Padlock (Password Manager) #178
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#178
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
I wanted to suggest an open source password manager Padlock looks very promising.
Source Code
They offer a cloud based subscription to sync across devices for $3.99 a month with a 30 day free trial of the cloud service. All information is encrypted before being uploaded to the server.
Cloud Source Code
However I believe they also offer local only (for free) for smartphones. IOS, Android, Windows and Mac platforms are supported with Linux on the way.
They recently had a security audit, here are the results and the notes about it by Padlock.
I am researching more about the service but I wanted you guys to check it out and know what you think of it. I don't know if Spideroak is going to keep developing Encryptr. Last update for Android was December 7, 2015, so that's why I am suggesting a new password manager.
Useful review by the proliferate JohnFastman at:-
Padlock Reviews - AlternativeTo.net
https://alternativeto.net/software/padlock/reviews/
So this is just my quick opinion after skimming the security audit and not representative of what I think about (because I haven't used it). From the security audit, it seems like basic mistakes were made that shouldn't have. Whoever seems to designed it wanted it to be a password manager first and foremost without attention to security (when it should be the first thought); maybe a side project that turned into something serious?
If you actually look at the pen testing notes, here are some of the things that are listed:
And quoting the paper itself, "Padlock.io maintainers’ attitude to positioning security at the center of the future development process will be crucial." So it's great that this security audit is out, because it shows us that just because it's open source, no one was actually checking the code until now.
Anyways, it'll be interesting to see where this project goes and if it will get more attention from it's developers to be more secure. Right now, I'd tread with caution until the fixes are released and a little bit of skepticism due to some of the basic mistakes (like seriously, why isn't the authorization keys and some other metadata not at least hashed or concealed; I have some tools that can execute this attack at home too and I'm not a dedicated pen tester).
Good point. It's important to seek how trivial mistakes were discovered in an audit. Things shouldn't be trusted just because they were audited.
Padlock got better in two years. Please reconsider it.
I think it's too expensive. We recommend Bitwarden already, that offers all of it for free: https://www.privacytools.io/software/passwords/#pw