Re: Password Management Services

Top Page
Message as email
+ (text/plain)
+ (text/plain)
Delete this message
Reply to this message
Author: der.hans via PLUG-discuss
To: Michael Butash
CC: der.hans, Michael Butash via PLUG-discuss
Subject: Re: Password Management Services
Am 24. May, 2020 schwätzte Michael Butash so:

moin moin,

> It's been a good while since looking at KeePassXC, but looks like it's come
> a long way here. The "database merge" function sounds interesting for what
> I need, as well as it has a browser plugin it seems... How good is the
> question? Lastpass in the browser is pretty sharp about noticing input
> fields, referencing the right accounts, multi-computer sync, things like
> that.
> I used KeePass, and later KeePassX for a good 10 years or so before the
> last 5yr of Lastpass, but it was always quirky to replicate between
> computers (not to mention fscking mono). It just didn't work when I had

No mono in KeePassX or KeePassXC.

> 3-4 separate systems that needed to work with it and rsyncing. I'm used to
> versioning and replicating my work data, which passwords are largely a part
> of here, but if I make a change on my desktop, before I sync it to my
> laptop while I'm on the road for a week or two, I have source of truth
> issues and someone loses with no atomic updates in a flat file.

Yeah, KeePassX takes manual tracking to keep things in sync. Though I did
travel a bit, I rarely found a need to change a password while traveling.
If I created new passwords while away, they would go in a new group to
track what needs to be synced.

> Moving to Lastpass fixed this, and holy crap, the browser plugins can
> autofill? Word.

Yeah, I don't trust browser magic like that. What else can grab passwords?

My passwords are push rather than pull and I want them in mouse-gapped
tools :).

OK, clipboard as the mouse isn't necessarily involved, but one syllable

> Remove the cloud, it needs a database or api-sort of constant CRUD-type of
> feed for all endpoint clients still ideally. I can do this with VPN, but

Yeah, syncing via log rather than state would be nice.

> not found something like a client/server application to replicate what
> lastpass or onepass bring. I'll have to see if KeePassXC does anything
> like this, as simply rsync a flat file between hosts is never good, and has
> caused me grief. I can always run a small db on my synology ideally, or
> some cheap cloud instance. Give me a reason to set up a Nebula
> <>
> network to keep everything talking...
> I tried nextcloud on my synology, it was just weird to use - didn't like

I've had some issues setting up NextCloud the way I want, but I do things
differently than most.

> it. Syncing files was problematic I found, really I just wanted to dump my
> phone pictures out between phone devices, and never could get it to work.

The big bug for me last year was that it would only sync new pictures.
Pictures already on the device were ignored. That bug has been resolved
and a new NextCloud instance with sync saved a project for me a couple
weeks ago.

> I just sort of abandoned it years ago, but another thing perhaps to look at
> if there are features for password management.
> Never heard of BitWarden, but will look into it.

Let us know if you have some feedback on it.

> Thanks Hans!

Gern geschehen :).



> -mb
> On Sun, May 24, 2020 at 11:44 AM der.hans <> wrote:
>> Am 24. May, 2020 schwätzte Michael Butash via PLUG-discuss so:
>> moin moin,
>> I have been happily using and giving presentations on KeePassX for more
>> than a decade. It isn't cloudy, so you have to provide your own sync. To
>> me this is good as it encourages different files for different reasons,
>> e.g. I have a travel file with just a few passwords, a file I share with
>> the family and files for different non-profits I work with.
>> If you use KeePassX, I recommend the KeePassXC fork, but there's a
>> consistent lockup bug in the Ubuntu Bionic distro, so stick with KeePassX
>> there. Both are good, but KeePassXC has more people actively working on it
>> and is getting more updates.
>> As to cloudy services, I tested two different password manager apps
>> available for NextCloud. I was going to use one for a project, but stopped
>> working on that project.
>> There's also BitWarden. I haven't used it, but have gotten good reviews of
>> it from people at conferences.
>> ciao,
>> der.hans
>>> I've been using LastPass for 5 years, as I purchased a 5yr subscription
>>> initially liking the product so much. Since then, they've been through
>>> acquisition by LogMeIn/GoToMeeting, which I hate, first thing jacking
>>> prices, had security resets due to dubious levels of being hacked, and
>> just
>>> both the UI and the service have gotten worse over the past few years
>> since
>>> GTM bought them. I don't trust it'll get better from here.
>>> What are you all using for password management, particularly full-time
>>> linux users? I like the cloud sync options, but I really don't trust any
>>> of these companies fully, and would like something easier to sync with
>>> across platforms minus a cloud.
>>> Thanks in advance!
>>> -mb
>> --
>> #
>> # "Civilisation is a race between education and catastrophe" -- H.G. Wells

# Your email is being read by hundreds of uptight agents
# who never saw the humor in Dr. Strangelove. -- Mark Russell---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings: