Es ist wieder soweit und wie jedes Jahr am 1. Februar wird von vielen Seiten dazu aufgerufen, die Passwörter zu ändern. Ich sage: Lasst es. Dieses ständige Passwortändern bringt keinen messbaren Sicherheitsgewinn. Das Problem liegt ganz woanders. 👇
Sobald Passkeys offiziell für KeePassXC (Desktop) und/oder KeePassDX (Android) verfügbar ist - nicht als Beta, sondern als Stable - wird es einen Beitrag dazu geben. 🔒
Anyone here that uses #Syncthing to synchronize #KeePass database between devices?
If so, is it reliable?
Right now I use NextCloud at NCH.pl, but start wondering if I really need a server that will be in that process (local, remote)?
Why not synchronize it directly between devices?
Yikes. Need another reason to install an ad blocker? Here you go: fake Keepass ad good enough to fool most anyone into installing malware. Also, the comments show how to turn off punycode rendering in Firefox. They should go further and heavily flag all non-ASCII domains in the URL bar.
Why do I keep alt+tabbing away just after telling #KeePass to auto-type something?
What am I even trying to accomplish so urgently in that second or two? How short is my attention span if I cannot wait that long? :ms_facepalm:
Today I learned that #Gnome has its own front-end for #KeePass compatible databases called "Secrets". If you're a #Linux user who likes the concept of a powerful, self-hosted, fully open source secrets manager like @keepassxc, but would like a simpler interface for it, you might check it out:
Vous avez des conseils pour Keepass ? Genre quelles extensions utiliser ?
(On est bien d'accord que Keepass sur Windows c'est forcément moche, il n'y a pas une option jolie ? 🙂 ) #keepass#LogicielLibre
#KeePass users: From #NIST: "In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation." https://nvd.nist.gov/vuln/detail/CVE-2023-32784
#android#keepass#keepass2android
Mam dziwny, a zarazem ciekawy problem z keepassem. Otóż używam w nim TOTP i działa to znakomicie, na każdej stronie. Niemal każdej :D
Otóż, problem mam z kluczem TOTP do epicgames.com. Nie wiedzieć czemu, mimo odpowiedniej konfiguracji, widzę TOTP tylko na komputerze. Keepass2android nie ogarnia tego i pokazuje mi tylko klucz prywatny, a nie generuje/pokazuje kodów.
Some standard endpoints every webpage implements to login, logout, change password and so on. So #Keepass, #1Password, #Bitwarden and so on could manage these things without opening the webpage manually and clicking around to search this functions.
Also changing email automatically. An extensible standard would be great.
I guess I’ll be spending tomorrow figuring out best practices for self-hosting #Bitwarden’s server component (or #KeePass) on something I can safely access via @tailscale, since my 15+ year relationship with #1Password is finally catastrophically and utterly failing me.
Should I open up a Zoom as some sort of support group so we can suffer together?
Autofill mit KeePassDX (#Android) funktioniert nicht mit jedem Browser. Anbei eine Liste. Zu beachten: Für den »Compatibility Mode« müssen die Google Play Services installiert sein. 👇
This week, in our #Linux and #OpenSource News video, we have more work on HDR support, #Ubuntu improving their PPA system, and a security flaw in #KeePass, the open source password manager, plus #cinnamon being adopted by more distros, and a new XFCE spin.