Hacker News new | ask | show | jobs
by NoGravitas 30 days ago
Weird. I keep my KeePass database on NextCloud, and the only difference between home and phone is that on a bad network I may need a few seconds for KeePassDX on the phone to decide to use its cached copy of the database rather than the latest one. It would probably be even smoother if I used Syncthing. I assume non-technical people ought at least be able to put their KeePass files on DropBox?
1 comments
Esophagus4 30 days ago
> I assume non-technical people ought at least be able to put their KeePass files on DropBox?

Non-technical people would not do something this complicated. They don’t even have password managers, let alone a setup like this.

Shoot, even a lot of technical people (like me) wouldn’t bother with this. It’s why I pay for a cloud-based password manager.

link
Ukv 30 days ago
> > I assume non-technical people ought at least be able to put their KeePass files on DropBox?

> Non-technical people would not do something this complicated. They don’t even have password managers, let alone a setup like this.

Google Drive/iCloud/OneDrive/Dropbox are already used by non-technical users - moreso than SaaS password managers.

> Shoot, even a lot of technical people (like me) wouldn’t bother with this. It’s why I pay for a cloud-based password manager.

What do you do for when you want to access some other type of file across devices, like notes or photos? If you have notes.txt on an FTP server, just put passwords.kdbx alongside it. If you're subscribing to some new service for each individual filetype you want to sync, with nothing for arbitrary files, that seems like considerably more hassle overall to me.

link
Esophagus4 30 days ago
For other types of files, I have different apps: Obsidian Vaults with Syncthing, but that’s not accessible from the internet. And I like having my passwords across all my devices, updating anywhere I am.

And for me, it’s just not worth the headache (and security risk) of hosting my own password manager.

link
Ukv 30 days ago
> For other types of files, I have different apps

How many separate services do you have for accessing files across devices, and what do you do for filetypes outside of what they cover?

> And I like having my passwords across all my devices, updating anywhere I am.

That's how it works for me with a passwords.kdbx file on my FTP server (but any cloud storage works). Same for any filetype.

> And for me, it’s just not worth the headache (and security risk) of hosting my own password manager.

What's the security risk? If anything, it's SaaS password managers that seem to semi-regularly get hit with breaches (well, mostly LastPass).

You don't need to host anything for KeePass - just plop the file next to your notes/etc.

Headache seems greater overall if you're juggling a large number of subscriptions, particularly when they start ramping up payment or moving features you rely on to higher tiers.

link
Esophagus4 30 days ago
> What's the security risk? If anything, it's SaaS password managers that seem to semi-regularly get hit with breaches (well, mostly LastPass).

Talk to your local security engineer :)

On a venting note, this mentality is a frustration I have with SV, because I see it a lot. They don’t know what they don’t know, and think they can just stand up businesses without understanding the domain.

link
Ukv 30 days ago
> Talk to your local security engineer :)

You made the claim - I'm interested to hear why you believe it, because I suspect it's based on a misunderstanding of how KeePass works.

> and think they can just stand up businesses without understanding the domain

Using KeePass is not analogous to standing up a business.

link