Comments by "Perhaps" (@NoEgg4u) on "Cybernews"
channel.
-
7
-
@4:58 "Let's say I want to backup my data. You can't do that without a plug-in."
The keepass database is a single file. You back it up by making a copy of that file to a flash drive or a USB disk drive, etc.
I did not find keepass complicated. Its layout is not ideal. It is not elegant. But I entered what was needed in each field, clicked on the button that opens the password generator, set the options for the password (character set and length), and that was it.
It is important to click on the "Save" button, to have keepass write your update to its database. If you do not, then if your computer shuts down in a non-graceful manner, you will lose whatever changes / additions / deletions you made within keepass. Once saved, you should make a copy of your keepass database file. It is safe to make a copy without exiting keepass (as long as you saved your databse by clicking on the save icon).
I have not explored plug-ins, because I do not trust them.
I do not trust them, because I do not know enough about them. I will not trust what I do not understand. For example, can plug-ins compromise keepass's security?
Plug-ins might be entirely safe. But until I figure out whether or not they can be trusted, I am sticking with the vanilla keepass. It works great.
Other password managers might be easier to use. But other than Bit Warden, they are closed source, and I do not trust them. In today's "big tech" spyware world, it seems like data collection is everywhere. Since it is very easy for a closed source password manager to have a master key, I simply will not trust it. It is simplistic for them to have a master key. Do they? Maybe not. But "maybe" is the reason I will not trust them.
With keepass, there is no master key. And keepass does not try to sync or share resources or use a cloud service, etc. It simply handles you passwords without fuss.
1
-
Unless one of the features in the reviewed password managers is a "must have", then I suggest you consider either KeePass or Bitwarden, instead.
The password managers that our host reviewed are all closed source code. You have no way of knowing what is under the covers, and neither do the auditors. And who are the auditors? What are their digital, cryptographic, software credentials? Have you read their audit report?
With closed source code, multiple master keys can be created by the software, and you will never know. Creating multiple master keys does not slow down the password manager.
Are those companies using master keys, that will allow them to have access to your password vault? Probably not. But is "probably" a risk you are willing to have? It is simplistic for them to generate multiple master keys, which would happen during the creation phase of your password vault. The rank-and-file employees will not have a master password the password databases. But what about the CEO?
Both KeePass and Bitwarden are open source. Ergo, every programmer on the planet (that's a lot of people) can examine the code, and find bugs or any monkey-business.
Both KeePass and Bitwarden are free.
Neither KeePass nor Bitwarden has to use a 3rd party service (such as the password manager's cloud service). Bitwarden has features that rely on using their servers, but you need not use those features if you do not need them.
KeePass is 100% off-line.
If KeePass or Bitwarden is missing a feature that you must have, then go with one of the password manager's that our host reviewed. But if either KeePass or Bitwarden satisfactorily handles your password needs, then I suggest you choose KeePass or BitWarden.
1