The officially official Devuan Forum!

Altoid

Member

Registered: 2017-05-07

Posts: 1,980  

Password managers

Hello:

From The Register:

-------------------------------------------------------------------------------------
You probably can't trust your password manager if it's compromised
Researchers demo weaknesses affecting some of the most popular options
By Connor Jones
Mon 16 Feb 2026 // 16:20 UTC
-------------------------------------------------------------------------------------
https://www.theregister.com/2026/02/16/ … _managers/

Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.

Really?

I would have thought that a compromised server was indeed a compromised server.
No matter what the PMs vendors said.

Which is why I do not use passord managers.

Best,

A.

Last edited by Altoid (Yesterday 08:53:26)

Andre4freedom

Member

Registered: 2017-11-15

Posts: 252  

Re: Password managers

We know Internet-based password managers are not safe. It's still best to keep the passwords in a local and decent password manager either on your secure machine or on a local server in your secured local network. Cloud-based password services are even worse.

Altoid

Member

Registered: 2017-05-07

Posts: 1,980  

Re: Password managers

Hello:

... Internet-based password managers are not safe.

Always been a matter of common sense / common knowledge to me.

... best to keep the passwords in a local and decent ...

Little black book.
In my opinion, any system can be (eventually) hacked.

Best,

A.

ruenoak

Member

From: New Zealand

Registered: 2017-05-28

Posts: 59  

Website

Re: Password managers

I agree keeping passwords locally is best.
I guess password managers are partly a generational thing too, when the world went to the "online by default" model. My entry into the world of computers was "offline by default" so passwords were either written down with stone age tools or in a local text file.

Unfortunately we are forced to be online and logged in to everything or it doesn't work! These days I use my Browser password manager but I keep that local and not synced.

It's not perfect I know.

---

"Has cat, eats cheese, drinks coffee, Chaotic Neutral "

brocashelm

Member

Registered: 2020-06-29

Posts: 207  

Re: Password managers

An encrypted file (locally) or USB flash drive by means of VeraCrypt or something else works fine. I've never had a use case for password managers, and what Altoid's original post describes is a part of that reason why.

laurie_dev1

Member

Registered: 2026-01-31

Posts: 15  

Re: Password managers

Keepassxc would surely be a safer option than these online managers.
I remember back in 1998 when i got my first computer on windows 98, i just used a text file!
I didnt know any better, it was either a text file or written down on a piece of paper/notepad.

Nowadays im using password-store but i have started learning sqlite so am wondering if it would be worth creating an encrypted database of my own, but keepass has already done this so probably a waste of time. Be good for learning i suppose.

greenjeans

Member

Registered: 2017-04-07

Posts: 1,525  

Website

Re: Password managers

Nowadays im using password-store but i have started learning sqlite so am wondering if it would be worth creating an encrypted database of my own, but keepass has already done this so probably a waste of time. Be good for learning i suppose.

I had a similar thought a couple months ago, kind of a sidetrack of the note-taking app I was messing with and I had the idea that it was a good generic gui for a password-storing app, just need to add some encryption and that's not difficult. If you decide to pursue it you might take a look at the Vuu-notes code as there might be something in there you can use: https://sourceforge.net/projects/vuu-do … /VuuNotes/

---

https://sourceforge.net/projects/vuu-do/ New Vuu-do isos uploaded December 2025!
Vuu-do GNU/Linux, minimal Devuan-based Openbox and Mate systems to build on. Also a max version for OB.
Devuan 5 mate-mini iso, pure Devuan, 100% no-vuu-do. Devuan 6 version also available for testing.
Please donate to support Devuan and init freedom! https://devuan.org/os/donate

dzz

Member

From: Exmouth, South West England

Registered: 2016-12-01

Posts: 95  

Re: Password managers

couldn't rule out the possibility the attacks are already known to the more advanced hackers, including those with government backing.

(quote from the linked article) hits the nail on the head for cloud-based or corporate-based solutions.

Keep it local.. a LUKS encrypted 'loopback' file is an option. Anyone got any mud on keepassxc?