so /g/ do you trust cloud password managers, or should i

>>55875827
>Passwords managers
Why? Are you a toddler or something?

trust nothing
except brain.exe

>>55875827
Better stick with keepass

>>55875837
>>55875844
>>55875838

but that fucking slick UI mmmm CANT RESIST

>>55875827
>save passwords on txt file
>encrypt file
>upload to cloud
>???
>prophet

Eh. At work we use LastPass for password sharing. The web site and browser addon are both garbage and they've had a pretty constant stream of security problems over the last few years.

But they're pretty much the only viable option for our needs. The competitors are even worse. Why the fuck is password sharing such a niche market?

We've considered a self-hosted options, but there's only a small handful of serious contenders (read: they aren't obviously total garbage). Two are Windows-only solutions, require IIS, and apparently demands unreasonable access to your domain (we're not big enough to have a Windows guy, so we'd have to learn IIS... the domain complaint comes from random forum posts). The other two are open source, but look like student projects... not exactly confidence inspiring. We also briefly looked at trying to hack together a shared KeePass store, but it didn't seem ideal (constantly fighting data loss...) and we were running out of free time.

So yeah, LastPass. It's insecure and frustrating as hell to use, but seems to be slightly less atrocious than the alternatives. YMMV.

For personal use, I wrote a python script that's basically encrypts a CSV list of accounts with OpenSSL/LibreSSL. Good enough for me. Over the years, I've added stuff like a complex string generator (passwords, etc) and TOTP. Been meaning to put it in a repository somewhere for ages, but never got around to it.

>>55876115
Forgot to say: my recommendation for personal use is absolutely KeePass. I just like my own script because I personally disagree with a few decisions KP has made.

>>55876115
What's funny is that Lastpass recently had a big security breach

I trust and use Lastpass personally. I even pay for Lastpass premium so I can get my shit on mobile too. 12 a year isn't bad at all.

>>55876115
>>55876254
Lastpass is insecure and full of security breaches? I googled it and all of their "security breaches" seemed pretty inconsequential. No actual important data was stolen. What are you guys talking about?

>>55876285
The most recent one was the fact that any website could trick the browser addon into revealing your passwords. It was fixed before it was announced, but could have been in the wild, we don't really know. This is something that should have been caught in QA and reflects poorly on them.

I'd have to look up the details of the previous incidents, but I do remember that emails and salted master passwords were leaked at one point. They're a big target, but considering that you're basically entrusting them with the keys to your kingdom, even a few minor incidents is enough to reasonably consider alternatives.

I think the bigger issue was LP's handling of the disclosure afterwards. I honestly may be confusing this with Linode or something else, but I seem to recall a frustrating lack of details.

>>55875827
>do you trust cloud password managers
>do you trust cloud
Nope!

>>55875978
This. Just use a text file. Why would you need a password manager for that?

I use Firefoxs master password, werks well enough.

I have most of them stored in Chrome.
It is comfy, yet i know they know my passwords.
But i use Gmail and youtube so it is irrelevant.