Hacker News new | ask | show | jobs
by ClumsyPilot 1094 days ago
I don't like any of this. Your passwords need to be with you, not rely on a server.

I use keypass, it stores all passwords in a file, encrypted. The file can be stored in Onedrive/Dropbox/ etc.

But the point is, if all the aervers in the world go down, I have all my passwords in a local copy. There is also an android app.

You can even edit the database file independantly on desktop and on mobile and it will be able to merge two cobflicting files

https://keepass.info/download.html
4 comments
93po 1094 days ago
Reminder for anyone with keepass on iOS, make sure it isn’t the malware one. I had it and had to change all my passwords
link
BrotherBisquick 1094 days ago
There's malware on the iOS app store?

What's the point of all that garden-walling and 30% tax and hoops you have to jump through if there's still malware?

link
8organicbits 1094 days ago
It happens sometimes [1] [2]. Reduced malware and quick removal is all you can hope for.

I have an app in the Play Store and received some unsolicited requests to install (and get paid for!) adding some extra jar file to my app and hosting someone else's apps in my account. Attackers put in a lot of effort to sneak in.

[1] https://www.wired.com/story/apple-app-store-malware-click-fr...

[2] https://www.reddit.com/r/KeePass/comments/13o0s0q/ioskeepass...

link
latexr 1094 days ago
> What's the point (…) if there's still malware?

Having fewer malware would still be a worthy goal. That said, I’m not defending the App Store. It’s still riddled with junk, ads, casinos for children in the form of free-to-play games, and adult casinos disguised as children’s games.

https://soyacincau.com/2021/04/17/ios-app-games-for-children...

link
8organicbits 1094 days ago
I think this is partially true. LastPass has offline support so the LastPass servers temporarily being inaccessible doesn't need to be an issue. But you're right, it's not "offline first".

There's lots of reasons not to use LastPass but I don't think this is high on this list.

[1] https://support.lastpass.com/s/document-item?language=en_US&...

link
Barrin92 1094 days ago
> Your passwords need to be with you, not rely on a server.

Pretty much all password managers including Lastpass do store the vaults on your device and you can access them offline. The issue here is the borked MFA reset.

link
iudqnolq 1094 days ago
Your setup sounds great. You might find it interesting that it's also very close to what 1Password does.

1Password apps store local state in an SQLite database. They then package up that database and encrypt it with your chosen master password and a randomly generated password. (The random password is only to protect users who picked a weak master password against a server breach, so it's stored in plaintext on your computer). That encrypted file is uploaded to their server.

There is also an android (and iOS) app. If you edit independently conflicts are merged.

link