I started digging into opensource password managers and found that they all suck major ball sack. I ended up picking nothing. My two runner-ups were bitwarden. It works on Linux, Android, whatever apple’s shit runs on, and even runs on PC’s with the OS that you usually delete first thing. But the major drawback is that I can’t trust it. It’s got a “premium” version, and that has always meant a slow steady spiral into “you must pay now that we have you by the balls” situation. Another drawback is that it’s centralized, kill the company and so go your passwords I suppose.
The other runner up is called liso. This one comes with two major drawbacks. One is that is browser only so far. The other one is that it doesn’t work on Linux yet. Such a shit shit option. Everything else out there wants you to pay for encryption.
I did end up learning about pass on Linux. It creates encrypted passwords and there’s some compatibility with guis and maybe available on Android??? Big question mark. I’ve tried nothing yet. My password list seems to grow daily.
So what’s your favorite one?
gpg
I would not recommend PGP/GPG for anything. There are a ton of reasons to ditch it and move to something better, for every single usecase.
Why?
There was a really good article about why
pgp
/gpg
is a pice of radioactive waste that should be avoided at all costs. Both the standard and the de facto implementation.Sadly I don’t have the link with me rn. Let me search it.
Edit: here’s the link https://latacora.micro.blog/2019/07/16/the-pgp-problem.html
Also, use age & signify over pgp.
Great read! Thanks for sharing.
It’s not a good look for the blog author when they suggested using Signal and WhatsApp, proprietary but open-source apps.
Is
age
andsignify
battle tested?Signal is not propietary. And in terms of security the Signal protocol is the best with diferenre you can get out there.
Signal is validated over sms and uses a ton of Google APIs. I’ll pass.
Okey, I agree on the fact that their server and client may be far from perfect. But the only problem with their protocol is that it’s not decentralised.
https://dessalines.github.io/essays/why_not_signal.html#why-not-signal
SIgnal is just as bad as insecure western social medias.
Why do so many crypto bros favor Signal?I’ll ask this again: Is
age
andsignify
battle tested?Signal is far from being perfect. And I would love a decentralised (p2p/federated) chat protocol implementing the Signal protocol. At the time being their protocol is best, we may question their main server and some of their practices, but at the time being I couldn’t find anything better.
Hmmm… I don’t think so.
I’m not a cryptobro. :c
Their as not as old and extended as PGP but their are based on solid cryptography.
Did you read all of this page? It shows the alternatives. (Matrix, XMPP)
Explain.