[ale] Of password managers and family...

Kyle Brieden kyle at txmoose.com
Tue Oct 24 11:25:16 EDT 2017 

Hey there Mike,

You ask what is wrong with them using a KeePass based method, but I feel 
like I explained that already.  They aren't going to be able to manage 
moving around their vault, having it open multiple places, collisions 
with that, etc...  I have enough trouble with doing that on my iPad that 
I use sparingly myself.  I think the biggest blocker is that the 
iPad/iPhone app sandboxes things so that I can't just point it to a file 
on the filesystem that some other app (nextcloud?) updates.  You have to 
open nextcloud, let it sync the file, then tell the OS to open that file 
with the password manager, THEN login to it, etc... that isn't something 
they're going to want to do.  They are non-technical at BEST.

Sure it is simple for me, but I understand how maintaining the files 
works, how syncing files works, how collisions of files will affect 
things... Let's say I create a new password in my vault on my work 
computer, but leave for the day without closing and saving.  Yes, that's 
stupid, but it happens.  We all get in rushes.  So I go home, I create a 
second new password in my vault from my android phone or iPad, save the 
file up to my nextcloud server.  Then, next day, I go into work, find my 
password manager open, absentmindedly close it, and it autosaves on 
close.  Now my password from last night is gone.  Blown away.

Me? Sure I get what happened.  My non-technical father?  Well, this is 
just stupid technology being hard, why can't I log into my site?  This 
is frustrating.  I don't want to do this.  I'm just going to type in my 
password again, because that's easier and who would want to hack me 
anyway?

I need something that is seamless for them, and that's why I was asking 
the group for help.  I sincerely appreciate the open source options and 
love using them, but what you don't pay for in money, you pay for in 
effort, and they have no effort to spend on it.

Someone else mentioned 1Password.  That's the 3rd or 4th endorsement for 
1Password I've gotten now.  Going to give that a run and see how it 
goes.

Thanks everyone.

---
Very respectfully,
Kyle Brieden

On 24-10-2017 10:01, Michael H. Warfield wrote:
> On Fri, 2017-10-20 at 15:30 -0400, Kyle Brieden wrote:
>> Howdy all,
>> 
>> I've been using a KeePass vault for password management for a little
>> while now.  I use my NextCloud server (SUPER awesome, do recommend)
>> for
>> syncing the vault between computers and mobile devices.  I use
>> KeePassXC
>> on Windows, Mac, and Linux, and I use different apps on my Android
>> phone
>> and iPad respectively.  This is all well and good for *me*, because
>> I
>> like the open source, I own all the hardware, I'm doing this all on
>> my
>> own kind of feel, but this isn't sustainable for anyone more than
>> myself.  I have been bitten in the ass before by my vault getting out
>> of
>> sync between two devices or being open on multiple devices at a time.
>> 
>> My family (fiancee, sister, brother-in-law, mother, and father) need
>> protection.  They NEED to stop reusing passwords and set up a
>> password
>> manager.  Does anyone have any opinions on low barrier to entry, low
>> friction password managers for the non-technical in our lives?  I've
>> investigated LastPass thus far, and the price seems worth it to me.
>> LastPass seems trustworthy, too, with how open they are about their
>> technology stack.  I have looked at some others, such as Padlock,
>> too,
>> which seems like a good open source alternative.
> 
>> Thoughts?  Opinions?  Feelings?  Success and/or catastrophic failure
>> anecdotes?
> 
> So what wrong with them using KeePass/KeePassX/KeePassXC/KeePassDroid?
> It works on Windows, Mac, Linux, iOS, Android, etc, etc, etc...  Am I
> missing something here?  You already said you use it and it's as simple
> as any of the others and it would be compatible with what you are
> using.  What is it missing or what are the barriers?
> 
>> Thanks!
> 
> Mike
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x89C9D831.asc
Type: application/pgp-keys
Size: 3053 bytes
Desc: not available
URL: <http://mail.ale.org/pipermail/ale/attachments/20171024/43df8aa5/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://mail.ale.org/pipermail/ale/attachments/20171024/43df8aa5/attachment.sig>

More information about the Ale mailing list