Yet, the sync conflicts happened anyways. It wasn't in team, but between multiple devices - laptop, desktop, phone and with a NAS in the sync chain, so there is something always on. I've used 'Automatically save after every change' and 'Automatically reload database when modified externally', as the other comment says, with syncing via Syncthing. HN Syndrome: preferring "native" app than web/electron. I hated it initially, but later discovered it's actually a great tool for managing secrets in general.Ĥ. I actually started using KeePassXC because IT forced me so. But I think KPXC + whatever_file_sync_app is simpler.ģ. I know that with some configuration you can have self-hosted BitWarden vault. Now I have a centralized and organized access.Ģ. These non-password secrets used to be saved in plain text scattered around in various files on my PC. I am aware you can save them in the note section, but it feels better when you can customize these fields. Or certain PIN for my bank accounts (not the one used to login the online banking). Another example would be a PIN required each time I use the voice mail.
KEEPASSXC WAIT SOFTWARE
For example, a desktop software credential (with BitWarden, I need to open a browser or electron app to do that). I need a tool that can save not just password, but something more general.
KEEPASSXC WAIT PASSWORD
I really don't have anything to complaint (before BitWarden, I was using browser built-in password manager). But, for me personally, the inconvenience of it is not worth the additional security.
If you're worried about either of those threats, then a separate TOTP device is absolutely vital. But I use syncthing to directly share my DB between devices, so I'm not particularly worried about that. Now, if you store your password database on someone else's cloud, that could become more of a concern, as a mass breach and bulk collection of databases becomes a possible attack vector.
KEEPASSXC WAIT CRACK
What I'm not especially worried about is specific targeted attacks where the attacker is attempting to acquire my database and crack it. TOTP even if it's in the same database solves for #2 since simply scraping the password isn't enough to gain access.Īnd #3 isn't addressed at all, even if you use a separate device for TOTP. Using a password database allows me to use different passwords for every site, which defeats #1. Technically no, but whether or not that is a problem depends on the threats you're worried about. If you keep 2FA codes on the same file as your password then it isn't 2 Factor anymore, right? However, I keep 2FA TOTP codes on my Pebble watch only. I often use the notes to store things like github tokens (for git), etc. > The UI makes it much easier to copy and paste fields and the notes are clearly visible. Some sites will login with different URL's and KeepassXC will not recognize all.~~īut I am still a fan.
~~You can't have multiple addresses per entry. As varjolintu explains bellow, this is wrong. Chrome's add-in is the hardest to get working. Sometimes you need to reload the page, reopen the db. * The browser add-ins are not always smooth and friction-less. Touch ID is one of those things that suddenly you discover you can't live without. * It took me a while to understand how does the Touch ID/fingertip reader works (you need to turn on the checkbox, press Ok on the authentication modal and then touch the reader). * The UI makes it much easier to copy and paste fields and the notes are clearly visible. Is tricky to get it working but once you get it you'll become addicted. Make your own cloud with a RaspberryPi referred by a DDNS and you'll have super powers. * Runs on Linux/Mac/Windows and there are compatible clients for Android.
0 kommentar(er)
