I won’t speak for others, but I went premium because doing so is cheap and allows me to use my Yubikey for 2-factor authentication.
I use KeePassX, for no particular reason other than I’ve used it for years and it’s cross-platform. I don’t know why I use that rather than KeePass 2 - possibly I had some problems with Mono or something back in the day.
I sync using Dropbox 
Again a historical thing. Perhaps I shouldn’t but I also do two-factor auth; need both the password and a key file. My key file is (reasonably) securely stored outside Dropbox.
IIRC there are several IOS apps - I used to use KyPass which supported the Dropbox/key file thing quite well.
I haven’t played much with browser integration and indeed there may be better ways to do the sync, so thanks for the links. I’ll look into those. But in general a thumbs-up from me for KeePass$WHATEVER.
When the Linux Mint forums got hacked it was really nice to be able to check in KeePassX and say “Oh yeah, randomly generated strong password. No worries”.
Listening to your wishlist, LastPass does absolutely everything you want, except that you have to store your data on their servers (you can also export your entire store as CSV so you’re not completely screwed if they go away).
My wishlist is very much the same as yours, so I used LastPass for ages and my partner still uses it (as I don’t want to have to explain to her what a PGP key is), but I really like having my own data so I’ve moved to pass. You’re not quite right in your assertion that it doesn’t integrate with anything else.
As has been mentioned, there’s a Firefox plugin which uses the command line tool as a backend, and a pretty good Android app (Password Store) which can autofill passwords into apps or copy a password to the clipboard for you for easy pasting. I use the built-in git support to sync my store between devices (via my general “cloud” server).
I use KeePass(X) similarly as @hillsy does.
I dont’t sync it over a cloud service, but manually copy the db file to the devices where I need it.
On my desktops I use KeePassx. On my Jolla phone there’s a nice app for this and because of the multitasking capabilities of SailfishOS, copy pasting is very straightforward.
I’m thinking about splitting my db file and putting a db file containing much used passwords to my ownCloud server. (of course encrypted with a keyfile not synced over the net)
I think I first paid because I liked the service and it was a way to give back. The sync is very handy. The price feels very reasonable; I’m 1st world poor so I often can’t afford subscription services but this seemed worth the cost. It would be hard, but I’d probably be willing to pay three times as much for a fully open alternative.
Thanks, I’ll definitely give it a shot.
1 Like
Like many of the others above, I use KeePass2 in Ubuntu and Windows and KeePass2Android on my phone.
I sync with Dropbox (because it’s an encrypted blob) or via OwnCloud’s Dropbox storage provider where Dropbox is not accepted. Dropbox works natively with KeePass2Android, although you can also use WebDAV, but that’s had some issues when I was just using OwnCloud not Dropbox.
I use KeeFox for Firefox synching but the developer of that has expressed concerns about the new Firefox extension model (rather than add-ons) and don’t currently use chrome, but there is a similar extension… Not on a Chromebook though which threw me.
I also use the totp plugin on keepass2 so I don’t always need my phone to answer the Dropbox/Google/github token code.
More than happy to try and video my use of these things, if you want @sil
For the first time, I was disappointed in @jeremy’s commentary - his security advice around Lastpass was good valid advice for password management tools in general, but it really doesn’t hold water in the case of Lastpass.
Since Lastpass is handling all encryption and decryption locally, on the client, and only storing an encrypted blob, I don’t see where there’s any issue with storing, for example, an email password in it. Lastpass has no mail-based recovery, requires you to approve access from mobile devices and browsers, and makes it trivially easy to use any of a wide variety of two-factor authentication devices (I use a yubikey myself), it’s just irrational to claim that your mail password is somehow at risk on their server.
As I said in the segment, it’s all about your personal tolerance for risk. I use 2FA (also yubikey) and think LastPass has done a solid job of both design and implementation. They’ve responded well to issues when pointed out to them. That said, your email password is basically the key to reset every password you have. Because of that, I’d prefer it not be stored anywhere public. That’s my personal threshold for risk. It’s clear yours is different, and there is no absolute correct answer.
–jeremy
OK, here I am, now a pass user, with dmenu to choose passwords (and an “Add New” item on the top of dmenu to let me add new ones if I need to). Let’s see how annoying this gets when it’s not integrated with Chromium, although reassuringly Chromium stores passwords in the Gnome keyring, so I may write a two way sync between the two…
1 Like
Hell yeah! I hope you like it. And you get the added bonus of storing non-website/browser passwords in it too, like ssh, vpn, etc. For an IMAP client I’m using, I just have a config line that says: PasswordCommand "pass show email/kolabnow.com/[email protected]", which is cool and much better than using a plain text password in a config file.
Also, I’m using rofi in place of dmenu since I think it’s prettier. You can achieve a dropdown-like menu with it too, which I like. I’ll paste my ~/.Xresources if you or anyone is interested, though it probably needs to be modified for your needs. Particularly rofi.yoffset most likely.
rofi.location: 2
rofi.font: mono 11
rofi.color-enabled: true
rofi.color-window: argb:ee1E1E1E, #1E1E1E, #525252
rofi.color-normal: argb:001E1E1E, #F1F1F1, argb:001E1E1E, #494767, #eee8d5
rofi.color-urgent: argb:001E1E1E, #dc322f, argb:001E1E1E, #dc322f, #fdf6e3
rofi.color-active: argb:001E1E1E, #268bd2, argb:001E1E1E, #268bd2, #fdf6e3
rofi.separator-style: solid
rofi.fullscreen: false
rofi.padding: 2
rofi.hide-scrollbar: true
rofi.line-margin: 2
rofi.fake-transparency: true
rofi.yoffset: 20
rofi.xoffset: 0
rofi.width: 1920
rofi.lines: 25
You mentioned an “Add New” item on the top, which probably works better than this, but I thought I’d also mention there is rofi-pass which has an add password feature.
Yeah, I saw that, but rofi isn’t in the Ubuntu archives. Annoyingly, the version of dmenu in Ubuntu 14.04 doesn’t handle TrueType fonts, but that’s fixed when I eventually upgrade to 16.04, and I can live with it until then.
1 Like
Talking of thrash metal at 35.05-Anyone heard of Metallica’s new Song in three years ?
Any Metal followers out there ?
\m/ O \m/
(Random text to sate Discourse’s off opinion of what a valid body text looks like)