How much of a bad idea is to store all my passwords in an encrypted text file? :^)
note that it's encrypted :^)
I think it's much better than using password botnet managers.
Yeah I know, but for this purpose I think it's safe enough. No person is going to be able to see its contents besides me even if they manage to somehow get their hands on that file.
Trusting windows is worse than trusting those "botnet" password managers mentiined in the OP. Many of those managers are open source and by far the best option behind fairly knowledgeable people doing it themselves
>Yeah, I just can't trust all this "cloud syncing".
That's fair. Typically the encryption/decryption is done on your end and the encrypted data is stored on the cloud, meaning nobody can really do anything with it without your key, which is stored purely on your end. You can't always be 100% for sure, however, and there are password managers without any online connectivity
What's wrong with KeePass? It's all local and it's open source, which I'm guessing is one of the reasons you would be trusting GnuPG (or whatever software) to do your encryption/decryption.
There was a recent bug found in keepassX that circumvented encryption. Using these purpose-built encryption programs just increases your attack surface, with the only benefit being that it gives you a
GUI. GPG is tried and true.
The same is true for
>>52460420. Also, there was a critical bug found in a popular cloud password manager akin to KeePass, I forget the name of it though.
It's tedious, mate. You should try a real password manager (non-cloud) with 2FA, like Password Safe + YubiKey
if you think decrypting and piping your passwords to vim or another text editor is more secure than keepass, you're wrong. a password manager offers more than a simple gui
unless you know what you're doing (judging from op, you don't), stick with tried and true software
>There was a recent bug found in keepassX that circumvented encryption.
if you're talking about keefarce, that only works in a situation where you'd be able to copy the password anyway. using gpg wouldn't protect you from a similar attack
Look you retards, if you're running any password manager on windows it's ultimately going to use windows cryptoAPI anyway, which is the same as what will be used to store the password on the encrypted file. If you have a password manager that doesn't use crypto API, it'll have to decrypt and encrypt your key in userspace memory which would be trivially easy for someone to get to with access to your box.
The only exception would be those cloud-based password managers which none of you would touch anyway because of botnet meme.