New password manager (Proton)?

I would never use an online password manager. Never. Storing your passwords on somebody else’s computer is just stupid, in my opinion.

Keep your passwords locally, in a file that is strongly encrypted, using a master password which you never use elsewhere, one that is easy to remember, but impossible to guess, and really difficult to brute force. If you need to log in from different devices, copy the password file manually to them. Yes, it’s a bit extra work to keep it all synced, but it’s worth it.

KeePassXC is a pretty decent password manager. Everything is stored locally.

5 Likes

I think about that from time to time…

But when I see a company such as Proton do something like that, a company that I trust, I ask myself If the struggle to maintain something here locally will pay off…
I already use their e-mail service…

I’m not sure yet…

Sounds like an interesting option. Although, for the most part, it also sounds like every other password manager.

I will check it out when I have some time.

3 Likes

I wouldn’t trust them, but that’s just me. :man_shrugging:

1 Like

Do they get to hand over your passwords and your emails to the police now?

You have to balance things with your needs, security and convenience.

Police is something that I don’t care about, I’m not speaking publicly about things that I’m not allowed to speak about anymore (censorship is going crazy here where I live).
I also don’t have anything to hide, perhaps some torrents movies hehe

So, even if they provide my e-mails or passwords to the police if a judge asks, that is “ok” by me.

And if you ask me, yes, I’m not fighting anymore, they won.

Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.

– Edward Snowden


BTW, I also have nothing to hide… Honest, officer! There is no need to look in there, I’m sure you’re very busy fighting crime and keeping us all safe, I don’t want to take up any of your valuable time. :frog:

4 Likes

image

2 Likes

You guys are not wrong, but let me ask you one thing…
Do you know what is happening here ?

People getting arrested and lawyers that can’t read the accusation ? People with “alerts” on their heads while they don’t know anything about it, and if they show up at the airport they suddenly get arrested, and accusation is made after that ?

What can I, as an individual, can do against the power of the state, who doesn’t care about laws anymore, no constitution is followed, they just crush you, get your phone, close your bank accounts, get your passport, close all your social media accounts… Your lawyer can’t do anything to help you…
And if you say something, you get arrested by the PF (federal police).

So, yes, I gave up, they won… I don’t want to get arrested and the key through in the lake.
By the way, if you guys are worried about what is happening in another locations, such as UK, prepare for what is coming, they will do exactly what they are doing here, this is a test ground for what is at the corner for you guys.

But let’s not speak about this anymore…

4 Likes

Yep, i know it very well.
I’ve had my fair share of living in…similar places, perhaps even worse, perhaps even now :wink:

Stuff won’t get better by miracle, never give up, even if you need some tactical pause.
They can’t break what’s inside you…not yet anyway :robot:

3 Likes

I have a protonmail account but, I’m good with bitwarden. They are double-blind encrypted so, not even they know your passwords. Even so, if that concerns you, there’s the option of “Salted passwords”. That is, what you store in the cloud needs to have an extra string (the “salt”) added to it to form the complete password. That way, should the database be compromised and the encryption broken, they still won’t have your complete password.

3 Likes

I am using full package from Proton ( email, vpn, drive, etc) . Also testing Pass for last 2 months. It is good, but I dont know if it will remain as my number one or main pass app. Atm I am using Bitwarden for that.

I am kinda curious if using Pass from Proton with all other apps from them is safe or good idea.
For example if something happen with Pass ( servers down etc) I can not login to my email and other apps.

But it is a good app, great ui and features :slight_smile:

1 Like

I’ll install it today, finally got some free time :slight_smile:
Today is Friday, that means drinking and testing proton pass hehe

4 Likes

I used to agree with you on this, but I found that without a password manager I would just end up using passwords I can conveniently remember, which usually means weaker passwords. Eventually an online password manager became the most convenient compromise.

Now if someone can point me to a password manager which can sync encrypted password files between devices on the same local network as opposed to cloud sync, I would be interested in that.

I think what many people do is keepassxc or similar and sync the files between devices using other means such as syncthing.

Alternatively, you could bring up a local bitwarden server.

4 Likes

I never said you shouldn’t use a password manager. All your passwords should be long strings of complete gibberish (preferably machine generated) and you should be using a different one for each account you have. Nobody can remember that, so of course you should use a password manager.

What I’m saying is that you shouldn’t be storing your passwords on other people’s computers, which is what online password managers do. You should be using a password manager that stores everything locally. When you need to sync your passwords to different devices, just copy the password database manually. You only need to do this when you change or add passwords to it.

You should also be careful where you back up your password databases, and to which device you sync it. It’s best to make a note of where each copy is, in case your master password gets compromised and you need to shred every copy. It goes without saying, but I’ll say it anyway, password databases ought to be excluded from incremental backup and version control.

With online password managers, you have none of that control and you need to have blind, unconditional trust in whoever owns the server where your passwords are stored. In that case, if you even suspect that your master password might be compromised, you need to change every password for every account you have, faster than the malicious actor can use that information, which is often impossible.

But if you have control over every copy of the password database, even if you leak your master password, the malicious actors do not have your database, so you can just change the master password on it and shred all copies/backups of it.

1 Like

I’m using Proton Pass for a around a week, signed up for the 1 dollar per month subscription.

It is working fine but I found a glitch with password generator, it doesn’t automatically save the password, so remember to copy it, edit the entry and save it.
Also, there are a few sites that the automatic fill doesn’t pop up.

And, there isn’t a Firefox extension for android yet…

I use the full package and the nice thing about Pass is when you signup a new site it will automatically generate an proton alias email for the account sign up.

1 Like

As it relates to privacy, I like to separate my services with multiple providers.

Using everything from a single source makes you highly identifiable.

4 Likes