It never made sense to me to put password managers in the cloud. Regards to what you intend it to do, you’re making it accessible to a wider audience than necessary. And yet, I’m using iCloud. It’s time for a change.

I’m thinking of just running a locally hosted password manager on my home server and letting my devices sync with it somehow when I’m at home. I have a VPN into my home network when I’m away that automatically triggers when I leave the house, so even that’s not that big an issue, but I’m really not familiar with what’s gonna cleanly integrate with all my stuff and be easy to use. All I know is I wanna kill the cloud functionality of my setup.

I already have a jellyfish server so I figured I would just throw this onto that. Any suggestions?

  • Nibodhika@lemmy.worldEnglish
    12·
    14 hours ago

    It’s strange how I never see this mentioned anywhere, but there’s a way to get unique secure passwords for every site/app without needing to store them anywhere. It’s called LessPass, and essentially generates passwords based on 3 fields (site, username, master password) and works relatively well, because the advantages are quite obvious I’ll list the potential downsides:

    • If one password is compromised or needs changing for whatever reason you need to increase a counter and need to remember which counter for which site (this is less problematic than it sounds, except in places that have a password policy that forces you to change your password periodically)
    • Android can store the master password and use fingerprint to input it, but in PC you always have to type your master password which can get annoying.
    • You need to change your passwords to this new format, which can take a while, and years down the line you’re trying to login somewhere and don’t remember if you’ve already migrated it or not.
    • MimicJar@lemmy.worldEnglish
      4·
      13 hours ago

      You also have to keep track the site and how you spell it. For example is it “Microsoft” or “microsoft”?

      And keep track of the current name of the site vs the old name. For example am I signing into Microsoft or Live.com or Xbox?

      And keep track of my username. Is it my email? Which email? Which username?

      I understand the concept but I think if falls apart fast.

      • Nibodhika@lemmy.worldEnglish
        12·
        13 hours ago

        Yup, but most of that is easily solvable by being consistent, e.g. always use lowercase and your email (even if it’s not the login for that site). But yes, you need to know to be consistent so it’s a good point to make.

        • Onomatopoeia@lemmy.cafeEnglish
          1·
          7 hours ago

          Hahaha, that’s the point of a password manager. If remembering worked, we wouldn’t need any of this.

          Also, I have 300+ unique logins.

        • thelittleblackbird@lemmy.worldEnglish
          1·
          8 hours ago

          I have more than 120 electronic identities, impossible to track the counter or to remember the tld of all websites I visit.

          The concepts is only useful in a very small and defined scenario.

          • Nibodhika@lemmy.worldEnglish
            1·
            7 hours ago

            My point is that of those 120 probably 110 have never been compromised nor forced you to change the password due to expiration policies. The remaining 10 are the ones that require some mental gymnastics, so while the problem exists it’s not as serious as it sounds. I probably have more than 120 identities using this method since I’ve been using it for years, and I don’t think I ever had to use the counter, it’s a matter of being consistent in how you think about websites, for example if you know how you refer to a site slugify it and use that for the field, so you would use spotify, netflix, amazon-prime.