Follow

My easy-to-type password generator now supports special characters!

Check out passwords.rights.ninja if you need a password!

If you think my UI/UX is bad (you're not wrong) then go grab the source at gitlab.com/rights.ninja/Easy-Type-Passwords and make your own easy-to-type password site!

@jeffalyanak I'm not against this, but wouldn't it be better to use KeePassXC, which has this functionality (or similar), and also has complete password management and CLI scripting support?

@inference If everyone was running a password manager with a good built-in passphrase generator then we wouldn't need something like this, absolutely.

Most people don't use password generators, most password generators generate passwords that are too difficult to type (especially across gaps).

@inference A synchronized platform is probably best of all, frankly.

I use Vaultwarden because it's much easier to use across platforms. Yeah, it's possible to sync KeePass, but it's a mess when you're crossing many devices.

Best of all, the passphrase generator is built-in and very good!

@jeffalyanak If by synchronised, you mean cloud based or pulled from a central location, not exactly.

Storing your passwords on a cloud service is a good way to let them know what your passwords are (even open source services and apps cannot prove that their servers are running the code they say they are). The best way is to own your data and store it locally. If you must use a central storage location, use an encrypted pw database, such as .kdbx files, and use that.

@inference Why would a synchronized service necessitate using servers you don't control?

I use Vaultwarden running on my own server, so the code is open source running on my own machine.

@inference But a service could feasibly be securely sync between a user's devices with a decentralized protocol, too.

No necessity to have the data sit on a device you don't control, and at least some chance of auditing the source code of the application that's actually being run.

@jeffalyanak Yes, but it seemed to me as if you were talking Dashlane etc when you said "synchronized".

Self-hosting is a solution, of course. The alternative for people who are not using self-hosting for whatever reason can store their password databases in the cloud (with no less than 128-bit passwords, and using a strong cipher and KDF), then download them to edit or view, before uploading them, again. Not a convenient solution, but security typically costs convenience.

@inference It seemed like I meant dash lane? I've never even used it. I thought it was an e-commerce platform until I looked it up just now.

@jeffalyanak It's a cloud based password manager. That's the type I wouldn't trust.

@inference @jeffalyanak
Local password managers are the best. Just keep a backup of your database in case your drive dies or gets corrupted.
Sign in to participate in the conversation
Rights.Ninja Social

Social.Rights.Ninja is a small Mastodon instance for those looking for a quiet home-base from which to explore the fediverse.
Sign-ups require approval, please contact us on [Matrix] at #public:social.rights.ninja if you would like to be approved for access.