talkgroup

Password management 2019 check-in

Tags: #<Tag:0x00007fd921c7f568>

Continuing the discussion from the 2013 discussion, Where do the passwords live?:

I use Lastpass these days. And yes, you can send another Lastpass user a password.

What do yall use for pw management? ^^

2 Likes

KeepassXC and Keepass DX. I use syncthing to keep them in sync across my laptop, phone and gpd pocket. I use syncthing’s version history to guard against misshaps with the database.

Though I have no need to send passwords to other users in most cases.

2 Likes

Also KeepassXC. But I don’t sync it anywhere. I mean, I backup-encrypt-rsync, but I don’t use passwords across devices. If my phone got compromised my business would really suffer if it had passwords.

Instead, I send login passwords to myself over jabber, as needed. Useful for logging into a site on my phone, I delete the message, and it was OMEMO the whole time. Requires planning, of course.

As for client logins, I make them change the passwords. If they share them with me, after I’m done I insist they change them, and bug them until they do. A much better relationship with their credentials. :slight_smile:

Inspiration: make a guide for various users for keeping passwords safe.

1 Like

a zine!!! a password practices zine!

2 Likes

I wanted to add a strategy we use at work, in terms of password sharing. Or more accurately account sharing.

We occasionally setup listserv or shared mailboxes as the authoritative “owner” of an account. The listserv or shared mailbox then represents everyone who can perform a password reset on the account, if the primary person using it is unavailable.

2 Likes

I should add that the phone always has hardware encryption turned on, and the password database syncs to internal storage not removable storage.

Full hard drive encyrption to on both linux machines.

This is something im a little cognisant on.

Im a little wary of trusting it with a cloud storage provider. Peerless syncthing is the only solution ive stumbled into that has a lot of that convenience without havign to trust a third party.

2 Likes

Saw this today while further tidying up some stuff with Nextcloud and Yunohost. Thought it might be relevant to the original discussion of how to securely share passwords.

Passwords allows you to store your passwords safely with Nextcloud. The intuitive and modern web interface of the app makes it easy to update and add new passwords from anywhere. Included security checks help you to keep your online accounts safe and up-to-date. You can also share passwords with other Nextcloud users.

https://apps.nextcloud.com/apps/passwords

1 Like