Consider dropping or moving stateless password managers #187
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#187
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
See article here: https://lwn.net/SubscriberLink/715090/e426fd5aff3e366d/
I'm not sure if you guys advocate for the most secure way or just low hanging fruit for most people, but if it the former then I think that Keepass+Addon should at least be moved to the first position. Thoughts?
Agreed with this. Another article about it: https://tonyarcieri.com/4-fatal-flaws-in-deterministic-password-managers
BitWarden seems quite popular for online storage of passwords.
@graysonkent We might point out that the security isn't as good as that of local password managers, but I don't think we should be dropping these password managers altogether.
@sevengali
For many sites, they work great. I use KeePass for the important stuff and LessPass for the less important stuff and I've never ran into a password policy problem with LessPass. Actually, once. Character limit. So I just remeber to delete the last 4 characters on one forum.
I just find the combination of a local password manager and something like LessPass very powerful. Former is secure and latter is better than bloating your database or opening it when you don't need to or using a separate password for all unimportant websites.
Great point:
I think we should recommend local password managers as the secure ones and stateless password managers as a less harmful alternative to one password for less important websites.
I suggest why don’t we add the new sources and tell about the “flaws” as keep in mind safety measures. This is because in the recommendation for Wire, on the site it tells the company keeps a record of people you chatted with.
However, I feel like we should also have a stable recommendation, because I use Encryptr by SpiderOak, but because it was removed, I am now having to decide which one works the best.
Granted that softwares and going decentralized to all forms is a bit of a challenge but a stable pick or recommendation can help with the goal of - easy to use, decentralized and meeting the original criteria.
Master Password was moved to "Worth mentioning" in #587.
It's the same with LessPass. The issue with these password managers:
Yeah. Set KeePass as best solution and add cloud solution a warning label