What's the best password manager?

2nd thread about this shit.
consider ending your life, but before doing that install KeePassX

Google Smart Lock :^]

1password by far.

Read the sticky.

>>59738834
KeePassXC

>>59738815
Notepad

Ok, I have a stupid but maybe useful idea. What if I wrote a c++ program that prompted the user to enter a master password. If you entered the correct one it would cout a hard-coded array of strings that was your passwords and websites they are for. If you compiled it and deleted the .cpp file, while you can't add new passwords, wouldn't it be safe? What are the odds of reverse engineering?

>>59740476
Fairly easy. You could decompile it in assembly than arrange it accordingly.

File: 1490222639574.png (105KB, 3000x3000px) Image search: [Google]

105KB, 3000x3000px

>password manager


thx goy!

>>59738815
an encrypted text file

>>59738815

keepass and it's ports

asking a friend to remember the password for me

Just remember your passwords. You should be intelligent enough to remember 5 or 6 passwords.

>>59740476
DO NOT do your own "security" there are a lot of pitfalls that layman don't even know they don't know.

Like>>59742141
said.
Or you can just inspect the memory.

Memory is a big way someone can get passwords, since they have to transfer unencrypted into/out of memory at some point.

>>59738815
"the standard unix password manager"
https://www.passwordstore.org/

>>59740476
Trivial, you could just run strings on the binary.

>>59745219
is some sort of agency really going to bother spending man hours attempting to decompile your custom encrypted program or spend time trying to backdoor popular encryption software?

>>59745710
based program.
my migration went lastpass > keepass > pass. each better for me than the last.

>>59745710
This. It's simply great.
I migrated from lastpass to pass as well and thanks to hit I can keep everything synchronized across my devices.
The only downside, if i may say, is the basically non-existent choice of mobile clients and browser extensions for auto fill. The Android client is pretty cool and it comes on f-droid as the gpg key manager does.

>>59745710
Using it the intended way leaks information about what sites you have accounts for.

Much better to keep an encrypted text file with all of your passwords in it. It's also easier to move around, and you don't have to worry about git leaking info either.

>>59748236
>>>59745710
>Using it the intended way leaks information about what sites you have accounts for.

Please explain further, I'm interested to hear about it

>>59748228
seems to me that browser extensions are such headache. just look at lastpass woes due to theirs. hard to really make it work since browsers are such a big target.

>>59748257
>>59748236
he is talking about how each filename has the username or some other identifying metadata for each account.
don't really see a problem if you keep the files in your encrypted machines only and you self-hosted a git server. there was some 'fix' for the leaking of that info last i saw, but didn't really need it so didn't check it out thoroughly.

>>59748257
If you have a bank-of-america pass file, then anyone can figure out you have a Bank of America account even if they can't get your password. Unless you name all of your pass files random strings. Also, you can calculate the size of the content of GPG encrypted files, so if the file is X size, then an attacker can figure out our password is less than Y long.

If you use a single encrypted file, the site names are encrypted too, and an attacker doesn't get any useful info if he can calculate that the file contents are X thousand characters long.

>>59748303
>don't really see a problem if you keep the files in your encrypted machines only
If your pass files are on an encrypted machine, why are you even bothering re-encrypting them? Clearly, you are either encrypting too much or not encrypting enough, pick one.

>>59748304
The encrypted file can contain any content not limited to the password, i can potentially inflate the size of the file with garbage data.
Also, let's not forget things like 2FA and common sense: first of all I'm not getting an account with a bank whose site doesn't do 2FA mandatorily, I'm also not gonna store the password in a file that's names Bank of America, nor I'm gonna keep the official username for it

Encrypted text file

>>59748320
I'll pick both. why would i have to choose between keeping gpg encrypted files, or having my entire partition luks encrypted?

What do you guys think about Master Password? I was considering switching to it for simplicity's sake, but I feel like it's only a matter of time before the algorithm is cracked and then everything is fucked and blown wide open. What do you think?

Lesspass, a syncless password manager

Google Docs

>>59748652
It fixes something that isn't broken. Instead of only having to remember your password, you now also have to remember what key you used for which site. And if you have to change your password for one site, now you need to think of and remember a new key.

Since we're having a passwords thread, how would one make mutt remember passwords the way Outlook and the like do? I'd like to only type in a password when it's been changed but all I can find is using gpg (have to retype password every ten minutes or something) or storing as plaintext (not secure).

>>59738815
A physical notebook.

>>59750815
>take it with you
>easily susceptible to being lost/stolen

>always leave it at home
>unable to log into your accounts unless at home
>at risk of losing it in case of fire or burglars stealing it

It's not the worst, but it's not the best either.

>>59740476
Surely this is a troll

>>59748228
https://github.com/dannyvankooten/browserpass

>>59739077
Botnet

>>59738815
Use enpass