Replies (32)
Also interested since I'm thinking about to use it cause it can run locally without any Internet connection needed
I don’t use KeePassXC, so I can’t give any specific advice for it. My password manager has fingerprint support (which, admittedly, on Linux can be quite a rabbit hole depending on your hardware). It only asks for my password once every couple of weeks. Some password managers also support unlocking with passkeys, so you can buy a YubiKey or similar device and just tap to unlock.
Same I just use PGP usb drive + fprintd pam module.
👆This guy Linuxes!
Yes it’s 24 characters. Not guessable.
I’m wanting to start using passkeys with hardware to replace passwords
I just deal with it, I also use a key file to make it even more tedious.
I did actually get a couple of yubikeys but never got round to setting them up.
Yes, its a complicated password. I use it since years. I use it with different databases 😀
Keepass is really fantastic and works even on Tails, comes per default with QubesOS and there are mant clients for it. Syncthing can ve used to sync Keepass databases.
If you have a Yubikey you can use jt with Keepass as well, or you use the keyfile for more protection. So without keyfile and only password no one can open Keepass.
I use it for SSH as well.
Hi, I use KeepassXC and have a good, long master password which I know by heart. In my experience, if you use it regularly, this should not be an issue.
One got 2 yubikeys waiting for me and it’s been 2 years
I’ve got **
I got the Yubis and then thought of all the different ways I could break or lose them…
Well works on OpenBSD via bad auth too. 😂
Correction. This guy Unixes!
6 dice-rolled words from the eff large word list is secure enough and typing them out doesn't introduce significant friction.
That truly sucks to use on a mobile device. This is an unacceptable waste of my life, at this point. I don't want to have to use any silly password to use a password manager. Why is this even a thing? (I understand the basic reasoning, that you need a strong password to protect your database of passwords . . . But this is not at all what I was expecting.)
How in the world do you use it on a mobile device with fat fingers? Ugh.
This is too complicated for daily use on a mobile device.
I am attempting to use syncthing with it, but I think I lost my syncthing password in a transfer goof and now I can't unlock syncthing on my laptop.
I am . . . less than impressed with this.
Yes. On desktop its annoying but mobile I use my fingerprint. I usually do it once on desktop and leave it open until I leave my desk. You could also do keyfile or yubikey and remove PW.
I am never using biometrics for things. Biometrics, at least in the US, at NOT protected by law, and thus, anyone using fingerprints or faces can be compelled to unlock their devices with the use of those. Passwords still enjoy some privilege under the law.
Once every couple of weeks would be better than every effing time. Ugh.
I am not sold on using a hardware key, either. They are easy enough for me to misplace, and if I have them on my person that just makes it easy for the donut squad to unlock whatever. *sighs* I hate all of this.
Do you want a secure solution or not. I need security for me and my work. So there is no aay around it.
It is on a mobile device with fat fingers.
Amusingly, if this was back in the days of hardware keyboards on phones, like my G1 or G2, this would be less of an issue, as I would not have any issues banging out an accurate password on a phone when needed. I pretty much rely on swipe typing. My thumbs are not made for typing on tiny keys.
On mobile I use KeePassium which I have set with a pin, still needs the key file but yes, less secure than on my laptop.
The *typing* is the issue on a mobile device. It takes me minutes sometimes to get the )(#*$)(*$# password correct. I am not built for tiny on screen keys.
lol, fair. Presumably you've enlarged the on-screen keyboard?
Yes. I do, but not at the cost of too much time. Time is way to precious to me. Eventually I may just need to go full amish. *shrugs*
I need to look up this key file you guys are talking about. I don't exactly know what you are referring to in this context.
No. The password keyboard goes to defaults. My regular keyboard is configurable. This is very likely an idiot user issue. And, the only way to make the keyboard bigger is to go taller, which isn't exactly helpful.
I may just need to go back to T9 keyboards. heh
You can assign a file, any file as an additional signing device so even with a compromised password, unless someone knows what you’re using for a key file they can’t get access.
That is a horrible idea for me. I would forget it and move the file or something and then get locked out.
I find it pretty straightforward, I have the file easy to access and on multiple devices, whilst not easy to guess (I think).
The only thing really worries me is if anything happened to me and someone close needed to access my device. Something I should probably have a plan for tbh.
Fair enough. A $5 wrench is one of the most accessible "hacking" tools around, and a lot of people fail to consider it:
https://xkcd.com/538/
To be fair to Yubikey, you can have multiple keys and "cold wallet like" backups, as well as good rotation procedures if you lose one. Plus you can setup things so that sessions last longer and you don't need to carry your keu with you (at the cost of security, of course). This still won’t protect you from a $5 wrench, but even though I’m a big guy, I don’t think keeping a password stored in my head offers much additional protection if things really get rough...
On the convenience vs security scale, maybe what works best for you is a password that’s easy to glide type:
https://xkcd.com/936/
And since this post includes not one but two XKCD references, you know it’s solid advice 🤣🤣.
😂
