Personally, I use bitwarden (windows desktop client, android client and
browser plug-in) with a self-hosted (vaultwarden :
https://github.com/dani-garcia/vaultwarden ) backend in a docker
container. It's a little clunky at times (ux can sometimes leave a
little to be desired, espcially in browsers on mobile devices) but it
all generally works pretty well.
On 05/11/2024 15:53, Terry Coles wrote:
On 05/11/2024 15:32, Ralph Corderoy wrote:
I don't think a password for a ‘trash’ site should be memorable,
nor have a theme with a per-site variation as the variation can probably
be spotted and adapted to be tried on thousands of sites by a bot,
e.g. ‘correct horse youtube staple’.
GCHQ's advice is to use a password manager.
https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#tip4-password-collection
I do actually use kwallet, but that isn't available on any platform not
running KDE (there is a kwallet in the Android Store, but that is
unrelated.Unless my passwords are actually memorable pass phrases, it is
almost impossible to type them into a site accessed on my phone or
tablet.
Also, I don't trust any tool which requires me store my passwords on a
remote site.
One list is
https://wiki.archlinux.org/title/List_of_applications/Security#Password_managers
I note from that list that BitWarden can be self hosted, so I may look
into that.
--
Terry Coles
--
Next meeting: Online, Jitsi, Tuesday, 2024-11-12 20:00
Check to whom you are replying
Meetings, mailing list, IRC, ... https://dorset.lug.org.uk
New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
