The officially official Devuan Forum!

Altoid

Member

Registered: 2017-05-07

Posts: 1,980  

Password managers

Hello:

From The Register:

-------------------------------------------------------------------------------------
You probably can't trust your password manager if it's compromised
Researchers demo weaknesses affecting some of the most popular options
By Connor Jones
Mon 16 Feb 2026 // 16:20 UTC
-------------------------------------------------------------------------------------
https://www.theregister.com/2026/02/16/ … _managers/

Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.

Really?

I would have thought that a compromised server was indeed a compromised server.
No matter what the PMs vendors said.

Which is why I do not use passord managers.

Best,

A.

Last edited by Altoid (2026-02-17 08:53:26)

Andre4freedom

Member

Registered: 2017-11-15

Posts: 253  

Re: Password managers

We know Internet-based password managers are not safe. It's still best to keep the passwords in a local and decent password manager either on your secure machine or on a local server in your secured local network. Cloud-based password services are even worse.

Altoid

Member

Registered: 2017-05-07

Posts: 1,980  

Re: Password managers

Hello:

... Internet-based password managers are not safe.

Always been a matter of common sense / common knowledge to me.

... best to keep the passwords in a local and decent ...

Little black book.
In my opinion, any system can be (eventually) hacked.

Best,

A.

ruenoak

Member

From: New Zealand

Registered: 2017-05-28

Posts: 59  

Website

Re: Password managers

I agree keeping passwords locally is best.
I guess password managers are partly a generational thing too, when the world went to the "online by default" model. My entry into the world of computers was "offline by default" so passwords were either written down with stone age tools or in a local text file.

Unfortunately we are forced to be online and logged in to everything or it doesn't work! These days I use my Browser password manager but I keep that local and not synced.

It's not perfect I know.

---

"Has cat, eats cheese, drinks coffee, Chaotic Neutral "

brocashelm

Member

Registered: 2020-06-29

Posts: 208  

Re: Password managers

An encrypted file (locally) or USB flash drive by means of VeraCrypt or something else works fine. I've never had a use case for password managers, and what Altoid's original post describes is a part of that reason why.

laurie_dev1

Member

Registered: 2026-01-31

Posts: 16  

Re: Password managers

Keepassxc would surely be a safer option than these online managers.
I remember back in 1998 when i got my first computer on windows 98, i just used a text file!
I didnt know any better, it was either a text file or written down on a piece of paper/notepad.

Nowadays im using password-store but i have started learning sqlite so am wondering if it would be worth creating an encrypted database of my own, but keepass has already done this so probably a waste of time. Be good for learning i suppose.

greenjeans

Member

Registered: 2017-04-07

Posts: 1,533  

Website

Re: Password managers

Nowadays im using password-store but i have started learning sqlite so am wondering if it would be worth creating an encrypted database of my own, but keepass has already done this so probably a waste of time. Be good for learning i suppose.

I had a similar thought a couple months ago, kind of a sidetrack of the note-taking app I was messing with and I had the idea that it was a good generic gui for a password-storing app, just need to add some encryption and that's not difficult. If you decide to pursue it you might take a look at the Vuu-notes code as there might be something in there you can use: https://sourceforge.net/projects/vuu-do … /VuuNotes/

---

https://sourceforge.net/projects/vuu-do/ New Vuu-do isos uploaded December 2025!
Vuu-do GNU/Linux, minimal Devuan-based Openbox and Mate systems to build on. Also a max version for OB.
Devuan 5 mate-mini iso, pure Devuan, 100% no-vuu-do. Devuan 6 version also available for testing.
Please donate to support Devuan and init freedom! https://devuan.org/os/donate

dzz

Member

From: Exmouth, South West England

Registered: 2016-12-01

Posts: 99  

Re: Password managers

couldn't rule out the possibility the attacks are already known to the more advanced hackers, including those with government backing.

(quote from the linked article) hits the nail on the head for cloud-based or corporate-based solutions.

Keep it local.. a LUKS encrypted 'loopback' file is an option. Anyone got any mud on keepassxc?

laurie_dev1

Member

Registered: 2026-01-31

Posts: 16  

Re: Password managers

@greenjeans
Thanks but the C language is beyond my level of programming, im just starting out at beginner level with sqlite and python.
I know how to compile and build some C stuff, but that is about it.
Back when i was using dwm and the suckless tools i was building and patching those, but programming something from scratch is on another level to me.

greenjeans

Member

Registered: 2017-04-07

Posts: 1,533  

Website

Re: Password managers

Well 7-8 months ago I would have said the same thing, i've got a LOT to learn still but i'm so far ahead of where I was this time last year that the small C scripts (under say 1500 lines or so) i'm pretty comfortable with now.

The notes script is a good base if you don't do a lot of C, everything's pretty much set up for a simple password manager to work with that gui.
I think i'll try my hand at a prototype, maybe post it in the DIY section and folks can chime in if they want with suggestions/code.

EDIT: Oh yay, moar docs to read, who doesn't love poring over some good docs? Tonight's bedtime reading: libsodium.

Last edited by greenjeans (Yesterday 00:47:45)

---

https://sourceforge.net/projects/vuu-do/ New Vuu-do isos uploaded December 2025!
Vuu-do GNU/Linux, minimal Devuan-based Openbox and Mate systems to build on. Also a max version for OB.
Devuan 5 mate-mini iso, pure Devuan, 100% no-vuu-do. Devuan 6 version also available for testing.
Please donate to support Devuan and init freedom! https://devuan.org/os/donate

greenjeans

Member

Registered: 2017-04-07

Posts: 1,533  

Website

Re: Password managers

Well that encryption stuff is a lot harder than I thought it would be, yikes! So many new words i've learned too like "NONCEBYTES" lol. I think I set a new record for forward decs too, that's just lazy, I need to work on that.

Nevertheless, new thread inbound soon in DIY as (on the maybe 60th compile) I have a working proto.

---

https://sourceforge.net/projects/vuu-do/ New Vuu-do isos uploaded December 2025!
Vuu-do GNU/Linux, minimal Devuan-based Openbox and Mate systems to build on. Also a max version for OB.
Devuan 5 mate-mini iso, pure Devuan, 100% no-vuu-do. Devuan 6 version also available for testing.
Please donate to support Devuan and init freedom! https://devuan.org/os/donate

EDX-0

Member

Registered: 2020-12-12

Posts: 210  

Re: Password managers

i still remember this thread about keepassxc https://dev1galaxy.org/viewtopic.php?id=7379

Devarch

Member

Registered: 2022-10-03

Posts: 163  

Re: Password managers

Which is why I do not use passord managers.

+

Devarch

Member

Registered: 2022-10-03

Posts: 163  

Re: Password managers

No password manager
No passwords or any credentials stored in browser
No untrusted applications
No systemd
No nvidia, broadcom
No Intel ME (when possible)

Yes:
FDE
firewall
application level firewall
blocklisting
sandboxing
virtualization
immutability (overlayfs on top of tmpfs)
tor

absolute minimum to sleep better at night in 2026

fanderal

Member

Registered: 2017-01-14

Posts: 129  

Re: Password managers

A password mgr is much like the cloud. It gives the responsibility for securing personal data to someone else's software or someone else's drive. User's data, user's choice.