+ Reply to Thread
Page 2 of 2 FirstFirst 12
Results 16 to 27 of 27

Thread: KeePass getting inadequate for 2022+ ?

  1. #16
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    Quote Originally Posted by Instab View Post
    under absolutely no circumstances i would upload my account data to a remote server. even worse if the only reason to do that is convenience.
    ever since the cloud stuff came up some years ago a lot of people seem to have lost any sense of security/privacy.
    At this point and after several rants from me, I assume everyone is aware of the pitfalls and either accepts the risk or doesn't care But self-hosting on a home server is an interesting idea.

    as to Master Razor's problem, one solution to what you want is sqlite. encrypt the database file or put it on an encrypted partition or similar and use an sqlite gui as client. that way you can have the exact table/field structure you want and performance shouldn't be an issue either.
    Since he mentioned doing this with MS Access years ago, I assumed using a "regular" database was off the table for some reason...
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  2. #17
    We also have to be honest that self-hosting is not an option for most people. All/most of us here are computer savvy, but hosting your own solution just is not a viable option for the generic user.
    They have no idea what they're doing and how to properly and most importantly, safely set this up. There's no point in self-hosting if the server itself isn't secure either. Most people don't even have a server or even a NAS and don't want to run their normal desktop 24/7

    I get what you're saying about the cloud services, and I agree, but we also have to be realistic and accept that for a lot of people, this is the only option. It's either that, or trying to keep a txt file in sync over devices. Which for these users, will most likely mean:
    - email
    - dropbox
    - onedrive
    - other insecure things

    That quickly turns into a major hassle, which in turn will result into them using the same password everywhere again.
    Imagine telling the average user to just use sqlite Their heads would explode. And how will I ever log in on my phone
    Last edited by Sazzy; 21.09.22 at 13:21.
    g̺̗͙̺l̜̜i͖̦͇̙t͕̲̜c͇̮͕̺̩͎̰̜h͕̦̘
    Reply With QuoteReply With Quote
    Thanks

  3. #18
    Since he mentioned doing this with MS Access years ago, I assumed using a "regular" database was off the table for some reason...
    It's not. This is the best solution and I'm currently working on db as we speak.

    I'll still need a gui interface for it.

    // LE:

    I just remembered that access database... It had another purpose at first, and only later it had been repurposed for DD.
    I don't suppose anyone saved a screenshot? I would've liked to see that crud again. It reminds of simpler times.
    Last edited by Master Razor; 22.09.22 at 03:25.
    Reply With QuoteReply With Quote
    Thanks

  4. #19
    Moderator
    Instab's Avatar
    Join Date
    18.09.09
    Posts
    6,660
    Activity Longevity
    5/20 17/20
    Today Posts
    0/5 sssss6660
    Quote Originally Posted by anon View Post
    self-hosting on a home server is an interesting idea.
    i did neither mean nor mention that.

    Quote Originally Posted by Sazzy View Post
    we also have to be realistic and accept that for a lot of people, this is the only option. It's either that, or trying to keep a txt file in sync over devices.
    that's where the problem is. people simply have to classify a bit. do i need all my accounts everywhere? most likely not.
    so the compromise solution for most people is to split things up. keep the crucial data offline and locked away and the less important stuff can be handled a bit more relaxed i.e. dragged over to the phone and other exposed locations.

    Imagine telling the average user to just use sqlite
    of course not. this was specficially for Master Razor because he asked for his own use.
    Your account has been disabled.
    Reply With QuoteReply With Quote
    Thanks

  5. #20
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    5/5 ssss39386
    Quote Originally Posted by Instab View Post
    i did neither mean nor mention that.
    I know, I mentioned it because BitWarden specifically offers and encourages it for those who don't trust "the cloud".

    Self-hosting is indeed not for the average person... but they're not the ones who started this thread
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  6. Who Said Thanks:

    Instab (26.09.22)

  7. #21
    i would have dropped KeePass ages ago if it wasn't for its "merge database" feature. i only ever sync between devices when i actually need to login somewhere. also, KeePassDX for android is wonderful, way better than Bitwarden app
    Reply With QuoteReply With Quote
    Thanks

  8. #22
    How is it better than Bitwarden app?
    Reply With QuoteReply With Quote
    Thanks

  9. #23
    So it turns out I was right. It's not even inadequate-it's useless. Accounts are getting more and more connected these days, you have dependencies on login, recovery codes, p2fa, random throwaway emails with scrambling/unscrambling addresses, crypting data, login pattern: what vpn/country/tor instance..all this crap needs to be logged somewhere. What keepass does it to provide just a place to input passwords. if you add anything else, performance drops significantly. And is not sustainable if you're a power user and have hundreds of accounts. Besides, KeePass was not made for users that use a unique email for each account; that auto-fill in the username field kills us... So, I'm leaving all password managers, and going back to my original idea:a spreadsheet, filled with data...
    Reply With QuoteReply With Quote
    Thanks

  10. #24
    I feel the same now, I just put all extra info in the notes field, but I often have to use other info than just username & password and then it's really tiring to copy info manually from there. But I'm not sure if a spreadsheet is secure enough..
    Reply With QuoteReply With Quote
    Thanks

  11. #25
    When security comes at the cost of usability, you're not doing security. Besides, managers are constrictive. The only way to retain passwords is when you see them. When you have a list of usernames and passwords, your brain retains the data, the more you use your credentials, the more you'll retain them. And when you see them you know which are secure/old/can be breached. Hiding them in a maze of crappy organized structures does not help the situation. Random character passwords, aka secure are not secure. Since you require a whole lot of thinking thinking to make them secure: you need a manager, to use the data from the manager you need a secure way of copying/pasting, there are multiple forms/windows, computer locks, online/offline, it doesn't work. You're brain is the only thing you can take with you wherever you go, and if you rely 100% on devices to remember logins, you're dead.

    Never quite understood the methodology of secure passwords. So, they impossible for humans to remember, but good for computers to remember. So, you take something unhackable (the mind) and you place in a vulnerable infrastructure dependent device that can be easily hacked.. to what prupose? When you could all just remember each password by heart using muscle memory. I think people greatly overestimate the power of password managers. And.. they also drawe attention. ... Say you're a very talented programmer, when you find a manager database or an excel file, which one intrigues you first? Plain and simple things have no interest to anyone, but big flashy, secure storages are.
    Reply With QuoteReply With Quote
    Thanks

  12. #26
    Advanced User Blocker's Avatar
    Join Date
    11.03.09
    Location
    The Pirate Bay
    P2P Client
    VEM
    Posts
    1,606
    Activity Longevity
    5/20 18/20
    Today Posts
    0/5 sssss1606
    Bitwarden!
    Reply With QuoteReply With Quote
    Thanks

  13. #27
    I've moved from the spread sheet as it turns out that wasn't good either. Unix had the right idea having all data in plaintext files. User credentials are not something standardized and along side the credentials you other data as well. It would be comforting to say "just use the notes field" or similar but it does not work. The amount of data that we're talking about go beyond a single field.

    At this point i have this:
    [url] [application] [username] [login name] [password] [previous password] [email] [secondary email] [phone] [secondary phone] [notes]

    And if using temporary emails with passwords then you add 4 more fields like [temp email url] [ temp email id] [temp email address] [temp email password].
    This due to the fact that guerillamail and others like it scramble their email ids, and so you need to have the original id, the address, the password.

    If you add all of these into a spreadsheet, many of those fields will be empty, and it will look horrible. Not to mention the fact that it's impossible to actually find anything in there. Good android spreadsheet apps are non-existent; it just can't be done. So.. back to plaintext, where the data-separator is a new line.

    CSV is bad as well due to lack of data. Those ,,,,, does not help the situation, at all. Reading it in a spreadsheet is also problematic as both microsoft and libre open the csv as spreadsheet, and since it's a plaintext, numbers-like fields are seen as numbers, so phones that start with +xx, end up xx. Very, very bad...
    Reply With QuoteReply With Quote
    Thanks

+ Reply to Thread
Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •