs to be taken seriously in your life. Not much more or less.
The passwords used ones a month resets to login. Day to day are copies. Important ones are memorized and safe in your head and stored safely. And hopefully requires more but the password to work. Like a email conformation.
Like being a bit creative and making your passwords long, but you learn them properly go a long way in the password world. Change stuff per site and bam! Your probably safe enough off. Just not to short and similar site to site and your good. Mail is the real master password. They more or less IS the accounts and passwords in the end. So secure the Mails! Make enough chances site to site. Do overhauls to the copy passwords somewhat regularly. Make the mails the big attack vector. Since they are the real master password managers!
Why though? Remember 6 passwords and you never have to go through the hassle again. Also you never 'forget' sites that you used, which makes your digital footprint more easily accessibke to you
please make a video how to sync the passwords on different systems (also android) using git
dk bout git but syncthing is very good for this exact problem
*STRONG AND COMPLICATED PASSWORD*
I wonder what is the application that you use for you prompt.
what about something for windows :D
0:14 it can be pass123 if you make it md5(sha256(sha512("pass123")))
its easy password to try login and its very strong if hash is leaked. impossible bruteforce LOL.
they cant know its encrypted 3 way or more and between stages its flipped flip reversed on your choosed method lol lol
CryptoPass
those how to videos are beginning to hit really close to home lately....
I like keepassxc. Totally offline, and I can trigger the autotype with a keyboard shortcut so I never bother with stuff like browser integration.
Yup. Good.
I want to use pass but I can't figure out how to backup my gpg key in a safe way.
Honestly, you could just have a strong password and backup the naked key. It does mean you make the two factor security into one factor security but given a strong password that shouldn't be a big problem.
Pass is amazing. See no need to use anything else. Cloud based password managers are not a good idea.
There ist also a GUI called QtPass
I have a method with which I can always recall my passwords, they are unique and mostly look like gibberish that looks like a hash.
Can you explain it ? I'm interested to know
@@nostalgia9256 They are many way to do that and I changed often through the years, but for example, in the past I was doing something like this.
Use a salt, something long enough a phrase that makes sense to you. To it, you do some basic transformation like we often do, some random leet or deliberately misspelled words to make it harder to guess. Then add a pepper to it which you get from the service you want to register the password. Then the most important, how will you crumble the later result, you apply to it a series of transformation you can do manually, a classic encryption algorithm or something you made up where they key has something to do with a value you take from that same service you want to register. If it's not enough, you can still pipe the result through a hash algorithm.
You should change the "salt" and the "technique" after a while.
The history behind this is, back in the day when I was student, I had to use different and clean computer very often. At school they flash the hard drive each night. So, no way I could use a password manager and there were absolutely no way I put it on a paper or else. So I came up with this technique which I still use today.
I use bitwarden self hosted
I use a "password manager" that doesn't store the passwords anywhere, yet I can synchronize the passwords everywhere in the world instantly. How you may think? simply hashing a key with a salt. So for example my password for youtube is "youtube" and my password for other websites is just the name of the website.
I press a key to bring up dmenu and type youtube and it gives me my password on youtube. As such it also works everywhere, not only in the browser. I also have an android app for it.
What hashing algorithm do you use? what if some site has a limit on the length of the password, since hashes can be big. And the salt, is just a string or do you have something else.
@thefallenshadow No you didn't read what i said. I said with a salt. I use argon2i and a randomly generated salt. Its impossible for somebody else to guess the password without hacking my computer (and even then they cant take the salt without a key logger). Its as safe as a password manager except you dont need to store password anywhere. Maybe you should read more about it.
I mean, maybe shouldnt have posted that to RUclips cuz now the weakest link in your password security is the complexity of that salt.
You can't hack a piece of paper
so your Mastodon password is not dt?