Post AXDOtcfJvvuLfRBRs8 by gytis@mastodon.lt
(DIR) More posts by gytis@mastodon.lt
(DIR) Post #AXBa5ST4Nrzsh8NbjU by gytis@mastodon.lt
2023-06-29T13:50:02Z
0 likes, 2 repeats
Which is your favourite way to login to web services and apps?
(DIR) Post #AXBaHitx6t4z8ano9I by amiloradovsky@stereophonic.space
2023-06-29T14:10:30.260595Z
0 likes, 0 repeats
@gytis login+password+TOTP, the password doesn't restrict the alphabet and the length is only restricted from above by an unreasonable number, at least 128 characters
(DIR) Post #AXBaJldLvGGKBt0qPI by pecet@101010.pl
2023-06-29T14:10:52Z
0 likes, 0 repeats
@gytis individual credentials + password manager
(DIR) Post #AXBaUhgew7lN8Tm3gu by amiloradovsky@stereophonic.space
2023-06-29T14:12:49.551184Z
0 likes, 0 repeats
@gytis *passphrase: there is no reason to forbid whitespaces in "passwords"
(DIR) Post #AXBbEv47WnrXwtmkWO by gytis@mastodon.lt
2023-06-29T14:14:37Z
0 likes, 0 repeats
@amiloradovsky Bringing password manager in all of your devices is then required 👍 Which one is your preference? I like KeepassXC and KeepassDX but also curious to try @protonmail new Proton Pass 🤓
(DIR) Post #AXBbEvjF3ukw0R1acK by amiloradovsky@stereophonic.space
2023-06-29T14:21:10.075872Z
0 likes, 0 repeats
@gytis @protonmail I don't use password manager, I use paper notebooks (cut from sheets of A4 paper and put together with a stapler) and allow Tirefox to remember the login/password pairs (and store cookies for the selected sites), explicitly log out from e-banking sites
(DIR) Post #AXBeq20sxVbM4fezTs by gytis@mastodon.lt
2023-06-29T14:56:54Z
0 likes, 0 repeats
@amiloradovsky But you do sync those passwords somehow or only use one device?
(DIR) Post #AXBeq2hQPLd4CbYxmq by amiloradovsky@stereophonic.space
2023-06-29T15:01:30.773831Z
0 likes, 0 repeats
@gytis Tirefox Sync may do something, IDK, it's not such a big deal to explicitly log into a site several times from different devices anyway
(DIR) Post #AXBfFHNKyoSMxVCWFk by Acer@qoto.org
2023-06-29T15:06:05Z
0 likes, 0 repeats
@gytis Pubkey/PrivateKeyhttps://webauthn.guide/
(DIR) Post #AXBhnIemvCcagfiI7M by HunterZ@mastodon.sdf.org
2023-06-29T15:27:20Z
0 likes, 0 repeats
@gytis @amiloradovsky @protonmail I used to have my passwords in Firefox but didn't want to be tied down to a browser, so I switched to Bitwarden and have been pretty happy with it.
(DIR) Post #AXBhnJT7u2t5CnGUa0 by amiloradovsky@stereophonic.space
2023-06-29T15:34:37.042324Z
0 likes, 0 repeats
@HunterZ @gytis @protonmail so now you're tied down to a password manager instead, much different~I wouldn't store all my login credentials only in an application or web service anywayused to use pass and found an android app for it, but the android app didn't work and I eventually locked myself out of the pass db because GPG keys were lost with a device or installation, also syncing them is a problemif I'm afraid of losing my password notebooks I could just keep the photos on my phone or something
(DIR) Post #AXBi7Cwrr4Iwm5f9cW by amiloradovsky@stereophonic.space
2023-06-29T15:38:14.151607Z
0 likes, 0 repeats
@HunterZ @gytis @protonmail IDK why but simply sending an information between devices is unreasonably difficult: the most reliable way is the scratch buffers in the proprietary messengers, even XMPP clients wouldn't synchronize drafts, and KDE connect maybe
(DIR) Post #AXBiRaseaNyqn3PdXU by amiloradovsky@stereophonic.space
2023-06-29T15:41:55.924971Z
0 likes, 0 repeats
@HunterZ @gytis @protonmail p.s. of course I wouldn't send GPG private keys over Telegram et al.
(DIR) Post #AXBlAM3Ol2VTkHuSPo by HunterZ@mastodon.sdf.org
2023-06-29T16:06:56Z
0 likes, 0 repeats
@amiloradovsky @gytis @protonmail being tied down to a specific app with a single purpose is different than being tied down to a web browser. Also, for brevity I didn't mention that I first went from Firefox to LastPass, and then took all of 15 minutes to switch to Bitwarden when LP put cumbersome limits on their free service tier - thus "tied down" is putting it a bit too strongly.
(DIR) Post #AXBlAMlM7bfVwcTYvo by amiloradovsky@stereophonic.space
2023-06-29T16:12:25.372652Z
0 likes, 0 repeats
@HunterZ @gytis @protonmail definitely wouldn't use a proprietary app/service for storing any sensitive information, even as a backup (unless it's already encrypted on a machine I trust)I have a lot of site:login:passphrase triples to store, it would take some time to move themalso storing the passphrases and TOTP keys on the same device (theoretically) isn't very safe
(DIR) Post #AXC684sJkreSvPTxMu by HunterZ@mastodon.sdf.org
2023-06-29T19:50:07Z
2 likes, 0 repeats
@amiloradovsky @gytis @protonmail Bitwarden is FOSS, and you can self-host it if you want.
(DIR) Post #AXC685bh29wpC8iC5w by amiloradovsky@stereophonic.space
2023-06-29T20:07:18.072176Z
0 likes, 0 repeats
@HunterZ @gytis @protonmail good, maybe I should look into it: so far my experience with password managers was strictly negative, but maybe
(DIR) Post #AXDOHvjmZls9oWIVs0 by gytis@mastodon.lt
2023-06-30T06:03:11Z
1 likes, 0 repeats
@amiloradovsky @HunterZ @protonmail Indeed - I would't trust my keys to proprietary service as well 🔒
(DIR) Post #AXDOtcfJvvuLfRBRs8 by gytis@mastodon.lt
2023-06-30T06:05:05Z
0 likes, 0 repeats
@amiloradovsky @HunterZ @protonmail If I remember correctly, key management app for Android called OpenKeyChain has some secure ways to share private keys 🤔
(DIR) Post #AXDOtdK5UMW9hsG0Po by amiloradovsky@stereophonic.space
2023-06-30T11:12:18.003609Z
0 likes, 0 repeats
@gytis @HunterZ @protonmail yes, they're symmetrically encrypted in OKC backups (and that's how you move the private keys between devices); GnuPG itself does so to the private keys as well — the agent caches the passphrases, so you don't have to enter it every time