Use pass. https://www.passwordstore.org/ It's a password manager, it does one thing and one thing only: manage passwords. Want a GUI? Use a separate program. Want browser integration? Use a browser plugin. Want a searchable menu that lets you copy and paste a password into any prompt? Get dmenu or rofi and glue something together in a shell script. There is a nice selection of stuff built on top of pass on the website. The cool part is that since pass does only one thing it's much easier to reason about it. And since anything beyond just managing passwords sits atop of pass instead of being built it, it's much easier to swap out those things.

>>4283 This is what I use too. Desktop integration with rofi-pass is great, pass-otp manages OTP nicely, and the Password Store android app works great, too, and supports autofill in a lot of apps.

I still use kpcli. There's probably something better out there but I'm too lazy to switch at this point.

Use KeePassXC https://www.youtube.com/watch?v=xfwQrXSutuY

>>4283 >Use pass. What benefits does it offer over KeePassXC? >it does one thing and one thing only: manage passwords. Want a GUI? Use a separate program. Want browser integration? Use a browser plugin. Want a searchable menu that lets you copy and paste a password into any prompt? Get dmenu or rofi and glue something together in a shell script. Those are all benefits for the software dev, not for the end user. Why would I want to manage all those extra programs? KeePassXC has a perfectly fine UI, and I don't care about browser integration or autocomplete or any of that other stuff

Use your head. Password Managers are bloat and a single failure point for security.

>>5658 You can do both, actually. It's called peppering. You use a password manager with long complicated randomly generated passwords, then you add something to the end of each of those passwords that only exists in your head. For example this could be your password for netflix. >5n`<W'PyZ[;4o~=- n!etflix And for 8moe >Z:m("!~_DGTL2n=d 8!moe Obviously if you were so inclined you could get more creative then peppering the password with just the name of the service, but it's a very good approach to secure passwords if you for whatever reason think that your password manager could get compromised. Which is kind of an outlandish scenario, but I can wholly understand and respect not wanting a single point of failure as you've pointed out. But simply remembering all your passwords is clearly not feasible. Remembering maybe 3 high entropy passwords is probably most peoples limit.

>>5665 lol, i used to do this shit with my one-and-only-password-for-everything and called it a solution. but it never occurred to my nigger brain to do it to auto-generated passwords too, nice

I just use a bunch of files as passwords you just need to convert the byte stream to plaintext

>>5671 >pajeet linux

>>5671 >lua #!/bin/bash tr -cd '[:print:]' <"$1" | tail -c ${2:-32} usage: $ get-bytes.sh "filename.jpg" 69 # 69 chars also >kali >l33t h4x0r bash prompt >gui file manager lol picrel >>5672 do pajeets main kali? it seems more like a 90's skiddies OS, considering parrotOS is the new hotness for haxoring into mainframes. when they're not busy telling us they use arch btw, that is

>>5674 >l33t >doesnt even know basic security shell commands are completely visible and cached anyone can just run a debugger like strace and see your password long after youve called it the point of using lua or any secondary interpreter is to prevent internals from being visible, lua is just more practical because it embeds nativley in c where you can overwrite the memory address multiple times to make sure its gone

>>5681 >shell commands are completely visible and cached stdout isn't cached, just the fact that you invoked the script and the filename >implying invoking a lua script on the command line is different than invoking other commands on the command line nigger are you for real >the point of using lua or any secondary interpreter is to prevent internals from being visible >it embeds natively in c where you can overwrite the memory address multiple times to make sure its gone do you even have confirmation that lua scrubs its memroy before exiting? or are you just saying "C can do this"? <tr and tail are fucking C programs do you even know how to use a shell? and let me guess, you fucking copy-paste your passwords into input fields, using your clipboard like a retard goddamn, skiddie stereotype confirmed

>>5682 wow you are retarded the epitome of dunning kruger 1.the shell command is your fucking password, I just need a ram dump and the file to get your password if the password isnt already in the dump and not overwritten 2.Im talking about c you fucking idiot, embedded lua has access to variables in c, giving lua a pointer and overwriting it after closing lua state means no trace of it exists anymore other than the address which is now guaranteed empty, I just changed the offset in the script which is what I use in c with a pointer, without the offset its impossible to get the password EVEN if you have the lua script and filename and a ram dump 3.you are clearly mentally disabled and dont understand how a kernel works let alone what a ram dump looks like, dunning kruger is an overstatement for you

>>5682 >When you realize you were the skiddie this whole time

>>5682 >imagine literally being an actual skiddie and writing this This is like luke smith levels of cringe

>>5643 >this fag doesn't know about extensibility Using a separate program for all of these things gives you more control and lets you better specify what you want your password manager to have as a function. Don't want password generation? Don't extend functionality to something that could do that. <...and I don't care about browser integration or autocomplete or any of that other stuff Again, just don't extend pass to those applications, then. >>4278 Syncing your database with a home server that your devices' Keepass instances can access through the Internet should let you do this. I haven't done this myself, though, only through MEGA, and I don't know if that site is actually trustworthy. Better to learn how to setup your own server for this as you have full control.

>>4283 >>4278 I prefer tpm https://github.com/nmeum/tpm

I mentally encrypt my passwords from plain text to AES-256, then use invisible ink to write them down on a grain of rice. Then I take the rice and hide it under a loose floorboard in my bedroom. I did lose my passwords once to a hungry mouse, but other than that, I'm pretty happy with this arrangement.

>>5658 You should cipher your written passwords. If someone were to sneak into your home they could collect all of your passwords. In the event of a raid I am capable of destroying my written passwords, however in the event of a clandestine operation to access them, I am also protected somewhat. However if pictures of the ciphered keys were taken they could be deciphered.

>>5658 >implying head is not bloat >implying head is not a single failure point >implying head is secure >never heard about meat / machine interpenetration God damn it anon, just don't use passwords.

>>4278 There is KeePassDX for Android. You can use a self-hosted NextCloud server to synchronize your database, or Syncthing as long as you don't edit your database on both devices without syncing first.

>>4283 Pass is nice and all but I don't know of any way to get it to work with the bullshit google created for gmail 2FA, everything just says "use google authenticator lmao".

>>4278 I just write my password in a notepad file

>>8837 Actually, Syncthing handles sync errors like that by making a second copy of the database woth changes from one of the devices, and KeePass has a tool to merge them.

literally just pen and paper

xc for desktop and dx for mobile

>>5714 >>4283 Both pass and TPM use GPG which apparently is insecure: https://latacora.micro.blog/2019/07/16/the-pgp-problem.html Secret is an alternative in the works that uses reop: https://hacktivis.me/git/secret/

I don't even know what the fuck a password manager is. Aren't they supposed to be secret? I just tie them down to whatever thoughts I associate with the account and once in a while make a note that I accidentally used the wrong thought or transposed the numbers or whatever. One of my old bosses used an encrypted like fucking word document or whatever his shit was because he was too boomer to remember all his passwords and was advised by the IT staff that the document encryption was more powerful than all his passwords so he might as well put them all in one place. (But why even have different passwords at that point lol). This laptop happens to be locked not just by a particular japanese movie that represents my state of mind while buying it, but also altered based on the buttons that don't work until it's booted up and I can remap the keyboard. Good luck with that h40rz :^)

>>5704 not having to manage and "glue together" - as you say it - separate applications is still a valid point of his. also: if you'll tell me "but it's not that hard" I'll tell you "there's more things to go wrong along the way too though". Nice if it works for you though and the tinkering spirit is cool too.

>>4278 >Which KeepAss is better? There's the OG, X and XC now. KeePass on Windows, KeePassXC on Linux