Dev1 Galaxy Forum / Password managers

Re: Password managers

dummy@example.com (fanderal) — Fri, 20 Feb 2026 18:15:45 +0000

A password mgr is much like the cloud. It gives the responsibility for securing personal data to someone else's software or someone else's drive. User's data, user's choice.

Re: Password managers

dummy@example.com (Devarch) — Fri, 20 Feb 2026 15:45:07 +0000

No password manager
No passwords or any credentials stored in browser
No untrusted applications
No systemd
No nvidia, broadcom
No Intel ME (when possible)

Yes:
FDE
firewall
application level firewall
blocklisting
sandboxing
virtualization
immutability (overlayfs on top of tmpfs)
tor

absolute minimum to sleep better at night in 2026

Re: Password managers

dummy@example.com (Devarch) — Fri, 20 Feb 2026 15:31:34 +0000

Which is why I do not use passord managers.

Re: Password managers

dummy@example.com (EDX-0) — Fri, 20 Feb 2026 01:02:43 +0000

i still remember this thread about keepassxc https://dev1galaxy.org/viewtopic.php?id=7379

Re: Password managers

dummy@example.com (greenjeans) — Thu, 19 Feb 2026 20:57:13 +0000

Well that encryption stuff is a lot harder than I thought it would be, yikes! So many new words i've learned too like "NONCEBYTES" lol. I think I set a new record for forward decs too, that's just lazy, I need to work on that.

Nevertheless, new thread inbound soon in DIY as (on the maybe 60th compile) I have a working proto.

Re: Password managers

dummy@example.com (greenjeans) — Wed, 18 Feb 2026 22:46:08 +0000

Well 7-8 months ago I would have said the same thing, i've got a LOT to learn still but i'm so far ahead of where I was this time last year that the small C scripts (under say 1500 lines or so) i'm pretty comfortable with now.

The notes script is a good base if you don't do a lot of C, everything's pretty much set up for a simple password manager to work with that gui.
I think i'll try my hand at a prototype, maybe post it in the DIY section and folks can chime in if they want with suggestions/code.

EDIT: Oh yay, moar docs to read, who doesn't love poring over some good docs? Tonight's bedtime reading: libsodium.

Re: Password managers

dummy@example.com (laurie_dev1) — Wed, 18 Feb 2026 05:33:27 +0000

@greenjeans
Thanks but the C language is beyond my level of programming, im just starting out at beginner level with sqlite and python.
I know how to compile and build some C stuff, but that is about it.
Back when i was using dwm and the suckless tools i was building and patching those, but programming something from scratch is on another level to me.

Re: Password managers

dummy@example.com (dzz) — Wed, 18 Feb 2026 02:14:33 +0000

couldn't rule out the possibility the attacks are already known to the more advanced hackers, including those with government backing.

(quote from the linked article) hits the nail on the head for cloud-based or corporate-based solutions.

Keep it local.. a LUKS encrypted 'loopback' file is an option. Anyone got any mud on keepassxc?

Re: Password managers

dummy@example.com (greenjeans) — Tue, 17 Feb 2026 23:42:58 +0000

Nowadays im using password-store but i have started learning sqlite so am wondering if it would be worth creating an encrypted database of my own, but keepass has already done this so probably a waste of time. Be good for learning i suppose.

I had a similar thought a couple months ago, kind of a sidetrack of the note-taking app I was messing with and I had the idea that it was a good generic gui for a password-storing app, just need to add some encryption and that's not difficult. If you decide to pursue it you might take a look at the Vuu-notes code as there might be something in there you can use: https://sourceforge.net/projects/vuu-do … /VuuNotes/

Re: Password managers

dummy@example.com (laurie_dev1) — Tue, 17 Feb 2026 22:40:18 +0000

Keepassxc would surely be a safer option than these online managers.
I remember back in 1998 when i got my first computer on windows 98, i just used a text file!
I didnt know any better, it was either a text file or written down on a piece of paper/notepad.

Nowadays im using password-store but i have started learning sqlite so am wondering if it would be worth creating an encrypted database of my own, but keepass has already done this so probably a waste of time. Be good for learning i suppose.

Re: Password managers

dummy@example.com (brocashelm) — Tue, 17 Feb 2026 22:27:41 +0000

An encrypted file (locally) or USB flash drive by means of VeraCrypt or something else works fine. I've never had a use case for password managers, and what Altoid's original post describes is a part of that reason why.

Re: Password managers

dummy@example.com (ruenoak) — Tue, 17 Feb 2026 21:10:54 +0000

I agree keeping passwords locally is best.
I guess password managers are partly a generational thing too, when the world went to the "online by default" model. My entry into the world of computers was "offline by default" so passwords were either written down with stone age tools or in a local text file.

Unfortunately we are forced to be online and logged in to everything or it doesn't work! These days I use my Browser password manager but I keep that local and not synced.

It's not perfect I know.

Re: Password managers

dummy@example.com (Altoid) — Tue, 17 Feb 2026 09:20:02 +0000

Hello:

Andre4freedom wrote:

... Internet-based password managers are not safe.

Always been a matter of common sense / common knowledge to me.

Andre4freedom wrote:

... best to keep the passwords in a local and decent ...

Little black book.
In my opinion, any system can be (eventually) hacked.

Best,

Re: Password managers

dummy@example.com (Andre4freedom) — Tue, 17 Feb 2026 09:06:15 +0000

We know Internet-based password managers are not safe. It's still best to keep the passwords in a local and decent password manager either on your secure machine or on a local server in your secured local network. Cloud-based password services are even worse.

Password managers

dummy@example.com (Altoid) — Tue, 17 Feb 2026 08:52:04 +0000

Hello:

From The Register:

-------------------------------------------------------------------------------------
You probably can't trust your password manager if it's compromised
Researchers demo weaknesses affecting some of the most popular options
By Connor Jones
Mon 16 Feb 2026 // 16:20 UTC
-------------------------------------------------------------------------------------
https://www.theregister.com/2026/02/16/ … _managers/

Connr Jones @The Register wrote:

Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.

Really?

I would have thought that a compromised server was indeed a compromised server.
No matter what the PMs vendors said.

Which is why I do not use passord managers.

Best,