Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

NodeBB

  1. Home
  2. Selfhosted
  3. Reevaluating my password management

Reevaluating my password management

Scheduled Pinned Locked Moved Selfhosted
selfhosted
59 Posts 46 Posters 0 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • muusemuuse@sh.itjust.worksM [email protected]

    It never made sense to me to put password managers in the cloud. Regards to what you intend it to do, you’re making it accessible to a wider audience than necessary. And yet, I’m using iCloud. It’s time for a change.

    I’m thinking of just running a locally hosted password manager on my home server and letting my devices sync with it somehow when I’m at home. I have a VPN into my home network when I’m away that automatically triggers when I leave the house, so even that’s not that big an issue, but I’m really not familiar with what’s gonna cleanly integrate with all my stuff and be easy to use. All I know is I wanna kill the cloud functionality of my setup.

    I already have a jellyfish server so I figured I would just throw this onto that. Any suggestions?

    A This user is from outside of this forum
    A This user is from outside of this forum
    [email protected]
    wrote last edited by [email protected]
    #5

    Is the data super important to you?

    Let someone else host it.

    Bitwarden in the cloud.

    Edit: Bitwarden paying the monthly/yearly fee to BW. I wasn’t implying trying to host it yourself in the cloud.

    engywuck@lemmy.zipE wqman@lemmy.mlW tmpod@lemmy.ptT W 4 Replies Last reply
    21
    • muusemuuse@sh.itjust.worksM [email protected]

      It never made sense to me to put password managers in the cloud. Regards to what you intend it to do, you’re making it accessible to a wider audience than necessary. And yet, I’m using iCloud. It’s time for a change.

      I’m thinking of just running a locally hosted password manager on my home server and letting my devices sync with it somehow when I’m at home. I have a VPN into my home network when I’m away that automatically triggers when I leave the house, so even that’s not that big an issue, but I’m really not familiar with what’s gonna cleanly integrate with all my stuff and be easy to use. All I know is I wanna kill the cloud functionality of my setup.

      I already have a jellyfish server so I figured I would just throw this onto that. Any suggestions?

      O This user is from outside of this forum
      O This user is from outside of this forum
      [email protected]
      wrote last edited by
      #6

      i have keepass on only one device. i don't mind looking up individual passwords and typing them in manually when on other devices.

      on the device which hosts keepass, the app is hidden and hoops must be jumped to reach it.

      i back up the encrypted password database once a month to a cloud service as insurance against me losing that one device.

      it's not the most convenient setup but i sleep so much easier for it.

      4k93n2@lemmy.zip4 1 Reply Last reply
      2
      • T [email protected]

        I use keepass (KeepassXC on desktop, KeepassDX on Android but I'm sure there is an IOS client too)
        I sync the database between all my devices and my server (hub and spoke) with Syncthing

        greatblueheron@piefed.caG This user is from outside of this forum
        greatblueheron@piefed.caG This user is from outside of this forum
        [email protected]
        wrote last edited by
        #7

        I've been using various versions of keepass for ever. Until recently I had the database on Google drive. It's sync'd with syncthing. It's a bit "different", but once you get used to it, it works very well.

        1 Reply Last reply
        5
        • muusemuuse@sh.itjust.worksM [email protected]

          It never made sense to me to put password managers in the cloud. Regards to what you intend it to do, you’re making it accessible to a wider audience than necessary. And yet, I’m using iCloud. It’s time for a change.

          I’m thinking of just running a locally hosted password manager on my home server and letting my devices sync with it somehow when I’m at home. I have a VPN into my home network when I’m away that automatically triggers when I leave the house, so even that’s not that big an issue, but I’m really not familiar with what’s gonna cleanly integrate with all my stuff and be easy to use. All I know is I wanna kill the cloud functionality of my setup.

          I already have a jellyfish server so I figured I would just throw this onto that. Any suggestions?

          metastatic@kbin.earthM This user is from outside of this forum
          metastatic@kbin.earthM This user is from outside of this forum
          [email protected]
          wrote last edited by
          #8

          just have 1 password for everything, problem solved.

          wqman@lemmy.mlW 1 Reply Last reply
          12
          • muusemuuse@sh.itjust.worksM [email protected]

            It never made sense to me to put password managers in the cloud. Regards to what you intend it to do, you’re making it accessible to a wider audience than necessary. And yet, I’m using iCloud. It’s time for a change.

            I’m thinking of just running a locally hosted password manager on my home server and letting my devices sync with it somehow when I’m at home. I have a VPN into my home network when I’m away that automatically triggers when I leave the house, so even that’s not that big an issue, but I’m really not familiar with what’s gonna cleanly integrate with all my stuff and be easy to use. All I know is I wanna kill the cloud functionality of my setup.

            I already have a jellyfish server so I figured I would just throw this onto that. Any suggestions?

            4 This user is from outside of this forum
            4 This user is from outside of this forum
            [email protected]
            wrote last edited by
            #9

            Self hosting a password manager is great, but be sure to read up on keeping it secure, and don’t store anything important in it until you have working, tested backup solution. And re-test it frequently in a non-destructive way.

            If you lose your password storage to a disk failure or something, you’re gonna be hurting for a while.

            1 Reply Last reply
            3
            • muusemuuse@sh.itjust.worksM [email protected]

              It never made sense to me to put password managers in the cloud. Regards to what you intend it to do, you’re making it accessible to a wider audience than necessary. And yet, I’m using iCloud. It’s time for a change.

              I’m thinking of just running a locally hosted password manager on my home server and letting my devices sync with it somehow when I’m at home. I have a VPN into my home network when I’m away that automatically triggers when I leave the house, so even that’s not that big an issue, but I’m really not familiar with what’s gonna cleanly integrate with all my stuff and be easy to use. All I know is I wanna kill the cloud functionality of my setup.

              I already have a jellyfish server so I figured I would just throw this onto that. Any suggestions?

              K This user is from outside of this forum
              K This user is from outside of this forum
              [email protected]
              wrote last edited by
              #10

              I don’t really see the problem with having the password manager in the cloud if it is protected by 2FA. I tried vaultwarden (self hosted) about a year ago and the showstopper was that I couldn’t store a new password when off LAN or without first connecting the VPN. I am sure there are on demand vpn type services, but it was clunky. It would have been great it if would work locally on the phone then sync the password to the vault when it came back online

              1 Reply Last reply
              7
              • A [email protected]

                Is the data super important to you?

                Let someone else host it.

                Bitwarden in the cloud.

                Edit: Bitwarden paying the monthly/yearly fee to BW. I wasn’t implying trying to host it yourself in the cloud.

                engywuck@lemmy.zipE This user is from outside of this forum
                engywuck@lemmy.zipE This user is from outside of this forum
                [email protected]
                wrote last edited by
                #11

                Agreed. Unless your setup and security practices is flawless, I think passwords are better managed by specialists paid for it.

                L 1 Reply Last reply
                13
                • muusemuuse@sh.itjust.worksM [email protected]

                  It never made sense to me to put password managers in the cloud. Regards to what you intend it to do, you’re making it accessible to a wider audience than necessary. And yet, I’m using iCloud. It’s time for a change.

                  I’m thinking of just running a locally hosted password manager on my home server and letting my devices sync with it somehow when I’m at home. I have a VPN into my home network when I’m away that automatically triggers when I leave the house, so even that’s not that big an issue, but I’m really not familiar with what’s gonna cleanly integrate with all my stuff and be easy to use. All I know is I wanna kill the cloud functionality of my setup.

                  I already have a jellyfish server so I figured I would just throw this onto that. Any suggestions?

                  A This user is from outside of this forum
                  A This user is from outside of this forum
                  [email protected]
                  wrote last edited by
                  #12

                  If you don't have a hard requirement of it being fully (!) OpenSource, then I would recommend Enpass. Relatively pleasing UI that runs native on Win, Mac, Linux, Android and iOS. It has browser plugins for Chrome and Firefox that talk directly to the running fat client (so no multiple authentication with different browsers necessary).

                  The password db is completely local, but it offeres several sync mechanisms like WebDAV or Dropbox or also iCloud; basically whatever can store files. If it's a NAS in your home, it simply will sync once you are back home.

                  It also offers "WiFi Sync", in which case you designate one machine running Enpass as the server and link other clients to it, then you don't even need to run a separate hosting for it (but that machine needs to be on and running Enpass when you want to sync, obviously).

                  It's basically a less open but much more convenient and beautiful KeePass(XC).

                  G 1 Reply Last reply
                  2
                  • T [email protected]

                    I use keepass (KeepassXC on desktop, KeepassDX on Android but I'm sure there is an IOS client too)
                    I sync the database between all my devices and my server (hub and spoke) with Syncthing

                    takios@discuss.tchncs.deT This user is from outside of this forum
                    takios@discuss.tchncs.deT This user is from outside of this forum
                    [email protected]
                    wrote last edited by
                    #13

                    Been usingthe same setup for years as well and Im happy with it, never had any issues with it

                    1 Reply Last reply
                    2
                    • metastatic@kbin.earthM [email protected]

                      just have 1 password for everything, problem solved.

                      wqman@lemmy.mlW This user is from outside of this forum
                      wqman@lemmy.mlW This user is from outside of this forum
                      [email protected]
                      wrote last edited by
                      #14

                      Well, not wrong that it solves the problem, but with data breaches happening frequently, I wouldn't want to repeat 1 single password for all services lol.

                      Even if companies hash passwords, it's still a gamble whether they are using an up-to-date hash algorithm (or if they do even hash it, lol). Plus, generally best to avoid exposing passwords, hashed or not, in the first place.

                      A 1 Reply Last reply
                      4
                      • A [email protected]

                        Is the data super important to you?

                        Let someone else host it.

                        Bitwarden in the cloud.

                        Edit: Bitwarden paying the monthly/yearly fee to BW. I wasn’t implying trying to host it yourself in the cloud.

                        wqman@lemmy.mlW This user is from outside of this forum
                        wqman@lemmy.mlW This user is from outside of this forum
                        [email protected]
                        wrote last edited by [email protected]
                        #15

                        +1 to this; Time spent on your setup is an important factor too.

                        The more important your data is, the more time you are going to need to spend maintaining your system to ensure security, backups and fail-overs. Not everyone has luxurious amount of time to spend on their home-lab everyday.

                        isokiero@sopuli.xyzI 1 Reply Last reply
                        1
                        • muusemuuse@sh.itjust.worksM [email protected]

                          It never made sense to me to put password managers in the cloud. Regards to what you intend it to do, you’re making it accessible to a wider audience than necessary. And yet, I’m using iCloud. It’s time for a change.

                          I’m thinking of just running a locally hosted password manager on my home server and letting my devices sync with it somehow when I’m at home. I have a VPN into my home network when I’m away that automatically triggers when I leave the house, so even that’s not that big an issue, but I’m really not familiar with what’s gonna cleanly integrate with all my stuff and be easy to use. All I know is I wanna kill the cloud functionality of my setup.

                          I already have a jellyfish server so I figured I would just throw this onto that. Any suggestions?

                          dr-robot@fedia.ioD This user is from outside of this forum
                          dr-robot@fedia.ioD This user is from outside of this forum
                          [email protected]
                          wrote last edited by
                          #16

                          Why not use KeepassXC? It's a completely local encrypted db but it integrates with cloud storage apps like nextcloud for sync. It has plugins for integration with Firefox and KeepassAndroid is pretty smooth on the current Android OS.

                          G 1 Reply Last reply
                          45
                          • muusemuuse@sh.itjust.worksM [email protected]

                            It never made sense to me to put password managers in the cloud. Regards to what you intend it to do, you’re making it accessible to a wider audience than necessary. And yet, I’m using iCloud. It’s time for a change.

                            I’m thinking of just running a locally hosted password manager on my home server and letting my devices sync with it somehow when I’m at home. I have a VPN into my home network when I’m away that automatically triggers when I leave the house, so even that’s not that big an issue, but I’m really not familiar with what’s gonna cleanly integrate with all my stuff and be easy to use. All I know is I wanna kill the cloud functionality of my setup.

                            I already have a jellyfish server so I figured I would just throw this onto that. Any suggestions?

                            N This user is from outside of this forum
                            N This user is from outside of this forum
                            [email protected]
                            wrote last edited by
                            #17

                            It's strange how I never see this mentioned anywhere, but there's a way to get unique secure passwords for every site/app without needing to store them anywhere. It's called LessPass, and essentially generates passwords based on 3 fields (site, username, master password) and works relatively well, because the advantages are quite obvious I'll list the potential downsides:

                            • If one password is compromised or needs changing for whatever reason you need to increase a counter and need to remember which counter for which site (this is less problematic than it sounds, except in places that have a password policy that forces you to change your password periodically)
                            • Android can store the master password and use fingerprint to input it, but in PC you always have to type your master password which can get annoying.
                            • You need to change your passwords to this new format, which can take a while, and years down the line you're trying to login somewhere and don't remember if you've already migrated it or not.
                            mimicjar@lemmy.worldM 1 Reply Last reply
                            0
                            • T [email protected]

                              I use keepass (KeepassXC on desktop, KeepassDX on Android but I'm sure there is an IOS client too)
                              I sync the database between all my devices and my server (hub and spoke) with Syncthing

                              A This user is from outside of this forum
                              A This user is from outside of this forum
                              [email protected]
                              wrote last edited by
                              #18

                              I also use KeepassXC and Synthing together and I am very happy with this combination.

                              One tip that I have, if you are worried about the security of the database file being shared, is to get 2 Yubikeys and use these, along with a strong passphrase, to protect the database file.

                              W 4k93n2@lemmy.zip4 2 Replies Last reply
                              3
                              • A [email protected]

                                If you don't have a hard requirement of it being fully (!) OpenSource, then I would recommend Enpass. Relatively pleasing UI that runs native on Win, Mac, Linux, Android and iOS. It has browser plugins for Chrome and Firefox that talk directly to the running fat client (so no multiple authentication with different browsers necessary).

                                The password db is completely local, but it offeres several sync mechanisms like WebDAV or Dropbox or also iCloud; basically whatever can store files. If it's a NAS in your home, it simply will sync once you are back home.

                                It also offers "WiFi Sync", in which case you designate one machine running Enpass as the server and link other clients to it, then you don't even need to run a separate hosting for it (but that machine needs to be on and running Enpass when you want to sync, obviously).

                                It's basically a less open but much more convenient and beautiful KeePass(XC).

                                G This user is from outside of this forum
                                G This user is from outside of this forum
                                [email protected]
                                wrote last edited by
                                #19

                                I used enpass for years and was a happy user. one day it prompted me for some re-authentication bullshit security theater. although in that instant it was an easy task, took me all of 10 seconds, it demonstrated a scary amount of power they had as I couldn't bypass it and access my data. from that point on, its days were numbered.

                                the second issue is the export functionality that was seriously lacking and I had to resort to 3rd party converter tools to convert it to keepassXC; no way that flew by their QC, it had to be intentional.

                                A 1 Reply Last reply
                                1
                                • wqman@lemmy.mlW [email protected]

                                  Well, not wrong that it solves the problem, but with data breaches happening frequently, I wouldn't want to repeat 1 single password for all services lol.

                                  Even if companies hash passwords, it's still a gamble whether they are using an up-to-date hash algorithm (or if they do even hash it, lol). Plus, generally best to avoid exposing passwords, hashed or not, in the first place.

                                  A This user is from outside of this forum
                                  A This user is from outside of this forum
                                  [email protected]
                                  wrote last edited by
                                  #20

                                  I do this for sites where I don't care at all about security. One minor tip, that will protect against automated attacks if the password is cracked, is to add part of the website name into the password (e.g "mystrongp4ss!lemworld") .

                                  A human could easily crack it, but automated systems that replay the password on different sites would probably not bother to calculate the pattern.

                                  F 1 Reply Last reply
                                  2
                                  • dr-robot@fedia.ioD [email protected]

                                    Why not use KeepassXC? It's a completely local encrypted db but it integrates with cloud storage apps like nextcloud for sync. It has plugins for integration with Firefox and KeepassAndroid is pretty smooth on the current Android OS.

                                    G This user is from outside of this forum
                                    G This user is from outside of this forum
                                    [email protected]
                                    wrote last edited by [email protected]
                                    #21

                                    this one, OP. no need to introduce the horror that's a:

                                    • hosted app (why?!)
                                    • client app is electron crapware
                                    • the client app doesn't even have full functionality, you have to use the web UI for some tasks

                                    edit: I'm obviously speaking about the bitwarden/vaultwarden horror. keepassXC is none of them things.

                                    N 1 Reply Last reply
                                    13
                                    • N [email protected]

                                      It's strange how I never see this mentioned anywhere, but there's a way to get unique secure passwords for every site/app without needing to store them anywhere. It's called LessPass, and essentially generates passwords based on 3 fields (site, username, master password) and works relatively well, because the advantages are quite obvious I'll list the potential downsides:

                                      • If one password is compromised or needs changing for whatever reason you need to increase a counter and need to remember which counter for which site (this is less problematic than it sounds, except in places that have a password policy that forces you to change your password periodically)
                                      • Android can store the master password and use fingerprint to input it, but in PC you always have to type your master password which can get annoying.
                                      • You need to change your passwords to this new format, which can take a while, and years down the line you're trying to login somewhere and don't remember if you've already migrated it or not.
                                      mimicjar@lemmy.worldM This user is from outside of this forum
                                      mimicjar@lemmy.worldM This user is from outside of this forum
                                      [email protected]
                                      wrote last edited by
                                      #22

                                      You also have to keep track the site and how you spell it. For example is it "Microsoft" or "microsoft"?

                                      And keep track of the current name of the site vs the old name. For example am I signing into Microsoft or Live.com or Xbox?

                                      And keep track of my username. Is it my email? Which email? Which username?

                                      I understand the concept but I think if falls apart fast.

                                      N 1 Reply Last reply
                                      4
                                      • A [email protected]

                                        I also use KeepassXC and Synthing together and I am very happy with this combination.

                                        One tip that I have, if you are worried about the security of the database file being shared, is to get 2 Yubikeys and use these, along with a strong passphrase, to protect the database file.

                                        W This user is from outside of this forum
                                        W This user is from outside of this forum
                                        [email protected]
                                        wrote last edited by
                                        #23

                                        Same boat for me, works great! I got the NFC Yubikeys which work fine with Android.

                                        1 Reply Last reply
                                        0
                                        • U This user is from outside of this forum
                                          U This user is from outside of this forum
                                          [email protected]
                                          wrote last edited by
                                          #24

                                          Yup this is the way. The resulting .kdbx database file is encrypted so you can even synchronize it over an untrusted provider. Otherwise you can use something like syncthing to keep it strictly peer to peer.

                                          1 Reply Last reply
                                          14
                                          Reply
                                          • Reply as topic
                                          Log in to reply
                                          • Oldest to Newest
                                          • Newest to Oldest
                                          • Most Votes


                                          • Login

                                          • Login or register to search.
                                          Powered by NodeBB Contributors
                                          • First post
                                            Last post
                                          0
                                          • Categories
                                          • Recent
                                          • Tags
                                          • Popular
                                          • World
                                          • Users
                                          • Groups