Comment on Are password managers secure to use?
twice_hatch@midwest.social 2 days ago
I do SyncThing and KeePass.
Their URLs at time of writing are syncthing.net and keepass.info
I don’t remember which KeePass UI for Android I use. I think I use Syncthing Fork on Android
That gives me the benefits of a cloud password manager, but the only cloud infrastructure is whatever SyncThing uses to do its peer-to-peer tricks. The password database is encrypted on disk with my root password, and then it’s encrypted end-to-end in transit because every SyncThing node knows the public keys of my other nodes.
I almost never upgrade KeePass because I’m afraid of losing access to my passwords on my phone. SyncThing I do upgrade because that’s easier to fix.
If you upgrade regularly, you’re vulnerable to the project being compromised. If you never upgrade, you’re vulnerable to whatever old code is vulnerable to. Personally I err on the side of not upgrading often.
I also have my own implementation of diceware www.eff.org/dice
Modern_medicine_isnt@lemmy.world 1 day ago
I think, based on the question asked, this is a bit more complicated than OP is interested in. Just saying. But bravo for your dedication to keeping info out of corporate hands.