Discussion:
[ale] Of password managers and family...
Kyle Brieden
2017-10-20 19:30:56 UTC
Permalink
Howdy all,

I've been using a KeePass vault for password management for a little
while now. I use my NextCloud server (SUPER awesome, do recommend) for
syncing the vault between computers and mobile devices. I use KeePassXC
on Windows, Mac, and Linux, and I use different apps on my Android phone
and iPad respectively. This is all well and good for *me*, because I
like the open source, I own all the hardware, I'm doing this all on my
own kind of feel, but this isn't sustainable for anyone more than
myself. I have been bitten in the ass before by my vault getting out of
sync between two devices or being open on multiple devices at a time.

My family (fiancee, sister, brother-in-law, mother, and father) need
protection. They NEED to stop reusing passwords and set up a password
manager. Does anyone have any opinions on low barrier to entry, low
friction password managers for the non-technical in our lives? I've
investigated LastPass thus far, and the price seems worth it to me.
LastPass seems trustworthy, too, with how open they are about their
technology stack. I have looked at some others, such as Padlock, too,
which seems like a good open source alternative.

Thoughts? Opinions? Feelings? Success and/or catastrophic failure
anecdotes?

Thanks!

---
Very respectfully,
Kyle Brieden
Joey Kelly
2017-10-20 19:55:16 UTC
Permalink
Post by Kyle Brieden
Howdy all,
I've been using a KeePass vault for password management for a little
while now. I use my NextCloud server (SUPER awesome, do recommend) for
syncing the vault between computers and mobile devices. I use KeePassXC
on Windows, Mac, and Linux, and I use different apps on my Android phone
and iPad respectively. This is all well and good for *me*, because I
like the open source, I own all the hardware, I'm doing this all on my
own kind of feel, but this isn't sustainable for anyone more than
myself. I have been bitten in the ass before by my vault getting out of
sync between two devices or being open on multiple devices at a time.
Someone needs to LART me because this is an AOL "me too!" reply.

I do not trust any foggy service to hold my passwords. I am a hardcore geek
and enjoy bash, so I decided to spin up yet another half-finished project to
vault my passwords a year or so ago, using Perl and AES. My script asks me for
the master password, then lets me view or change any particular entry. I have
to manually copy and paste the passwords.

I don't trust others, but I trust me, and ain't no way I'm going to leak data,
even encrypted data, to the web.

--Joey
Post by Kyle Brieden
My family (fiancee, sister, brother-in-law, mother, and father) need
protection. They NEED to stop reusing passwords and set up a password
manager. Does anyone have any opinions on low barrier to entry, low
friction password managers for the non-technical in our lives? I've
investigated LastPass thus far, and the price seems worth it to me.
LastPass seems trustworthy, too, with how open they are about their
technology stack. I have looked at some others, such as Padlock, too,
which seems like a good open source alternative.
Thoughts? Opinions? Feelings? Success and/or catastrophic failure
anecdotes?
Thanks!
---
Very respectfully,
Kyle Brieden
--
Joey Kelly
Minister of the Gospel and Linux Consultant
http://joeykelly.net
504-239-6550
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Solomon Peachy
2017-10-20 19:58:41 UTC
Permalink
Post by Joey Kelly
I do not trust any foggy service to hold my passwords. I am a hardcore geek
and enjoy bash, so I decided to spin up yet another half-finished project to
vault my passwords a year or so ago, using Perl and AES. My script asks me for
the master password, then lets me view or change any particular entry. I have
to manually copy and paste the passwords.
If you're comfortable with the comand line, I suggeste you check out
'pass' -- it's described here:

https://lwn.net/Articles/714473/

It uss gpg to encrypt the passwords individually, and ties in with git
to provide distribution/synchronization.

I'm quite happy with it, but there's no real way to use it from a phone.

- Solomon
--
Solomon Peachy pizza at shaftnet dot org
Coconut Creek, FL ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum videtur.
Kyle Brieden
2017-10-20 20:16:11 UTC
Permalink
I completely and totally appreciate your stance on this, Joey. My
family don't fall into our category, though :P

I can't say I trust anything that's opaque or outright blackbox myself,
but *something* is better than *nothing*, which is what they have right
now. There's a reason companies like LastPass thrive. They are trusted
to do the hard things for people who can not or do not want to. I
guess, overall, what I'm asking for, is this: "Which company do y'all
feel is most trustworthy?" Additionally, "Which tool is easiest to use
so that someone who would actively avoid learning 'those computery
things' would be willing to utilize this?"

---
Very respectfully,
Kyle Brieden
Post by Joey Kelly
Post by Kyle Brieden
Howdy all,
I've been using a KeePass vault for password management for a little
while now. I use my NextCloud server (SUPER awesome, do recommend) for
syncing the vault between computers and mobile devices. I use KeePassXC
on Windows, Mac, and Linux, and I use different apps on my Android phone
and iPad respectively. This is all well and good for *me*, because I
like the open source, I own all the hardware, I'm doing this all on my
own kind of feel, but this isn't sustainable for anyone more than
myself. I have been bitten in the ass before by my vault getting out of
sync between two devices or being open on multiple devices at a time.
Someone needs to LART me because this is an AOL "me too!" reply.
I do not trust any foggy service to hold my passwords. I am a hardcore geek
and enjoy bash, so I decided to spin up yet another half-finished project to
vault my passwords a year or so ago, using Perl and AES. My script asks me for
the master password, then lets me view or change any particular entry. I have
to manually copy and paste the passwords.
I don't trust others, but I trust me, and ain't no way I'm going to leak data,
even encrypted data, to the web.
--Joey
Post by Kyle Brieden
My family (fiancee, sister, brother-in-law, mother, and father) need
protection. They NEED to stop reusing passwords and set up a password
manager. Does anyone have any opinions on low barrier to entry, low
friction password managers for the non-technical in our lives? I've
investigated LastPass thus far, and the price seems worth it to me.
LastPass seems trustworthy, too, with how open they are about their
technology stack. I have looked at some others, such as Padlock, too,
which seems like a good open source alternative.
Thoughts? Opinions? Feelings? Success and/or catastrophic failure
anecdotes?
Thanks!
---
Very respectfully,
Kyle Brieden
Joey Kelly
2017-10-21 01:37:36 UTC
Permalink
I completely and totally appreciate your stance on this, Joey.  My
family don't fall into our category, though :P
I can't say I trust anything that's opaque or outright blackbox myself,
but *something* is better than *nothing*, which is what they have right
now.  There's a reason companies like LastPass thrive.  They are trusted
to do the hard things for people who can not or do not want to.  I
guess, overall, what I'm asking for, is this:  "Which company do y'all
feel is most trustworthy?"  Additionally, "Which tool is easiest to use
so that someone who would actively avoid learning 'those computery
things' would be willing to utilize this?"
I had pondered how hard it would be to leverage the existing Firefox
password store and code a plugin that could sync to a server. Probably
that already exists (full profile sync does exist), but I won't share my
data with fogs I don't trust, etc.. But if I could make it work, I'd end
up being a fog provider myself if I released the code (but I'd offer the
option to run your own fog server). But I wouldn't have the first clue
about coding a FF plugin :-/

--Joey
--
Joey Kelly
Minister of the Gospel and Linux Consultant
http://joeykelly.net
504-239-6550
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
DJ-Pfulio
2017-10-21 09:48:12 UTC
Permalink
KeePassX is what most of my family uses, including my 80+ yr old Mother (when
she was alive). It changed her life (her quote, not mine). But Mom stopped
using Windows after being totally hacked and she got backup religion too. Of
course, I setup everything so most of it was automatic and I maintained her
system from 3 states away.

I've made the same offer to my extended family - I'll maintain their computer,
provided they run Linux. I don't touch commercial OSes.

Linux is the lowest "barrier to entry" solution, IMHO.
I completely and totally appreciate your stance on this, Joey.  My family don't
fall into our category, though :P
I can't say I trust anything that's opaque or outright blackbox myself, but
*something* is better than *nothing*, which is what they have right now. 
There's a reason companies like LastPass thrive.  They are trusted to do the
hard things for people who can not or do not want to.  I guess, overall, what
I'm asking for, is this:  "Which company do y'all feel is most trustworthy?" 
Additionally, "Which tool is easiest to use so that someone who would actively
avoid learning 'those computery things' would be willing to utilize this?"
---
Very respectfully,
Kyle Brieden
Post by Joey Kelly
Post by Kyle Brieden
Howdy all,
I've been using a KeePass vault for password management for a little
while now.  I use my NextCloud server (SUPER awesome, do recommend) for
syncing the vault between computers and mobile devices.  I use KeePassXC
on Windows, Mac, and Linux, and I use different apps on my Android phone
and iPad respectively.  This is all well and good for *me*, because I
like the open source, I own all the hardware, I'm doing this all on my
own kind of feel, but this isn't sustainable for anyone more than
myself.  I have been bitten in the ass before by my vault getting out of
sync between two devices or being open on multiple devices at a time.
Someone needs to LART me because this is an AOL "me too!" reply.
I do not trust any foggy service to hold my passwords. I am a hardcore geek
and enjoy bash, so I decided to spin up yet another half-finished project to
vault my passwords a year or so ago, using Perl and AES. My script asks me for
the master password, then lets me view or change any particular entry. I have
to manually copy and paste the passwords.
I don't trust others, but I trust me, and ain't no way I'm going to leak data,
even encrypted data, to the web.
--Joey
Post by Kyle Brieden
My family (fiancee, sister, brother-in-law, mother, and father) need
protection.  They NEED to stop reusing passwords and set up a password
manager.  Does anyone have any opinions on low barrier to entry, low
friction password managers for the non-technical in our lives?  I've
investigated LastPass thus far, and the price seems worth it to me.
LastPass seems trustworthy, too, with how open they are about their
technology stack.  I have looked at some others, such as Padlock, too,
which seems like a good open source alternative.
Thoughts?  Opinions?  Feelings?  Success and/or catastrophic failure
anecdotes?
Thanks!
---
Very respectfully,
Kyle Brieden
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Kyle Brieden
2017-10-23 14:18:42 UTC
Permalink
I would sincerely appreciate switching my family to Linux, but that just
isn't going to happen. My sister loves her Macbook, my mother knows
Windows and that's what she'll use. Good luck ever getting my father to
use anything other than what he *absolutely* must use for work under
Windows. And they're all on iPhones, which is where a password manager
would also need to be. I also don't have the bandwidth to maintain more
computers for people, too. I've done my best to get them to a state
where they're as self sufficient as possible and work with them. My
brother-in-law plays video games with his friends pretty regularly which
require windows.

Switching them all to Linux is probably the *highest* barrier to entry
for them. :P

For what it's worth, though, I have been using KeePassXC for months now
and I adore it. KeePassX is no longer under current development.
Someone forked it and is actively developing KeePassXC. The change from
X to XC is basically a package replacement. The interface is nearly
exactly the same, plus it supports the chrome plugin that autofills for
you, chromelPass. I would recommend changing over to KeePassXC for, if
nothing else, current development support.

---
Very respectfully,
Kyle Brieden
Post by DJ-Pfulio
KeePassX is what most of my family uses, including my 80+ yr old Mother (when
she was alive). It changed her life (her quote, not mine). But Mom stopped
using Windows after being totally hacked and she got backup religion too. Of
course, I setup everything so most of it was automatic and I maintained her
system from 3 states away.
I've made the same offer to my extended family - I'll maintain their computer,
provided they run Linux. I don't touch commercial OSes.
Linux is the lowest "barrier to entry" solution, IMHO.
I completely and totally appreciate your stance on this, Joey.  My
family don't
fall into our category, though :P
I can't say I trust anything that's opaque or outright blackbox myself, but
*something* is better than *nothing*, which is what they have right
now. 
There's a reason companies like LastPass thrive.  They are trusted to
do the
hard things for people who can not or do not want to.  I guess,
overall, what
I'm asking for, is this:  "Which company do y'all feel is most
trustworthy?" 
Additionally, "Which tool is easiest to use so that someone who would actively
avoid learning 'those computery things' would be willing to utilize this?"
---
Very respectfully,
Kyle Brieden
Post by Joey Kelly
Post by Kyle Brieden
Howdy all,
I've been using a KeePass vault for password management for a little
while now.  I use my NextCloud server (SUPER awesome, do recommend)
for
syncing the vault between computers and mobile devices.  I use
KeePassXC
on Windows, Mac, and Linux, and I use different apps on my Android phone
and iPad respectively.  This is all well and good for *me*, because
I
like the open source, I own all the hardware, I'm doing this all on my
own kind of feel, but this isn't sustainable for anyone more than
myself.  I have been bitten in the ass before by my vault getting
out of
sync between two devices or being open on multiple devices at a time.
Someone needs to LART me because this is an AOL "me too!" reply.
I do not trust any foggy service to hold my passwords. I am a hardcore geek
and enjoy bash, so I decided to spin up yet another half-finished project to
vault my passwords a year or so ago, using Perl and AES. My script asks me for
the master password, then lets me view or change any particular entry. I have
to manually copy and paste the passwords.
I don't trust others, but I trust me, and ain't no way I'm going to leak data,
even encrypted data, to the web.
--Joey
Post by Kyle Brieden
My family (fiancee, sister, brother-in-law, mother, and father) need
protection.  They NEED to stop reusing passwords and set up a
password
manager.  Does anyone have any opinions on low barrier to entry, low
friction password managers for the non-technical in our lives?  I've
investigated LastPass thus far, and the price seems worth it to me.
LastPass seems trustworthy, too, with how open they are about their
technology stack.  I have looked at some others, such as Padlock,
too,
which seems like a good open source alternative.
Thoughts?  Opinions?  Feelings?  Success and/or catastrophic failure
anecdotes?
Thanks!
---
Very respectfully,
Kyle Brieden
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
James Sumners
2017-10-23 16:44:12 UTC
Permalink
https://blog.lastpass.com/2015/06/lastpass-security-notice.html/

I use 1Password. I have for several years. Last year I updated to their
1Password for Families service. Things to note about 1Password:

1. your data is encrypted locally _first_ with your master password
2. they are very clear about how they work
https://1password.com/files/1Password%20for%20Teams%20White%20Paper.pdf
3. if you stop paying for the service, you don't lose access to your data
4. icculus has written Linux tools for accessing the data (no quarrels from
Agile Bits) https://icculus.org/1pass/
Post by Kyle Brieden
Howdy all,
I've been using a KeePass vault for password management for a little while
now. I use my NextCloud server (SUPER awesome, do recommend) for syncing
the vault between computers and mobile devices. I use KeePassXC on
Windows, Mac, and Linux, and I use different apps on my Android phone and
iPad respectively. This is all well and good for *me*, because I like the
open source, I own all the hardware, I'm doing this all on my own kind of
feel, but this isn't sustainable for anyone more than myself. I have been
bitten in the ass before by my vault getting out of sync between two
devices or being open on multiple devices at a time.
My family (fiancee, sister, brother-in-law, mother, and father) need
protection. They NEED to stop reusing passwords and set up a password
manager. Does anyone have any opinions on low barrier to entry, low
friction password managers for the non-technical in our lives? I've
investigated LastPass thus far, and the price seems worth it to me.
LastPass seems trustworthy, too, with how open they are about their
technology stack. I have looked at some others, such as Padlock, too,
which seems like a good open source alternative.
Thoughts? Opinions? Feelings? Success and/or catastrophic failure
anecdotes?
Thanks!
---
Very respectfully,
Kyle Brieden
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
--
James Sumners
http://james.sumners.info/ (technical profile)
http://jrfom.com/ (personal site)
http://haplo.bandcamp.com/ (music)
Michael H. Warfield
2017-10-24 14:01:10 UTC
Permalink
Post by Kyle Brieden
Howdy all,
I've been using a KeePass vault for password management for a little
while now. I use my NextCloud server (SUPER awesome, do recommend) for
syncing the vault between computers and mobile devices. I use
KeePassXC
on Windows, Mac, and Linux, and I use different apps on my Android phone
and iPad respectively. This is all well and good for *me*, because I
like the open source, I own all the hardware, I'm doing this all on my
own kind of feel, but this isn't sustainable for anyone more than
myself. I have been bitten in the ass before by my vault getting out of
sync between two devices or being open on multiple devices at a time.
My family (fiancee, sister, brother-in-law, mother, and father) need
protection. They NEED to stop reusing passwords and set up a
password
manager. Does anyone have any opinions on low barrier to entry, low
friction password managers for the non-technical in our lives? I've
investigated LastPass thus far, and the price seems worth it to me.
LastPass seems trustworthy, too, with how open they are about their
technology stack. I have looked at some others, such as Padlock, too,
which seems like a good open source alternative.
Thoughts? Opinions? Feelings? Success and/or catastrophic failure
anecdotes?
So what wrong with them using KeePass/KeePassX/KeePassXC/KeePassDroid?
It works on Windows, Mac, Linux, iOS, Android, etc, etc, etc... Am I
missing something here? You already said you use it and it's as simple
as any of the others and it would be compatible with what you are
using. What is it missing or what are the barriers?
Post by Kyle Brieden
Thanks!
Mike
--
Michael H. Warfield (AI4NB) | (o) +1 706 850-8773 | ***@WittsEnd.com
/\/\|=mhw=|\/\/ | (c) +1 678 463-0932 | http://www.wittsend.com/mhw/
ARIN whois: ARIN-MHW9 | An optimist believes we live in the best of all
PGP Key: 0xC0EB9675674627FF | possible worlds. A pessimist is sure of it!
Raj Wurttemberg
2017-10-24 14:29:04 UTC
Permalink
Bah! I just store mine passwords in clear text on my Commodore 64. It’s not connected to the internet and no one knows how to use it but me. Very secure!

Just kidding… I use KeePass. :)

/Raj

-----Original Message-----
From: Ale [mailto:ale-***@ale.org] On Behalf Of Michael H. Warfield
Sent: Tuesday, October 24, 2017 10:01 AM
To: Atlanta Linux Enthusiasts <***@ale.org>
Subject: Re: [ale] Of password managers and family...

So what wrong with them using KeePass/KeePassX/KeePassXC/KeePassDroid?
It works on Windows, Mac, Linux, iOS, Android, etc, etc, etc... Am I missing something here? You already said you use it and it's as simple as any of the others and it would be compatible with what you are using. What is it missing or what are the barriers?
Post by Kyle Brieden
Thanks!
Mike


_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org
DJ-Pfulio
2017-10-24 15:05:52 UTC
Permalink
I use keepassX (looking at XC), but used to use a non-networked PalmPilot Pro in
the 1990s. It wasn't a 1-trick pony, though compared to our networked personal
tracking devices everyone (including me) carry everywhere, it was with the 15
tricks it did. The Palm still works, BTW.

The issue with a C64 solution is lack of portability. Besides that, I like it,
though a TRS-80 Model 1 would be more secure - fewer knowledgeable users. ;)

For many humans, a piece of paper near their computer with the login / half the
password is plenty secure. Just append/prepend some standard other part of the
password to every login. This assumes they treat that paper like they would a
$500 bill and don't leave it clearly out. I do something like that with my
yubikey logins that aren't networked.
Post by Raj Wurttemberg
Bah! I just store mine passwords in clear text on my Commodore 64. It’s not connected to the internet and no one knows how to use it but me. Very secure!
Just kidding… I use KeePass. :)
/Raj
-----Original Message-----
Sent: Tuesday, October 24, 2017 10:01 AM
Subject: Re: [ale] Of password managers and family...
So what wrong with them using KeePass/KeePassX/KeePassXC/KeePassDroid?
It works on Windows, Mac, Linux, iOS, Android, etc, etc, etc... Am I missing something here? You already said you use it and it's as simple as any of the others and it would be compatible with what you are using. What is it missing or what are the barriers?
Post by Kyle Brieden
Thanks!
Mike
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mai
Raj Wurttemberg
2017-10-24 15:53:23 UTC
Permalink
Lack of portability?!?! What?? Just hand them the 5.25" floppy! HAHA!

TRS-80... whew.. I remember when my dad built a Model 3 with dual drives. I just finished getting a Visual 1050 (circa 1984) rebuilt. I replaced the A: drive with a GOTEK floppy emulator, so I have gigabytes of storage available (has multiple floppies as mountable disk images).

(I miss my old PalmPilot!)

Thanks,
/Raj

-----Original Message-----
From: Ale [mailto:ale-***@ale.org] On Behalf Of DJ-Pfulio
Sent: Tuesday, October 24, 2017 11:06 AM
To: ***@ale.org
Subject: Re: [ale] OT-old password managers and family...

I use keepassX (looking at XC), but used to use a non-networked PalmPilot Pro in the 1990s. It wasn't a 1-trick pony, though compared to our networked personal tracking devices everyone (including me) carry everywhere, it was with the 15 tricks it did. The Palm still works, BTW.

The issue with a C64 solution is lack of portability. Besides that, I like it, though a TRS-80 Model 1 would be more secure - fewer knowledgeable users. ;)

For many humans, a piece of paper near their computer with the login / half the password is plenty secure. Just append/prepend some standard other part of the password to every login. This assumes they treat that paper like they would a
$500 bill and don't leave it clearly out. I do something like that with my yubikey logins that aren't networked.
Post by Raj Wurttemberg
Bah! I just store mine passwords in clear text on my Commodore 64. It’s not connected to the internet and no one knows how to use it but me. Very secure!
Just kidding… I use KeePass. :)
/Raj
-----Original Message-----
Warfield
Sent: Tuesday, October 24, 2017 10:01 AM
Subject: Re: [ale] Of password managers and family...
So what wrong with them using KeePass/KeePassX/KeePassXC/KeePassDroid?
It works on Windows, Mac, Linux, iOS, Android, etc, etc, etc... Am I missing something here? You already said you use it and it's as simple as any of the others and it would be compatible with what you are using. What is it missing or what are the barriers?
Post by Kyle Brieden
Thanks!
Mike
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http:/
Kyle Brieden
2017-10-24 15:25:16 UTC
Permalink
Hey there Mike,

You ask what is wrong with them using a KeePass based method, but I feel
like I explained that already. They aren't going to be able to manage
moving around their vault, having it open multiple places, collisions
with that, etc... I have enough trouble with doing that on my iPad that
I use sparingly myself. I think the biggest blocker is that the
iPad/iPhone app sandboxes things so that I can't just point it to a file
on the filesystem that some other app (nextcloud?) updates. You have to
open nextcloud, let it sync the file, then tell the OS to open that file
with the password manager, THEN login to it, etc... that isn't something
they're going to want to do. They are non-technical at BEST.

Sure it is simple for me, but I understand how maintaining the files
works, how syncing files works, how collisions of files will affect
things... Let's say I create a new password in my vault on my work
computer, but leave for the day without closing and saving. Yes, that's
stupid, but it happens. We all get in rushes. So I go home, I create a
second new password in my vault from my android phone or iPad, save the
file up to my nextcloud server. Then, next day, I go into work, find my
password manager open, absentmindedly close it, and it autosaves on
close. Now my password from last night is gone. Blown away.

Me? Sure I get what happened. My non-technical father? Well, this is
just stupid technology being hard, why can't I log into my site? This
is frustrating. I don't want to do this. I'm just going to type in my
password again, because that's easier and who would want to hack me
anyway?

I need something that is seamless for them, and that's why I was asking
the group for help. I sincerely appreciate the open source options and
love using them, but what you don't pay for in money, you pay for in
effort, and they have no effort to spend on it.

Someone else mentioned 1Password. That's the 3rd or 4th endorsement for
1Password I've gotten now. Going to give that a run and see how it
goes.

Thanks everyone.

---
Very respectfully,
Kyle Brieden
Post by Michael H. Warfield
Post by Kyle Brieden
Howdy all,
I've been using a KeePass vault for password management for a little
while now. I use my NextCloud server (SUPER awesome, do recommend) for
syncing the vault between computers and mobile devices. I use KeePassXC
on Windows, Mac, and Linux, and I use different apps on my Android phone
and iPad respectively. This is all well and good for *me*, because I
like the open source, I own all the hardware, I'm doing this all on my
own kind of feel, but this isn't sustainable for anyone more than
myself. I have been bitten in the ass before by my vault getting out of
sync between two devices or being open on multiple devices at a time.
My family (fiancee, sister, brother-in-law, mother, and father) need
protection. They NEED to stop reusing passwords and set up a
password
manager. Does anyone have any opinions on low barrier to entry, low
friction password managers for the non-technical in our lives? I've
investigated LastPass thus far, and the price seems worth it to me.
LastPass seems trustworthy, too, with how open they are about their
technology stack. I have looked at some others, such as Padlock, too,
which seems like a good open source alternative.
Thoughts? Opinions? Feelings? Success and/or catastrophic failure
anecdotes?
So what wrong with them using KeePass/KeePassX/KeePassXC/KeePassDroid?
It works on Windows, Mac, Linux, iOS, Android, etc, etc, etc... Am I
missing something here? You already said you use it and it's as simple
as any of the others and it would be compatible with what you are
using. What is it missing or what are the barriers?
Post by Kyle Brieden
Thanks!
Mike
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
James Sumners
2017-10-24 16:40:14 UTC
Permalink
Post by Kyle Brieden
Someone else mentioned 1Password. That's the 3rd or 4th endorsement for
1Password I've gotten now. Going to give that a run and see how it goes.
Because nothing else really compares to it. Particularly since they got
their Windows client up to par.

Oh, one more thing about 1Password for Families -- it's a license for _all_
versions of the app: Windows, macOS, iOS, Android, etc. One price for
passwords everywhere.
--
James Sumners
http://james.sumners.info/ (technical profile)
http://jrfom.com/ (personal site)
http://haplo.bandcamp.com/ (music)
DjPfulio
2017-10-24 16:51:17 UTC
Permalink
Linux?
Post by James Sumners
Post by Kyle Brieden
Someone else mentioned 1Password. That's the 3rd or 4th endorsement
for
Post by Kyle Brieden
1Password I've gotten now. Going to give that a run and see how it
goes.
Because nothing else really compares to it. Particularly since they got
their Windows client up to par.
Oh, one more thing about 1Password for Families -- it's a license for _all_
versions of the app: Windows, macOS, iOS, Android, etc. One price for
passwords everywhere.
--
James Sumners
http://james.sumners.info/ (technical profile)
http://jrfom.com/ (personal site)
http://haplo.bandcamp.com/ (music)
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
James Sumners
2017-10-24 16:56:39 UTC
Permalink
As I said in my original suggestion, icculus has a tool to read the data --
https://icculus.org/1pass/
Post by DjPfulio
Linux?
On 24 October 2017 12:40:14 GMT-04:00, James Sumners <
Post by James Sumners
Post by Kyle Brieden
Someone else mentioned 1Password. That's the 3rd or 4th endorsement for
1Password I've gotten now. Going to give that a run and see how it goes.
Because nothing else really compares to it. Particularly since they got
their Windows client up to par.
Oh, one more thing about 1Password for Families -- it's a license for
_all_ versions of the app: Windows, macOS, iOS, Android, etc. One price for
passwords everywhere.
--
James Sumners
http://james.sumners.info/ (technical profile)
http://jrfom.com/ (personal site)
http://haplo.bandcamp.com/ (music)
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
--
James Sumners
http://james.sumners.info/ (technical profile)
http://jrfom.com/ (personal site)
http://haplo.bandcamp.com/ (music)
Jerald Sheets
2017-10-24 17:38:21 UTC
Permalink
Through a Chrome extension, I believe...
Post by DjPfulio
Linux?
Someone else mentioned 1Password. That's the 3rd or 4th endorsement for 1Password I've gotten now. Going to give that a run and see how it goes.
Because nothing else really compares to it. Particularly since they got their Windows client up to par.
Oh, one more thing about 1Password for Families -- it's a license for _all_ versions of the app: Windows, macOS, iOS, Android, etc. One price for passwords everywhere.
--
James Sumners
http://james.sumners.info/ <http://james.sumners.info/> (technical profile)
http://jrfom.com/ <http://jrfom.com/> (personal site)
http://haplo.bandcamp.com/ <http://haplo.bandcamp.com/> (music)
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Kyle Brieden
2017-10-24 17:29:45 UTC
Permalink
My only ... "hang up", I guess, with 1Password vs LastPass is that LP is
$48/yr for 6 people whereas 1Pass is $72/yr for 6 people. Not a huge
increase, by my accountant sister questions justification for every
penny, and she's been gracious enough to split the cost with me. :P

I'm spending a week "evaluating" LP, and will switch to "evaluating"
1Pass next week. I'll probably end up going with 1Pass, given the
overwhelming support for it by people I trust as knowledgeable, though.

---
Very respectfully,
Kyle Brieden
Post by James Sumners
Post by Kyle Brieden
Someone else mentioned 1Password. That's the 3rd or 4th endorsement
for 1Password I've gotten now. Going to give that a run and see how
it goes.
Because nothing else really compares to it. Particularly since they
got their Windows client up to par.
Oh, one more thing about 1Password for Families -- it's a license for
_all_ versions of the app: Windows, macOS, iOS, Android, etc. One
price for passwords everywhere.
--
James Sumners
http://james.sumners.info/ (technical profile)
http://jrfom.com/ (personal site)
http://haplo.bandcamp.com/ (music)
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Joey Kelly
2017-10-29 00:24:28 UTC
Permalink
Post by Kyle Brieden
My only ... "hang up", I guess, with 1Password vs LastPass is that LP is
$48/yr for 6 people whereas 1Pass is $72/yr for 6 people. Not a huge
increase, by my accountant sister questions justification for every
penny, and she's been gracious enough to split the cost with me. :P
A: I won't pay for any service.

B. I don't trust anyone's cloud.

C. It wasn't that long ago that LastPass was h4x0r3d. Even OwnCloud (apples
and oranges, and runs on your own box so it's "secure", got busted into). When
in doubt, see B.
--
Joey Kelly
Minister of the Gospel and Linux Consultant
http://joeykelly.net
504-239-6550
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Jim Kinney
2017-10-29 12:23:42 UTC
Permalink
I'm looking at nextcloud for personal/home storage services. They are adding some interesting encryption capabilities.
Post by Joey Kelly
Post by Kyle Brieden
My only ... "hang up", I guess, with 1Password vs LastPass is that LP
is
Post by Kyle Brieden
$48/yr for 6 people whereas 1Pass is $72/yr for 6 people. Not a huge
increase, by my accountant sister questions justification for every
penny, and she's been gracious enough to split the cost with me. :P
A: I won't pay for any service.
B. I don't trust anyone's cloud.
C. It wasn't that long ago that LastPass was h4x0r3d. Even OwnCloud (apples
and oranges, and runs on your own box so it's "secure", got busted into). When
in doubt, see B.
--
Joey Kelly
Minister of the Gospel and Linux Consultant
http://joeykelly.net
504-239-6550
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
--
Sent from my Android device with K-9 Mail. All tyopes are thumb related and reflect authenticity.
DJ-Pfulio
2017-10-29 14:05:55 UTC
Permalink
I've been running NextCloud for about 6 months.
It is only accessible via VPN or ssh-socks proxy.
I'm not comfortable having a php webapp on the internet.

Seafile is a python-based alternative. The "Ask Noah" show tried many
different personal-cloud services and was able to break the synchro for
owncloud and nextcloud, but not for seafile. Guess it depends on the
number of concurrent users to the different files. I don't think the
seafile ecosystem is as large as nextcloud's.

NextCloud-news has become my primary RSS feed organizer. All clients see
the same feeds, already read articles, etc. THAT alone is worth it to
me. Been through a few upgrades. Most have been 4 click-painless.
Android clients for NC and NC-News work well. The music player and
photo gallery are bonuses.

Anyone missing "read-it-later?" Wallabag is a self-hosted version of
that. It makes a local copy and strips all the ads/cruft. Many of those
multi-page articles are handled too. Some articles won't get pulled, but
at least the link to the original is maintained. Android clients for
Wallabag are pretty good. They download/cache the articles, so if you
sit in waiting rooms without any data, you can still always have
articles to read on your tablet. There's an export-to-epub tool as
well, if you have an e-reader.

Anyways, there are many self-hosted tools like these. Pretty much
anything you would use facebook, twitter, google, apple and other
"cloudy" company services for is covered by professional, self-hosted,
projects now. Most will run on a r-pi, so the barrier to entry is
extremely low.
Post by Jim Kinney
I'm looking at nextcloud for personal/home storage services. They are
adding some interesting encryption capabilities.
My only ... "hang up", I guess, with 1Password vs LastPass is that LP is
$48/yr for 6 people whereas 1Pass is $72/yr for 6 people. Not a huge
increase, by my accountant sister questions justification for every
penny, and she's been gracious enough to split the cost with me. :P
A: I won't pay for any service.
B. I don't trust anyone's cloud.
C. It wasn't that long ago that LastPass was h4x0r3d. Even OwnCloud (apples
and oranges, and runs on your own box so it's "secure", got busted into). When
in doubt, see B.
--
Sent from my Android device with K-9 Mail. All tyopes are thumb related
and reflect authenticity.
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
--
Got Linux? Used on smartphones, tablets, desktop computers, media
centers, and servers by kids, Moms, Dads, grandparents and IT
professionals.
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Raj Wurttemberg
2017-10-29 20:41:34 UTC
Permalink
Are you specifically looking for off-site backups or just some sort of
*reliable* backup? I bought a QNAP drive a few weeks ago and have been
loving the backup and encryption options. All of the PC’s in the house now
backup to the QNAP and I have an encrypted volume for my work files. The
“myQNAPcloud” allows me to access my files from anywhere. The new firmware
supports ‘Let’s Encrypt’ SSL so everything stays encrypted. Fwiw
 I’m sure
that the Synology drives have similar features.



/Raj
Post by Jim Kinney
I'm looking at nextcloud for personal/home storage services. They are
adding some interesting encryption capabilities.
Post by Joey Kelly
Post by Kyle Brieden
My only ... "hang up", I guess, with 1Password vs LastPass is that LP is
$48/yr for 6 people whereas 1Pass is $72/yr for 6 people. Not a huge
increase, by my accountant sister questions justification for every
penny, and she's been gracious enough to split the cost with me. :P
A: I won't pay for any service.
B. I don't trust anyone's cloud.
C. It wasn't that long ago that LastPass was h4x0r3d. Even OwnCloud (apples
and oranges, and runs on your own box so it's "secure", got busted into). When
in doubt, see B.
--
Sent from my Android device with K-9 Mail. All tyopes are thumb related
and reflect authenticity.
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Michael H. Warfield
2017-10-30 22:12:48 UTC
Permalink
Post by Joey Kelly
Post by Kyle Brieden
My only ... "hang up", I guess, with 1Password vs LastPass is that LP is
$48/yr for 6 people whereas 1Pass is $72/yr for 6 people. Not a huge
increase, by my accountant sister questions justification for every
penny, and she's been gracious enough to split the cost with me. :P
A: I won't pay for any service.
B. I don't trust anyone's cloud.
This is one advantage that I like about KeePass*. It also has a file
option. So, you distribute a blob file (arbitrary file - could be an
image or random data) to each device and then, to unlock the key file,
you need BOTH the blob file and the password. You never put the blob
file in the cloud. Without the blob file, you can not unlock key file.

I use NextCloud, shelf hosted, on top of that.
Post by Joey Kelly
C. It wasn't that long ago that LastPass was h4x0r3d. Even OwnCloud (apples
and oranges, and runs on your own box so it's "secure", got busted into). When
in doubt, see B.
Mike
--
Michael H. Warfield (AI4NB) | (o) +1 706 850-8773 | ***@WittsEnd.com
/\/\|=mhw=|\/\/ | (c) +1 678 463-0932 | http://www.wittsend.com/mhw/
ARIN whois: ARIN-MHW9 | An optimist believes we live in the best of all
PGP Key: 0xC0EB9675674627FF | possible worlds. A pessimist is sure of it!
Loading...